Quickly Unhide Files Hidden by Rogue System Utilities

My good’ole uncle Phil called me on the way home from work tonight and said that his hard drive had “lot’s of critical errors on it”.  I said “what said that, read it to me”.  In his military fasion he started reading everything thing on the rogue system utility GUI…I made him stop mid sentence and quickly told him it was basically a virus.

So to make a long story much shorter I got rid of the rogue quickly, by I needed to find an automatic and quick way of unhiding all the files that were hidden by the rogue (fake) system utility.  The solution?  A nifty free little program called UnHide.exe from guys over at bleepingcomputer.com.

UnHide is a mere 669 KB and just requires a double click.  Once it runs it starts unhiding files that were hidden by the fake system utility.  The entire process took about 5 minutes to unhide all of my uncles files (some Windows System files meant to be hidden stay hidden) and it also restored his start menu programs.  Awesome little app!

http://download.bleepingcomputer.com/grinler/unhide.exe

,

80 Responses to Quickly Unhide Files Hidden by Rogue System Utilities

  1. Warwagon June 30, 2011 at 2:44 am #

    Yep, just don’t forget to move the start menu shortcuts out of the temp directory before you flush it.

  2. malwarekilla June 30, 2011 at 2:01 pm #

    Hm, I didn’t have to do that. Thanks, I’ll take a look at that though.

  3. ron June 30, 2011 at 2:38 pm #

    been seeing this a lot lately too. the directory of shortcuts is usually a folder called smtmp. Do a search for that name if you see this happen. guys at bleepingcomputer are great with their little fix utilities.

  4. myHelpfulNerd June 30, 2011 at 9:25 pm #

    Yeah, we’ve been seeing this a lot too. If the desktop and start menu are empty, make sure you don’t clean out the temp folder!

  5. Anakin July 1, 2011 at 1:31 am #

    LOL………………..You are always so far behind everything Matt. I have been using unhide for almost a year now. I thought you were a God in this dept?

    • malwarekilla July 1, 2011 at 2:03 am #

      @Anakin – I don’t care, said Pierre. I’m from France.

  6. Anakin July 1, 2011 at 3:00 am #

    Well that mature Matt. I thought a person of your expertise would think of something more intelligent to say.

  7. malwarekilla July 1, 2011 at 3:12 am #

    @Anakin – I’m not going to get into another troll discussion. Leave a link to your site so I can worship you, I’m dying to see it.

  8. Obi-Wan Kenobi July 1, 2011 at 4:40 am #

    @Anakin…Meet me on Mustafar…we need to talk.

  9. Anakin July 1, 2011 at 10:00 am #

    Not trolling Matt. Being truthful. I was also the one who told you about rkill. BTW………..Combofix is a LAST RESORT only.

  10. Anakin7 July 1, 2011 at 10:39 am #

    Dont need a site Matt. Better things to do then that. Oh BTW.,…………………I just found a great tool. Its called MBAM. Ever heard of it?

  11. Christos July 1, 2011 at 12:59 pm #

    @Anakin, YOU ARE TROLLING. Also I think that you are doing this because you are jealous of Matt’s experience level. You might aswell know that this is A BLOG TO HELP PEOPLE and posting a thread like that, EVEN NOW, is very good!
    @Matt aren’t you using WordPress? I think it allows you to block such users and there are plugins that check for spam kinda comments (i.e Anakin ones) xD

  12. Christos July 1, 2011 at 1:01 pm #

    @Anakin also he might be using it for more than 1 year now and just posting that thread now… you never know…also I bet Matt knows 1000 times more stuff about malware than you. I am sorry ,but you look like you know everything and anything, but that is clearly not the case. You should be blocked in my opinion as described in my previous comment, but that is clearly up to Matt.

  13. Anakin July 1, 2011 at 1:29 pm #

    Christos……………….Are you Matt’s lover? Standing up for your man? Gezz. Let Matt fight his own battles since I am talking to him and clearly not you. If Matt knew about unhide he would have posted it along time ago.

  14. malwarekilla July 1, 2011 at 1:42 pm #

    @Christos – yes, I can block whoever I want, but I enjoy a little entertainment to a certain point…after that I just ip block.

  15. Anakin July 1, 2011 at 1:51 pm #

    Proxy my dear Matt……………..Proxy. Or I guess you haven’t heard of that one either. Post that up on your blog. The thing is Matt you keep posting info that every IT guy out there should know already. But you act like you never heard of these things before which is actually pretty say from some who claims the “Remove-Malware”.

  16. Anakin July 1, 2011 at 1:52 pm #

    Sad and they. Typo.

  17. malwarekilla July 1, 2011 at 2:06 pm #

    @Anakin – BTW what was the point in using unhide over a year ago? The rogues that hide everything are about 2 months old now? I think that makes this post very relavent.

    Also, let’s get something straight for you and everyone like you. I’m NOT a GOD in Malware or Anti-Malware. I’m a constant learner. I’ll NEVER keep up with every dam little anti-malware utility that someone created.

    My work comes first. Whatever helps me get my work done faster and better get’s listed here no matter if it’s a day old or 5 years old.

    On the video side of things. I create entertaining videos on Anti-Malware products for people who know very little about these apps and are looking to learn more…I’m the intro guy, not some geeky expert that participates on security forums every second of the day for absolutely no point other than to say “I’m better than you”.

    Now, excuse me, my vCenter is calling me.

  18. malwarekilla July 1, 2011 at 2:09 pm #

    @anakin – *you* typo like a motherf*cker. Yes anakin, I have heard of proxies, I use them daily. I can also block about 90%+ of them using .htaccess and utilities in my VPS. Try me.

  19. Anakin July 1, 2011 at 2:33 pm #

    Wow Matt……………So glad you stoop so low as to swear. Again someone of your stature should know how to use better language. Notice how I once have not sworn nor do I need to. Wake up Matt and come join the big dogs or stay on the porch.

  20. malwarekilla July 1, 2011 at 2:47 pm #

    @Anakin – where are the “big dogs”?

  21. Anakin July 1, 2011 at 2:49 pm #

    Your not old enough to hang with us yet Matt. You are still being potty trained. Soon you will be able to hang with the bog dogs. At least your using the pee pads properly.

  22. Anakin July 1, 2011 at 2:50 pm #

    big……………typo

  23. john July 1, 2011 at 4:35 pm #

    Matt,

    How do you hide important files after you have removed all the bad stuff? I was just curious since i’ve never used this tool. By the way I think your very good at what you do no matter what people on here say. Keep up the good work.

  24. Anakin July 1, 2011 at 4:51 pm #

    That is very easily done. Been able to that since Win98. Just go into Tools/Folder Options/View and uncheck or check off what you want to. If its specific folder you are trying to hide then simply use this.

    http://www.axantum.com/AxCrypt/

  25. Bo July 1, 2011 at 8:08 pm #

    This Anakin character has a crush on Matt.

  26. Carlos July 1, 2011 at 8:29 pm #

    Matt,

    I cannot believe you have enough time to refute this clown on every single senseless post he makes but you don’t have the time to reply when me and others, nicely and politely ask you or, even better, suggest you things to make your job easier and more pleasant.

    The other day I suggested you a utility called RogueKiller to kill (and, sometimes even remove) fake AVs. You didn’t bother on replying. I also requested you to make a video of Comodo IS version 5.4 since I had watched a very well done video of this suite on YouTube back in January (v5.0), using Windows at default settings and very old versions of Adobe Reader, Flash Player and Java RunTime. That security suite excelled my expectations when it’s well configured, of course. I can give you a link to that video should you want to watch it.

    Those are some of the reasons that have stopped me short of logging in onto your Facebook page and clicking on“like”, your lack of responses here.

    Carlos

  27. malwarekilla July 1, 2011 at 8:57 pm #

    @Carlos – sorry about that man, I was really busy handing off my 20 other web properties and I missed some emails and comments. I’ll take a look Rogue Killer and possibly add it to the Toolkit page (which I’ve been updating today).

  28. estechguy July 2, 2011 at 2:46 am #

    Well look who is back its Anakin

  29. TigerRaptorFX July 2, 2011 at 2:54 am #

    Big Dogs? Hang with us?

    At a computer.

    Facepalm!

  30. Anakin7 July 2, 2011 at 3:14 am #

    Tiger…………………obviously your too young and dumb to understand the saying. There was a slogan back in the 80’s. It went “If you cant run with the big dogs then stay on the porch”. Man some people are really stupid.

  31. Anakin July 2, 2011 at 3:29 am #

    LOL……………..Obviously your too young and dumb to understand Tiger. There was old slogan back in the 80’s. It went ‘If you cant run with the big dogs then stay on the porch”. Man people are so dumb.

  32. TigerRaptorFX July 2, 2011 at 3:39 am #

    Since you want to see stupidity. Turn off your monitor and look really hard.

    The way you said it sounds very pathetic. Put down your keyboard little anakin. It isn’t a lightsaber.

  33. GodsGr8 July 2, 2011 at 11:03 pm #

    I thank you for your tireless work disregard the mental midgets like anakin.

  34. Shaun Zhang July 2, 2011 at 11:14 pm #

    Are you going to do more reviews or not?

  35. Dan July 3, 2011 at 10:15 pm #

    Hey Dieselman, your thinly veiled “Anakin” disguise doesn’t work when you talk the same fucking retarded way as you do every where else you post.

    Thanks Matt, for the great utility.

  36. Aaron July 3, 2011 at 10:44 pm #

    “Anakin” is really Dieselman, it’s so obvious.
    He tries so hard to use a different alias, but he just can’t shake the constant spelling and grammar mistakes that plaque him.

  37. Aaron July 3, 2011 at 11:09 pm #

    Excuse me, *plague

  38. estechguy July 6, 2011 at 12:04 am #

    @Anakin- well your dumb because you made near the same post twice! d:

  39. Anakin July 6, 2011 at 12:36 am #

    Wow estechguy. Did your Mommy teach you to say that? Its called the first one did not go in. Duh.

  40. Anakin July 6, 2011 at 10:02 am #

    FYI………………I have no idea who Dieselman is.

  41. Dan July 6, 2011 at 9:43 pm #

    You’re an insanely bad liar, Dieselman. Even in your denial you type the same way. Really, just give it up.

  42. Aaron July 6, 2011 at 9:43 pm #

    That’s the funniest joke I’ve heard in a while, “Anakin”.
    Go improve your grammar a bit more then come back and use your disguise.

  43. Dieselman July 6, 2011 at 9:48 pm #

    Guys……………………….?…….Anakin IS NOT ME. Why would I take time out of my busy schedule to try to trick you guys………………..If you open you’re eyes for ONE SECOND then you see that he is clearly not me…………He even said so………….:roll:. Besides, I never to college, so I could never come up with such a clever scheme. Go back to kiddieland 🙄

  44. Kevin July 6, 2011 at 9:50 pm #

    Anakin – July 6, 2011 at 10:02 am
    >FYI………………I have no idea who Dieselman is.

    Those dots………..show clearly you’re Dieselman.

  45. Anakin July 6, 2011 at 10:46 pm #

    Dan…………………..Is that short for “Dan the spam man”?

  46. Dan July 6, 2011 at 10:47 pm #

    You know it Dieselman, you and me go way back.

  47. Anakin July 6, 2011 at 11:34 pm #

    For the last time I am not Dieselman.

  48. Anakin July 6, 2011 at 11:36 pm #

    But I am fully aware of you are cause Gus tells me. Tells me how you spammed the forum with childish crap and kept coming back. Tell Matt what you did to his forum. Tell Matt the the lack of respect you give his forum and others.

  49. Anakin July 7, 2011 at 12:02 am #

    That is not me typing that. Anyone can put anyone’s name in. So someone made a statement using the name “Dieselman”. Wow you people really are pathetic. Its so fumy how the same people spam over and over and over.

  50. Anakin July 7, 2011 at 12:02 am #

    Funny……………Sorry typo.

  51. Anakin July 7, 2011 at 12:05 am #

    Funny. Sorry. Typo

  52. Kevin July 7, 2011 at 12:06 am #

    Anakin (Dieselman) – July 6, 2011 at 11:36 pm
    > But I am fully aware of you are cause Gus tells me. Tells me how you spammed the forum with childish crap and kept coming back. Tell Matt what you did to his forum. Tell Matt the the lack of respect you give his forum and others.

    Tell Matt how you spammed our forum with porn.

  53. Dan July 7, 2011 at 12:06 am #

    “That is not me typing that.” So you’re admitting that you are, indeed, Dieselman, and not that felonious imposter (who sounds exactly like you)? Wow, you really are stupider than I thought, sir. Well done.

  54. Dan July 7, 2011 at 12:12 am #

    Also, sorry to double post (although looking at your fucking quintuple post over here, I really shouldn’t be apologizing), but “Tell Matt what you did to his forum. Tell Matt the the lack of respect you give his forum and others.”

    It’s clear that Matt has given up on his own forums. I’m not quite sure why he doesn’t just shut them down, but I think it’s funny that you seem to still care about Matt even though you spent the majority of your other comments blasting him for not posting about a simple utility months earlier. Talk about complete ass-raping faggots, man. Dieselman is sure to take the cake in that category. Also, notice how I can go multiple sentences at one time without making a typo? Holy shit, what an amazing feat and display of technological dexterity! Look at me spell all of these complicated words without using thousands of periods in a row just to have the time to gather my thoughts! What a marvel of engineering this is!

  55. Anakin July 7, 2011 at 1:50 am #

    So glad you resulted to swearing. Gotta be a MalwareUp way of life.

  56. Kevin July 7, 2011 at 2:06 am #

    Anakin (Dieselman) – July 7, 2011 at 1:50 am

    > So glad you resulted to swearing. Gotta be a MalwareUp way of life.

    It’s a crime to swear? Fuck! I didn’t know :S

  57. Dan July 7, 2011 at 2:08 am #

    So glad you resorted (the actual correct word) to hiding behind a really bad disguise and attempting to badmouth everyone else, all the while failing miserably. People are going to swear, Dieselman, you’re just going to have to get over it and suck it up and start living here in 2011, not in the 80s where you “used to run with the big dogs”. Of course I don’t expect you to start improving your spelling or grammar now, because you know the old saying, “you can’t teach an old dog new tricks”. See how I used your own phrases against you? I could do this all day.

  58. Anakin July 7, 2011 at 2:29 am #

    If you had any brains you would use other words then swear words. Part of life is NOT swearing. Only if your too dumb to use better grammar. Swearing is just a poor excuse cause you have nothing better to say.

  59. Anakin July 7, 2011 at 2:30 am #

    Kevin or should I say kelopez.

  60. Dan July 7, 2011 at 2:31 am #

    >your too dumb
    >use better grammar
    >your too
    >your

    You crack me up, man.

  61. Kevin July 7, 2011 at 2:34 am #

    Anakin or should I say dieselman:

    A big facepalm from me to you.

  62. Anakin July 7, 2011 at 2:36 am #

    LOL. You guys are too much. You spam the forum now your spamming Matt’s blog. Wow. You must be proud of yourselves. No go on home to Mommy and take your warm milk.

  63. Kevin July 7, 2011 at 2:43 am #

    Dieselman:

    This is not spam. This actually has sense, if you didn’t realize…

  64. Anakin July 7, 2011 at 3:02 am #

    Sense. Yeah only if your 14 and dumb. Oh wait that’s you.

  65. Kevin July 7, 2011 at 3:06 am #

    “Get your facts right,” I’m 16. And I’m not dumb.

  66. Kevin July 7, 2011 at 3:07 am #

    PS You can’t call me a dumb if I have better grammar than you. AND you should know that English is not my native language.

  67. Aaron July 7, 2011 at 3:23 am #

    Anyways, thanks for the post Matt!
    Looks like a very handy tool.

  68. Anakin July 7, 2011 at 9:59 am #

    14 and dumb. 16 and dumb. Whats the difference. Either way not even interested in security. You never even talk about security. Your just some dumb kid who gets off on spamming forums.

  69. Anakin July 7, 2011 at 10:35 am #

    In fact my dear Kevin. You have not ONCE talk ab out security in this blog nor ever in the forums. All you do is rush in defending your other MalwareUp buddies and spam the forum. Thats what little kids do. They dont have enough common sense to realize that a security forum is to talk about security. But you think its a way of life. A way of swearing and talking nonsense. Explain the Matt what you did to his forums and Dieselman. Explain that to him. Show me a post where you actually talked about security.

  70. Anakin July 7, 2011 at 10:39 am #

    Talked about. Sorry. Typing to fast and making spelling mistakes. Its losers like you and Dan that have ruined the forums. You care nothing about security. You would rather spam the forum over and over and over and over rather then talk about security or computers. You guys made Gus and Tweaks life a living hell.

  71. Carlos July 7, 2011 at 6:46 pm #

    Dieselman: Why were you banned from Wilders Security Forums? Would you mind telling us?

    Thanks.

    Carlos

  72. Darol July 7, 2011 at 7:36 pm #

    @Anakin Don’t you little kids have anything better to do with your lives………..it’s funny how you little tykes think your clever…..”OH LET’S TROLL DIESEL” You call me a T-R-O-L-L but I’m not doing anything but saying the truth. Now go take a nap. Thanks.

  73. Anakin July 8, 2011 at 12:53 am #

    Oh no. Another MalwareUp loser. Why must you little kids travel in packs.

  74. Anakin July 8, 2011 at 12:56 am #

    All of you have been banned from the forum for spamming. Now you cannot use your childish antics on the forum so you turn to spamming Matt’s blog. Wow. What a life you guys live.

  75. Darol July 8, 2011 at 9:20 pm #

    Let’s look at the life you live, shall we…
    You live in a fantasy where your innocent and we are the reason rM is dead right now.
    You treat everyone who doesn’t have the knowledge you apparently have like stupid people (proven in that thread where you called a customer dumb because she didn’t understand something many people don’t as well).
    You try and hide behind this pathetic disguise, making yourself look dumb.
    You assume everyone who is against you is an immature child when you barely know them.
    Your attitude is horrible, I sometimes doubt you’re actually a 41 year old.

    I could go on, but you’ll just change the topic anyway, oh and one more thing, how do you know I’m from MalwareUp huh? I might not be.

  76. LOLZER July 11, 2011 at 12:06 am #

    @Darol

    +1

  77. stormgtr July 11, 2011 at 2:33 pm #

    Do not feed the troll (DNFTT). 😛

  78. Ryan July 11, 2011 at 11:38 pm #

    L0L

  79. catherine September 2, 2011 at 10:01 pm #

    tnx you so much, been trying to show my hidden files for sometime now and have been searching for help. i tried changing the values in regedit to no avail. i was able to download a free online AVG virus scanner, scanned my laptop drives and dloaded the unhide.exe and it worked!!! thank you

Leave a Reply