Malware creating hidden folder that I can't see

Status
Not open for further replies.

George0107

Honorable
Oct 28, 2013
3
1
10,510
I ran into some malware that created a hidden folder under my users/account/AppData/Roaming/hiddenfolder

I enabled the option to view hidden files & folders but I still cannot see this folder. I can browse to it, if I manually type it in, and see all the files inside, but in the Roaming folder I cannot see it.

To test, I created another folder in my Roaming folder and set it to hidden, and I could see that folder.

More info about the folder the malware created:

- I cannot unset the folder to NOT hidden. When looking at the properties, the Hidden option is checked but greyed out.

- The folder does show up when listing the folders and files under the Roaming folder in command prompt using the "dir /A:H" command

- When trying to remove the hidden attribute, I get an error saying not resetting system file

- I removed all attributes and got to unhide the folder successfully by using "attrib C:\Users\account\AppData\Roaming\folder -s -h -r"


This seems kinda crazy that I have to go through this when I am the Administrator of the computer and I can't see a hidden folder. I wonder what other folders that malware may have created that I didn't know about.

What gives?

 
  • Like
Reactions: Meanderthal
Solution


You can deny access for an account same way as you would grant access. People do it all the time by accident, they remove every user account from the permissions to "fix" security or something, and end up breaking their operating system. All you need to do is remove the Administrator account or group from the rights of the folder/files. Administrator has default rights to pretty much every file, but that can be changed.

George0107

Honorable
Oct 28, 2013
3
1
10,510
The virus was detected and removed by Windows Defender. I did also run a MBam scan and a Hitman Pro scan. I am just wondering why, as the Admin of the computer, this folder was hidden from me even when hidden folders option was enabled.
 

George0107

Honorable
Oct 28, 2013
3
1
10,510
I get that, but I am asking how is that achieved? How can malware create a hidden folder that I cannot see? What makes that hidden folder different than a hidden folder I created? Is it some attribute that the folder had?
 


You can deny access for an account same way as you would grant access. People do it all the time by accident, they remove every user account from the permissions to "fix" security or something, and end up breaking their operating system. All you need to do is remove the Administrator account or group from the rights of the folder/files. Administrator has default rights to pretty much every file, but that can be changed.
 
Solution
Status
Not open for further replies.