 |
| Hidden folders and Shortcuts by the Autorun Worm |
Here we will see how can we solve this problem by using command line and batch file. Though the batch file is nothing but the executable file contains command lines. So solving the hidden and shortcut problem of USB or drives, we must have the administrator privilege as we will execute something.
Using Command line:
To solve/fix the folder's hidden or system file, the easiest way is to run a command line. You can apply this command to USB and local drive as well, need to change the drive_letter.
Go to Run, type cmd and hit enter. In command prompt just type:
attrib -h -s -r -a /s /d drive_letter:\*.*
And hit enter. Be sure you've typed the drive letter (e.g. j:,h: or D:) instead of "drive_letter" in the command line. My USB drive letter is J: and my command should looks like:
 |
| Command for unhide system-hidden files on a drive |
All files and folders will be normal and you should be able to delete the shortcuts, created by the virus.
Command line details: Here atrib=attribute, "-"=remove attribute/permits, h=hidden s=system, r=read-only, a=archive, /s=sub directory, /d=directory, drive_letter=the letter of the drive shown in windows explorer (e.g. j:,h: or D:) and *.* is called the wild card for all files.If you don't like to be a "command Ninja" then see below.
USB, MicroSD, MiniSD or other Mmory Cards issue:
1. Connect your USB or memory card to the PC or laptop.
2. Copy these lines and paste it into a "new text file"
@echo off
attrib -h -s -r -a /s /d drive_letter:\*.*
3. In the 3rd line give the drive letter name (Example: J or K or L etc.) instead of "drive_name"
4. Save the text file as any_name.bat
5. Double click on the any_name.bat file and it will run in the command prompt and see the hidden files/folders come back.
6. Delete the shortcuts and unnecessary files and folders from USB drive.
Local drive issue:
1. Copy these lines and paste it into a "new text file"
@echo off
attrib -h -s -r -a /s /d D:\*.*
attrib -h -s -r -a /s /d E:\*.*
attrib -h -s -r -a /s /d F:\*.*
attrib -h -s -r -a /s /d G:\*.*
attrib -h -s -r -a /s /d H:\*.*
attrib -h -s -r -a /s /d I:\*.*
attrib -h -s -r -a /s /d J:\*.*
@echo complete.
3. Run this bat file by double-clicking on it.
Thus you can solve this kind of problems with a *.bat file. You can save the *.bat file for solving this hidden problem.
Important: These tutorials are applied for Windows 7/Vista/xp. You must have the administrative privilege to run the command or execute the .bat file. Put the " : " after the j, k, or D (drive letters). These commands are not case sensitive.
.jpg)
Thanks, i havent tried this steps, i dont know if it would work 4me since my music files are hidden and could not even be detected by phone music player. Can the above procedure work for it aswell? Thank you. Philip
ReplyDelete@Philip, your files are changed to hidden-system files. If you don't change their attributes, they won't be detected by your music player. I suggest you to try these steps, as this/these command line/s won't make any damage to your files or system. Thanks!
DeletePlease help because i have really tried almost everything that has been discussed in these blogs and i am really confused and worried. In my case, the shortcuts didn't happen in an external drive but rather inside a folder by the name My Pictures in the desktop and all the files and folders that were inside there changed into shortcuts.
DeleteI have tried almost all ways including the attrib command where i was placing c in the drive letter, but replied with Access Denied about 30 lines saying so. I bought Kaspersky Anti-Virus 2012, installed, updated and later scanned the computer and only found one infection by the name Trojan and cleaned it.
Please Help Sharif Ahmed, am really confused because even the softwares that am noticing for removing shortcuts are only working with removable USB drives but not Hard Drives.
Kamunge Kenneth
Very helpful.. It solve my problem right away after I follow your instruction.Thank you so much...
DeleteThanks my problem solved. Very Helpful. Thank u so much
Deletedude you are genius!!
ReplyDeletehow to run a command line?
ReplyDeleteTo run a command line:
DeleteClick on start menu. In search box type: cmd.exe and run it. Type:
attrib -h -s -r -a /s /d drive_letter:\*.*
which is called the command line for OS. Hit enter and thus you can run your command line.
Thanks @doniz
its not working it can't recognized my memory card
ReplyDeleteYour OS cannot recognize your memory card properly. You need to solve the "not recognizing" problem first. Try this post fix major usb problem
DeleteHope, your folder hidden problem will be solved.
Thanks!
Hi Sharif I tried but it tells parameter format not correct
Deletethnx so much dear!
ReplyDeleteThanks buddy, this was really helpful...It worked out for me as I was having more important files related to my Video Conferencing Software and I just followed the steps you have mentioned here through which I got my problem cleared and my data is back. Thank you so much for sharing this post.
ReplyDeleteC:\Documents and Settings\Administrator>attrib -h -s -r -a /s /d L:\*.*
ReplyDeleteUnable to change attribute - L:\USBCHì▌â.
Unable to change attribute - L:\USBC╕5<ä.
Unable to change attribute - L:\USBC╕5<ä.
i m getting this wen i enter in cmd...i hve some vry imp data on my memory card nd jst cant restore....plz help..!!
Hi, amankr1993
DeleteNothing to worry about it.
1. Copy all your important files to Hard disk from memory card.
2. No need to copy L:\USBCHì▌â. L:\USBC╕5<ä. L:\USBC╕5<ä. because those files either corrupted or created by the malware/virus.
3. Format your memory card, then move the files to the card again.
Thanks.
thnks fr ur generous reply....jst wanna ask one thing i hd abt 8gb data on my memory card...nd nw i get only 8 files out of 38 folders all named wid .exe nd rest of dem are nt visible so jst copying dem nd formatting my disk will recover all my data..?
ReplyDeleteThanks for your question, amankr1993.
DeleteNo. Just copying and formatting your drive won't recover the files.
Actually your files aren't deleted, but their attributes are changed. So you need to change the attributes of all files by the command I've described. Then files will be visible.
AFTER*** that, delete the .exe or .lnk files if exist.
***If the .exe and .lnk files are deleted BEFORE changing the file's attribute, it may cause deleting all the files and folders of that drive.
Hope it helps.
the virus from the memory card will not be transferred to the computer???
ReplyDeleteObviously, it will spread itself to the computer when the affected drive get connected. So keeping and updating the anti-virus is recommended.
DeleteIn this post "LOCAL DRIVE ISSUE" is discussed for solving affected Hard Disk Drive by those viruses.
Thanks.
hi
ReplyDeletewhen i am typing the attrib command in the command prompt i am getting access denied error?!
please help my data in my external hard drive is very important i cannot afford to loose it is over 1TB and only 2 of the folders out of many folders are visible to me
earlier i scanned with Kaspersky antivirus and it deleted around 85 viruses/malwares probably the .lnk files or something similar
since i am hoping that my drive is clean from viruses but still its not showing all the folders
help
Don't worry!
Delete1.First your account must be an "Administrator" or be a "Member of an Administrator" account. This post may help you: How to Enable Administrator Account in Windows 7/Vista/XP.
2.Now, with the administrative privilege run the command (without getting "Access is denied" msg).
3.Wait for executing the command and it may take few minutes. All data will be shown if the drive has any.
Hope it helps you.
Thank you!
Thank you very much
ReplyDeleteI was thinking that booting in safe would solve the access denied issue but simply running the cmd.exe as an admin solved the issue
hope it does
and exactly said even the premium antiviruses are unable to solve the hidden folders issue i have used both the Kasper '12 and Bitdefender '12 and both happily failed..
This blog is really helpful and nicely arranged as well thumbs up
Thanks...
ReplyDeleteIt's a great solution.
dude ur genious.. i spent 1 hour for locating those file but couldnt find them.... and with ur comand i found them in second.
ReplyDeletethanks bro
Please help because i have really tried almost everything that has been discussed in these blogs and i am really confused and worried. In my case, the shortcuts didn't happen in an external drive but rather inside a folder by the name My Pictures in the desktop and all the files and folders that were inside there changed into shortcuts.
ReplyDeleteI have tried almost all ways including the attrib command where i was placing c in the drive letter, but replied with Access Denied about 30 lines saying so. I bought Kaspersky Anti-Virus 2012, installed, updated and later scanned the computer and only found one infection by the name Trojan and cleaned it.
Please Help Sharif Ahmed, am really confused because even the softwares that am noticing for removing shortcuts are only working with removable USB drives but not Hard Drives.
Kamunge Kenneth
First thing is NOTHING TO WORRY.
Delete1. If the folder "My Pictures" contains only the useless shortcuts then you should delete them/whole folder. You can use the Unloker or go here.
2. Yes! In Windows OS (after installin it in C: or any other drive) some files are designed in such a way that users are not allowed to change the attributes (attrib) of those files or folders. In these cases, you may get the Access is Denied message.
3. Fine! You bought a paid-antivirus and updating it regularly. And you deleted the Trojen. Run your OS normally. Because the main victim is detected and removed. Though it put some shortcuts and other files whose are useless without the main virus program (that Trojen you've deleted). Know more about the Trojan.
4. Why the shortcuts and files are not deleted from local drive?
When a reputed virus creates shortcuts, they use the same codes used by the OS to create some powerful shortcuts. Like "Document and Settings" shortcut. And if such shortcut remains in the system drive (C:), they won't be deleted unless booting from other media. For that you can download Hiren's boot CD and create a Hiren's boot USB for an external boot.
If you don't want to waste time for external boot then keep those shortcut hidden. Believe me they won't harm your system.
Thank you!
hi.i have also probleam with my memory card.when i connect with my coputer my phone ask format memry card computer show memory card like I drive but never open it and say (please insert a disk into removable disk(I:) )i have important files and photo there. have any way without format my memory card .please healp me
ReplyDeleteIn this case you've no other option without formatting the memory card. But you can use a data recovery software which could recover data after formatting. Search results that may help you.
DeleteThanks.
It worked! it paused for a while, thought cmd had crashed but it blinked for a bit and the files appeared. Keep getting this damned trojan from work. Does it pose any real threat or is it just to annoy people? How do I get rid of it from the work computers. Kindly - Oliver
ReplyDeleteCool!! it worked! Thanks a lot brother!!!!
ReplyDeleteHi Dude. I tryied what you said its deleted the short cuts from USB. But when i removed the USB and place it again its showing the same again short cuts are present. How to resolve this permantley
ReplyDeleteYour OS/PC is affected by the virus which is executing some program on your USB after plugging it. As a result, whenever you plug-in the USB, the Auto Run Warm creating shortcuts and hiding the files/folders.
DeleteIn this case, the best or possibly the only solution is "Scan, Detect and Kill the viruses from operating system" by an updated Anti-virus.
Paid Anti-virus is not recommended though this task can be done by any reputed free Anti-virus.
Thanks.
working. thanks ;)
ReplyDeleteArticle looks nice but not working on my pc i cannot unhide files from my MMC after applying it creates
ReplyDeleteerror: [not resetting hidden file -N:\(folder name)]
same error for each folder.
I think u could understand my problrm so plz help me.
Thanks.
Do a full scan on all the drives for viruses by a updated anti virus. Coz your OS is already affected by viruses and it preventing the system to reset the file or folder attribute.
DeleteAfter doing so, follow this guide again and fix that files on MMC card surely.
Thanks!
Great! It worked for me!
ReplyDeleteHi sharif Ahmed,
ReplyDeleteWhat happen, nearly every time i plug in any memory card and open any folder in it,the message below appears and make lost all data in the folder? It can be caused by the error of main board or any virus?
Anyway, i have tried to scan the hard drives with several antiviruses. but the result is " No virus found "
Thank you in advance and waiting for the best solution for this very bad problem. the below is what i mention above:
F:\USBCHì▌â. L:\USBC╕5<ä. L:\USBC╕5<ä.
Hi Chamroeun Keo,
DeleteIt seems your MemoryCard or its data is corrupted. And if it is so, then Anti-virus or this guides is not gonna work.
I suggest you to find out the possible solution for fixing the corrupted MemoryCard.
Thanks!
Great!! It was very helpful and it worked for me. Thanks a lot.
ReplyDeleteNada
I am having an external hard disk infected with these kind of issue.
ReplyDeleteI used the command "attrib -h -s -r -a /s /d drive_letter:\*.*". That gave me an error in command prompt
The target of the symbolic link I:\USBC╡δ☺ does not exist
The target of the symbolic link I:\USBC@δ☺ does not exist
After that I tried opening my folder. Some of the folders are still displayed as files.
Can you please help me to solve this issue?
Hi vijesh v,
DeleteDid you put the "drive letter" (ex: d, e or i) inside the command "attrib -h -s -r -a /s /d drive_letter:\*.*" instead of drive_letter?
If you did that I am taking about, then these error outputs should be ignored.
If your folders were retrieved but same named files were displayed, then you can delete these files.
Thanks!
Excellent, it worked out great
ReplyDeleteThanks !!!!
Hi my external HDD is facing the same problem but when i do what u said it is giving me error access denied system volume information. Even though i am administrator. Kindly help plz ASAP
ReplyDeleteRe-check that your account is an administrator or it has the equal privilege.
DeleteRead: how enable Administrator account on Windows PC.
Scan and kill the worms (virus) by a updated and authorized anti-virus. And then execute the command again.
Hope it will help!
Thanks!
I am Happy to get to know this site. thanks so much for the answer
ReplyDeleteGot the trick and it did work!
ReplyDeleteThanks a lot!
yaa it works,but after 5 or 10 second the folders are hideen,help me fix it for paramanently...
ReplyDeleteHi Nitesh, you should read this reply which is similar to your topic and it discussed earlier .
DeleteHi Bro,
ReplyDeleteall my folders have changed to shortcuts and it is really important to retrieve these data it is on my Hard disk...
please help brother.
Try to clean the Autorun worm by a paid or free but updated antivirus. Then follow this guide.
Deletewow super thanks i got my files back from my nokia mobile thanks a lot
ReplyDeleteThank u ! :)
ReplyDeleteThanks a lot ,,
ReplyDeleteYou Are Genius Broo..
ReplyDeletethanks
it says access denied help!!!
ReplyDeleteMicrosoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\YUSI>attrib -h -r -s /s /d g:\*.*
Access denied - G:\$RECYCLE.BIN\S-1-5-21-1341997240-1356586522-4086331149-1000
Access denied - G:\$RECYCLE.BIN\S-1-5-21-4009801811-4160864061-3625295961-1001
Dear rhainne,
DeleteNothing to worry about that! It seems you were trying to make changes on "$RECYCLE.BIN" folder which is hidden/protected (by default) by the system.
In Windows OS "$RECYCLE.BIN" contains all garbage files that you've deleted and this directory is not permitted to change its attributes.
i didn't get it!, what to do?
DeleteIf the Access is Denied occurs on "$RECYCLE.BIN" and "System Volume Information" there is nothing to do actually. Just you need to ignore those messages.
DeleteThanks to be with us.
had a minor heart-attack when this thing happened to me,
ReplyDeletei thought all my important files where gone
thank you very much
THANKS It worked for me too...
ReplyDeleteTHANKS Im a ninja now ;) haha
ReplyDeleteyou are a genius. you really helped me a lot
ReplyDeleteGreat it works
ReplyDeletethanks a lot brother it worked i got rid frm my prblm....
ReplyDeleteMany thanks. This was really a life saver!!!!
ReplyDeleteWow ... Its working.... My pen drive was back to normal
ReplyDeletewhat would happen if i delete the file whose location is 'rundll32 (C:\Windows\system32)'?
ReplyDeleteplease help. i want to delete the shortcut but i'm a bit scared on the consequences...
First you should read: what's rundll32
DeleteThere are two conditions on deleting the rundll32 or deleting its shortcut.
(1) If this file is not in the system drive (generally C: drive), you can delete it and its shortcut.
(2) If the rundll32 or its shortcut is in the system drive then use a free or paid antivirus to scan the whole drive.
Hope you got it!
this method works for me, thanks alot dude!! keep up the good work :)
ReplyDelete