Executive and Technical Blogs
How to handle the latest fake antivirus scheme
Our TAC has recently been encountering another variation on the "fake antivirus/scanner/fixer/etc." plague of malware.
This one presents itself as Windows Repair and does the usual scare tactics of saying your workstation is infected, files/registry/hard drive sectors are damaged/missing, and so forth. This one, however, goes a step further and sets various folders--including the current user profile folder--to be Hidden. A telltale symptom, beyond the fake Windows Repair window, is a completely blank desktop with no program, file, or folder icons of any sort. This can make it seem as if you have lost everything.
Here's how you handle this:
Open an Explorer or My Computer window (use the WindowsKey-E combination if needed, or type explorer.exe into the Run command in the Start Menu)
Go to the Tools menu>Folder Options, then the View tab
Scroll down and choose the radio button to "Show hidden files and folders". This will let you see the items that the virus set to Hidden.
If you then right-click your user profile folder (under Documents and Settings for Windows XP, or under the Users folder for Windows Vista and 7) and choose Properties, you will see a checkbox for "Hidden" at the bottom. Uncheck that, and choose to apply to all files and folders when it gives you that option.
You may have to do this for several other folders, depending on what the virus touched, but again they should all show up once you choose to "Show hidden files and folders" as described above.
You'll also need to contact your IT support to update your virus protection. If you need assistance, please do not hesitate to contact us!
ALI Technical Assistance Center (TAC)
Trackback URL for this blog entry.