0

Hello,

I have a problem in my PC, as I try to see my hidden files, through folder option setting it dose not works.

I try the below said also

Click Start => Run type in Regedit press OK.
Click:

* HKey_Local_Machine
* Software
* Microsoft
* Windows
* CurrentVersion
* Explorer
* Advanced
* Folder
* Hidden
* SHOWALL

Now right click on CheckedValue and click Delete.
Right click and hover over New then select Dword Value call it CheckedValue.
Right click on CheckedValue and choose Modify, under 'Value Data' type in 1.

Still the CheckedValue wont change it remain as 0,

One more problem I faced is every time I double click on c:, d: or e: drive it will open in new window

Please provide me a solution for both of it.

4
Contributors
8
Replies
9
Views
9 Years
Discussion Span
Last Post by c-tech
0

http://infosecurityhub.blogspot.com/2008/09/kamsoft-ckvoexe-malware-manual-removal.html

hey man, i hope you've already scanned your computer for viruses and other nasties. this is caused by viruses and in my case it was kamsoft-ckvoexe. if it's this that you've got then you'll have to remove it manually
Here is how you do it:
Start the computer in safe mode by pressing F8 during booting

Open Registry Editor

Delete the value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Kamsoft"=C:\windows\system32\ckvo.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\

delete all the keys starting with {........}

Example:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05ef6149-5e60-11dd-8a88-0003254ecf1b}

In the above key delete {05ef6149-5e60-11dd-8a88-0003254ecf1b}

Open the command prompt

go to C:\>

type attrib so you can see the hidden files in root drive

To clear the attributes of malware files type

attrib -s -h -r filename

Example: C:\>attrib -s -h -r autorun.inf
D:\>attrib -s -h -r autorun.inf


repeat the above command for all files of malware

To delete the virus files type

del filename

Example: C:\> del autorun.inf
D:\> del autorun.inf

repeat the above command for all files of malware

look for the files of malware in all other partitions and delete them.

go to c:\windows\system32>

type attrib -s -h -r ckvo.exe
attrib -s -h -r ckvo.dll
attrib -s -h -r ckvo0.dll
attrib -s -h -r ckvo1.dll
del ckvo.exe
del ckvo0.dll
del ckvo1.dll

Some files in system32 may not delete then you should logoff once and logon to delete any files associated with this malware

Now open Registry editor go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL

Change the DWORD value of Checked Value from 0 to 1.

Now go to folder options and change the hidden file attributes and show system files options. You should be able to see all hidden files.

Finally turnoff the system restore and turn it on again so the previous restore points will be deleted.


I hope this helps out.

0

Welcome to the site :)

Try going to a folder (My documents for example) and clicking VIEW/FOLDER VIEW/VIEW and then tick "Show all files" (Thats what i have selected)

Good luck!

0

Sam, those are per user settings, so you need to be in this key, and this will make one change you desire:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001

But there is a piece of malware tha makes these changes so I suggest you run this first:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application, then ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
Make sure that everything found is checked, and click Remove Selected.
When it completes MBAM will produce a log; examine it: if some files are listed as Delete on Reboot then restart your machine before continuing.
Post the Notepad log [it is also saved under Logs tab in MBAM].

0

Sam, those are per user settings, so you need to be in this key, and this will make one change you desire:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001

But there is a piece of malware tha makes these changes so I suggest you run this first:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application, then ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
Make sure that everything found is checked, and click Remove Selected.
When it completes MBAM will produce a log; examine it: if some files are listed as Delete on Reboot then restart your machine before continuing.
Post the Notepad log [it is also saved under Logs tab in MBAM].

Gerbil, I have used the said software, used it through quick scan and as well as through full scan got a log too(for quick scan)
I am just pasting the same below just have a look on it

----------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.29
Database version: 1276
Windows 5.1.2600 Service Pack 2

11/17/2008 8:31:27 PM
mbam-log-2008-11-17 (20-29-42).txt

Scan type: Quick Scan
Objects scanned: 47714
Time elapsed: 1 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\iehlprobj.iehlprobj.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{ce7c3ce2-4b15-11d1-abed-709549c10000} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ce7c3cef-4b15-11d1-abed-709549c10000} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Trojan.BHO) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kvasoft (Trojan.FakeAlert.H) -> No action taken.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\kvosoft.exe (Trojan.FakeAlert.H) -> No action taken.
C:\WINDOWS\system32\hgkjghg0.dll (Trojan.BHO) -> No action taken.
----------------------------------------------------------------------------------------------------------

Still the problem is there, even I try to manually delete the Kvosoft.exe in system32, but I was not able to find it, I search the whole system too :-(
Yah when I search for hgkjghg0.dll, got it and deleted but when next time start my PC its there again in the same place

Please help me out- I don't want to reinstall or format my C drive

0

Heya, sam... could be a baddie there. First, I need to make sure that you followed my instructions because I should not be seeing No Action Taken against found malware items. So, please UPDATE MBAM, then...
Select "Perform Quick Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you... do not click the Save Logfile button.
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post both the logs here.

0

Gerbil thanks,

As if now my PC problem is solved,
I run this Malwarebytes Anti-Malware 1.29 two-three time continuously, then while restarting my PC I went to the safe mode and manually removed the kvosoft.exe and hgkjghg0.dll with an idea got by the post of "c-tech" from the regedit.

Still I am not able to understand whenever I search the kvosoft.exe in my whole PC, there is no such item. when my problem clear with the hidden files I selected the option and saw all the hidden files, even inside windows folder(even here C:\WINDOWS\system32\) but there was no kvosoft.exe, don't know how to see this file and delete it

Anyway I am thankful to you both for the help as I was going to format my PC- your advice made my data saved.

I have a small doubt regarding my pen drive, I will post a new thread. I am not a teche person but a web designer so don't know much about the troubleshot of systems and its components

0

C-tech thanks,

As if now my PC problem is solved, with the help of you and Gerbil
I run this Malwarebytes Anti-Malware 1.29 two-three time continuously, then while restarting my PC I went to the safe mode and manually removed the kvosoft.exe and hgkjghg0.dll from the regedit.

Still I am not able to understand whenever I search the kvosoft.exe in my whole PC, there is no such item. when my problem clear with the hidden files I selected the option and saw all the hidden files, even inside windows folder(even here C:\WINDOWS\system32\) but there was no kvosoft.exe, don't know how to see this file and delete it

Anyway I am thankful to you both for the help as I was going to format my PC- your advice made my data saved. Now I see my hidden files and as well I can open the Local Drive(C,D,E) in same window itself.

I have a small doubt regarding my pen drive, I will post a new thread. I am not a teche person but a web designer so don't know much about the troubleshot of systems and its components

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.