How to Unhide Programs and Folders Hidden by FakeHDD Alert Programs

Show Hidden FilesI mentioned this in a previous post but I wanted to bring it up again because I continue to see a variety of “malicious” FakeHDD Alert programs that are rendering people’s computers almost useless because it hides many of your programs, files and folders.

The biggest preliminary caution about this type of infection is to “NOT” run a Temp File cleaner like CCleaner until “AFTER” you have restored your Program File shortcuts. While cleaning the temp files would normally be one of the early steps you should  perform, in this case, you would be deleting the folder that the malicious program is hiding them in, namely C:\Windows\Temp\smtmp.

Unhide Freeware

In fact, I would browse to that folder first, and “COPY” that folder to another location on your Hard Drive as a precaution. There is a free program called “Unhide” that can automatically restore your hidden files and program shortcuts.

In this article, I am “not” going to address how to disinfect one of the FakeHDD Alert programs, as I have already covered that using System Restore in previous posts.

You can download the “Unhide” program from Bleeping Computers at the link below. Use another computer and copy it to a Flash Drive if you have to.

http://download.bleepingcomputer.com/grinler/unhide.exe

Unhide.exe is a free portable program from BleepingComputer that is used to automatically unhide your “hidden”  Folders. It does have limitations though, it will not unhide any files that also have the +S attribute. Unhide will also check if the Temp%\smtmp folder exists. If so, it will copy your missing program shortcuts back to their original locations for you.

Occasionally, Unhide will not able to restore the shortcuts in the smtmp folder to their proper locations. If this happens, use the information below to manually copy the shortcuts from the smtmp folder to their proper locations.

Hidden Folder Locations

Below are the folders found under %Temp%\smtmp and what locations the shortcuts should normally reside in based on the version of Windows you are using.

%Temp%\smtmp\1:

Windows XP: C:\Documents and Settings\All Users\Start Menu

Windows Vista and Windows 7: C:\ProgramData\Microsoft\Windows\Start Menu

 

%Temp%\smtmp\2\:
Windows XP:  C:\Documents and Settings\Application Data\Microsoft\Internet Explorer\Quick Launch\
Windows Vista and Windows 7:C:\Users\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

 

%Temp%\smtmp\3\:

Windows XP: Does not exist in XP. Therefore do not be concerned if %Temp%\smtmp\3 does not exist on Windows XP.
Windows Vista and Windows 7:  C:\Users\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar

%Temp%\smtmp\4\:

Windows XP:  C:\Documents and Settings\All Users\Desktop
Windows Vista and Windows 7: C:\Users\Public\Desktop

To manually restore your shortcuts, simply open up each of the %Temp%\smtmp\ folders and copy the contents into the respective folder listed above.

Example: For Windows XP, copy contents of “%Temp%\smtmp\1”  to “C:\Documents and Settings\All Users\Start Menu”.

For Windows Vista or 7, copy contents of “%Temp%\smtmp\1” to “C:\ProgramData\Microsoft\Windows\Start Menu”.

Folder Options

By default, some of the folder locations are always “Hidden” , so you will have to change your “Folder Options” to enable “Hidden Files or Folders” and “Protected Operating System Files”.

1. Click Start and open Control Panel

  • If viewing Control Panel by Category, click Appearance and Personalization and then click Folder Options
  • If viewing Control Panel by Icons, click Folder Options

2. Under Folder Options category, click on Show Hidden Files or Folders.
3. Under the Hidden files and folders, select Show hidden files, folders, or drives.
4. Remove checkmark from Hide extensions for known file types.
5. Remove checkmark from Hide protected operating system files (Recommended).
6. Click Apply and then the OK button.
7. Windows 7 is configured to show all hidden files.

Hope this helps you make your files, folder and program shortcuts that may have been hidden by malware. While this article is not all inclusive, it should give you a good starting point to recover your system back to normal.

One Response to “How to Unhide Programs and Folders Hidden by FakeHDD Alert Programs”

  1. maga

    What if somehow all the smtmp folders are gone? Is there a way to restore them??

Leave a Reply



XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>