Malware Makes Files Hidden

One of my clients handed me a computer where all of her work and personal files in Documents, and Pictures and the like were missing.  in addition, all of her programs were missing as well.  She is running Windows 7 Professional.  Her fear, as well as my own, were that they had been deleted.  As it turned out, they had been “hidden” by the malware.  The file attributes had been changed to “hidden.”  Going to Windows Explorer, Tools, File, Folder options and setting the “show Hidden Files and Folders” option did not restore them to view.  I was eventually able to find them using a file restoration tool I use in the business.

Any easy way to fix this problem from the command prompt is:  Open command prompt from START MENU > RUN. Type CMD and hit enter. Go to the drive, for example drive C. Type “C:” and enter.  The command we use to restore files is ATTRIB. Type this command :  attrib –s –h *.* /S /D and hit enter.

Further research indicated that this was probably an example of the AUTORUN.INF virus.  This bit of malware jumps from computer to computer via any USB key.  It will “hide” files on the USB key as well.  You can use the same method to restore files on an infected key, just change the drive letter from C: to E: or whatever drive letter that is assigned by your PC.

Most Internet Security programs will remove the AUTORUN.INF virus, but be sure to include your flash drive in the full system scan.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.