This tips and trick is for Windows users, because most virus in the wild is targeting Windows operating system since they have the largest users in the world.
1. Command prompt
3 Steps to Show Hidden Files Caused by Virus Infections :
1. This is the screenshot of my USB content after I plug into infected computer.
The virus hide all my files and folders as well, and change everything into a shortcut that call Documents.vbe when executed.
2. The virus change the files and folders attribute by using system user, so when you try to change the attribute by right clicking it, you can’t change it’s hidden attribute.
3. Open your command prompt and go to your USB drive. In our case the USB is in E: drive.
attrib : Displays or changes file attributes.
– : Clears an attribute.
H : Hidden file attribute.
S : System file attribute.
E:* : Drive of the USB with * as wildcard that means process all files.
/S : Processes matching files in the current folder and all subfolders.
/D : Processes folders as well.
1. Turn off Autorun for all of removable media.
2. Do not doubleclick your USB folder to prevent the virus spreading into your system.
3. To delete the virus manually, you can open REGEDIT, choose EDIT tab and click Find (Ctrl + F).
In the search box type “documents.vbe”. If your search result return nothing it’s mean that you’re not infected by this kind of virus, if your search result return some value like the picture below:
Write down the Documents.vbe path location, and delete the Documents.vbe manually from that folder. If you cannot delete the Documents.vbe because it is used by another program, go to task manager(CTRL+ALT+DEL) and find Wscript.exe.
Right click and choose “End Task” to stop the Wscript.exe process and try again to delete the Documents.vbe. Don’t forget to delete the registry containing Documents.vbe too.