Folder Options Recovery From Virus Attack
Some Current Indonesian Windows Viruses that were reported had widely spread out around the world had unique characteristics of attacking techniques. One of the old popular techniques was Changing (I like to call it “making a Mess”) Windows Folder Options by modifying Windows Registry.
Some Indonesian virus programmers preferred to play “hide and seek” only by hiding files in the computer target without making a dangerous destructive action of the computer system. Commonly, the attackers tried to hide the files by changing their file attributes into “hidden” and “system”, so that the files status is not just hidden, yet super-hidden as simply protected Windows system files.
The Victims cried that they had lost their such files. Some of them had realized that their files had been super-hidden, but they could not get their hidden files back since they could not change the Folder Options settings to the normal previous state after the virus programmer had ‘frozen’ the Folder Options Settings. And the rest of them did not realize that their files had just been invisible and, frequently, replaced by fake files (files that contain malicious scripts — the virus itself). Mostly, in the case of the frozen Folder Options Settings, the virus had made registry modifications at “Checked Value” and “Unchecked Value” Check Box Options.
This article tells about How To:
1. Unfreeze The Frozen Folder Options
2. Recover Folder Options Settings that had been changed by Virus
3. Show The Files that had been hidden by Virus
1. Unfreeze The Frozen Folder Options
There are two ways to Unfreeze The Frozen Folder Options. First, Kill The Resident Virus with trusted AntiVirus, and second, Recover Folder Options by re-modifying the registry keys that had been changed by attacking Virus to their normal previous state.
2. Recover Folder Options Settings that had been changed by Virus
2.1. Download Program : Folder Options Recovery for Windows v1.0.0
NOTE : – Some Anti-Virus Programs had categorized this program as a computer threat (Trojan); that was just FALSE ALARM. I guarantee that this program does not contain any stupid malware and won’t harm Your computer. – FILE HAD BEEN RE-UPLOADED AND DOWNLOAD URL HAD BEEN RENEWED
– Category : Computer\Windows\Recovery Tools
– Program name : Folder Options Recovery for Windows
– Program Type : Portable Application
– Version : 1.0.0.0
– Supported OS : Microsoft Windows 98/Me/XP/Vista
– License : Freeware
– Developer : Henry U.S.S.A – Henry Artworks Studio
– File Name : Folder-Options-Recovery.exe
– File Size : 45.5 KB (46,592 bytes)
– Size On Disk : 48.0 KB (49,152 bytes)
– CRC-32 Checksum : A4B4949B
– MD5 : F1F60B1E84D8F1441AB59B92E347D22E
– SHA1 : 0E4D03F87A809D213C29300CADAFE2942577D80D
– Created : Monday, September 1st, 2008, 1:22:50 AM
2.2. Download Two Registry Entry Files below:
– a. Download Show_FolderOptions_and_ControlPanel.reg (download here)
– b. Download Folder_Options_Recovery_-_Show_All_Files.reg (download here)
—- and “Merge” it into Your Windows Registry Database, OR
2.3. Manual Recovery via Windows Registry by Creating Two Registry Entry Files:
– a. Open Windows Notepad or other Text Editors
– b. Copy these Registry Entry lines written below:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
“NoFolderOptions”=dword:00000000
“NoControlPanel”=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
“NoControlPanel”==dword:00000000
and save as Registry Entry File (.reg): “Show_FolderOptions_and_ControlPanel.reg“ -> this is useful for the condition if Folder Options had been hidden and Control Panel had been disabled by the Virus.
Yet, if Folder Options remains visible and Control Panel had not been disabled, then Copy and Paste into Your Notepad:
these Registry Entry lines written below:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder]
“Type”=”group”
“Text”=”@shell32.dll,-30498”
“Bitmap”=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\
48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\
00
“HelpID”=”shell.hlp#51140”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewState]
“Type”=”checkbox”
“Text”=”@shell32.dll,-30506”
“HKeyRoot”=dword:80000001
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced”
“ValueName”=”ClassicViewState”
“CheckedValue”=dword:00000000
“UncheckedValue”=dword:00000001
“DefaultValue”=dword:00000000
“HelpID”=”shell.hlp#51076”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer]
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideMyComputerIcons”
“Text”=”@shell32.dll,-30497”
“Type”=”checkbox”
“ValueName”=”{21EC2020-3AEA-1069-A2DD-08002B30309D}”
“CheckedValue”=dword:00000000
“UncheckedValue”=dword:00000001
“DefaultValue”=dword:00000001
“HKeyRoot”=dword:80000001
“HelpID”=”shell.hlp#51150”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess]
“Type”=”checkbox”
“Text”=”@shell32.dll,-30507”
“HKeyRoot”=dword:80000001
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced”
“ValueName”=”SeparateProcess”
“CheckedValue”=dword:00000001
“UncheckedValue”=dword:00000000
“DefaultValue”=dword:00000000
“HelpID”=”shell.hlp#51079”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\Policy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\Policy\SeparateProcess]
@=””
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache]
“Type”=”checkbox”
“Text”=”@shell32.dll,-30517”
“HKeyRoot”=dword:80000001
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced”
“ValueName”=”DisableThumbnailCache”
“CheckedValue”=dword:00000001
“UncheckedValue”=dword:00000000
“DefaultValue”=dword:00000000
“HelpID”=”shell.hlp#51155”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FolderSizeTip]
“Type”=”checkbox”
“Text”=”@shell32.dll,-30514”
“HKeyRoot”=dword:80000001
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced”
“ValueName”=”FolderContentsInfoTip”
“CheckedValue”=dword:00000001
“UncheckedValue”=dword:00000000
“DefaultValue”=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree]
“Type”=”checkbox”
“Text”=”@shell32.dll,-30511”
“HKeyRoot”=dword:80000001
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced”
“ValueName”=”FriendlyTree”
“CheckedValue”=dword:00000001
“UncheckedValue”=dword:00000000
“HelpID”=”shell.hlp#51149”
“DefaultValue”=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden]
“Text”=”@shell32.dll,-30499”
“Type”=”group”
“Bitmap”=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\
48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\
00
“HelpID”=”shell.hlp#51131”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced”
“Text”=”@shell32.dll,-30501”
“Type”=”radio”
“CheckedValue”=dword:00000002
“ValueName”=”Hidden”
“DefaultValue”=dword:00000002
“HKeyRoot”=dword:80000001
“HelpID”=”shell.hlp#51104”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced”
“Text”=”@shell32.dll,-30500”
“Type”=”radio”
“CheckedValue”=dword:00000001
“ValueName”=”Hidden”
“DefaultValue”=dword:00000002
“HKeyRoot”=dword:80000001
“HelpID”=”shell.hlp#51105”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt]
“Type”=”checkbox”
“Text”=”@shell32.dll,-30503”
“HKeyRoot”=dword:80000001
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced”
“ValueName”=”HideFileExt”
“CheckedValue”=dword:00000001
“UncheckedValue”=dword:00000000
“DefaultValue”=dword:00000001
“HelpID”=”shell.hlp#51101”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler]
“Type”=”checkbox”
“Text”=”@shell32.dll,-30509”
“HKeyRoot”=dword:80000001
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced”
“ValueName”=”NoNetCrawling”
“CheckedValue”=dword:00000000
“UncheckedValue”=dword:00000001
“DefaultValue”=dword:00000000
“HelpID”=”shell.hlp#51147”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy\NoNetCrawling]
@=””
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowsers]
“Type”=”checkbox”
“Text”=”@shell32.dll,-30513”
“HKeyRoot”=dword:80000001
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced”
“ValueName”=”PersistBrowsers”
“CheckedValue”=dword:00000001
“UncheckedValue”=dword:00000000
“HelpID”=”shell.hlp#51152”
“DefaultValue”=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor]
“Type”=”checkbox”
“Text”=”@shell32.dll,-30512”
“HKeyRoot”=dword:80000001
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced”
“ValueName”=”ShowCompColor”
“CheckedValue”=dword:00000001
“UncheckedValue”=dword:00000000
“DefaultValue”=dword:00000001
“HelpID”=”shell.hlp#51130”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath]
“Type”=”checkbox”
“Text”=”@shell32.dll,-30504”
“HKeyRoot”=dword:80000001
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CabinetState”
“ValueName”=”FullPath”
“CheckedValue”=dword:00000001
“UncheckedValue”=dword:00000000
“DefaultValue”=dword:00000000
“HelpID”=”shell.hlp#51100”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress]
“Type”=”checkbox”
“Text”=”@shell32.dll,-30505”
“HKeyRoot”=dword:80000001
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CabinetState”
“ValueName”=”FullPathAddress”
“CheckedValue”=dword:00000001
“UncheckedValue”=dword:00000000
“DefaultValue”=dword:00000001
“HelpID”=”shell.hlp#51107”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip]
“Type”=”checkbox”
“Text”=”@shell32.dll,-30502”
“HKeyRoot”=dword:80000001
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced”
“ValueName”=”ShowInfoTip”
“CheckedValue”=dword:00000001
“UncheckedValue”=dword:00000000
“DefaultValue”=dword:00000001
“HelpID”=”shell.hlp#51102”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden]
“Type”=”checkbox”
“Text”=”@shell32.dll,-30508”
“WarningIfNotDefault”=”@shell32.dll,-28964”
“HKeyRoot”=dword:80000001
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced”
“ValueName”=”ShowSuperHidden”
“CheckedValue”=dword:00000000
“UncheckedValue”=dword:00000001
“DefaultValue”=dword:00000000
“HelpID”=”shell.hlp#51103”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=””
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets]
“Text”=”Managing pairs of Web pages and folders”
“Type”=”group”
“Bitmap”=”C:\\WINDOWS\\System32\\\\SHELL32.DLL,4”
“HelpID”=”TBD”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\AUTO]
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer”
“Text”=”Show and manage the pair as a single file”
“Type”=”radio”
“CheckedValue”=dword:00000000
“ValueName”=”NoFileFolderConnection”
“DefaultValue”=dword:00000000
“HKeyRoot”=dword:80000001
“HelpID”=”TBD”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NOHIDE]
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer”
“Text”=”Show both parts but manage as a single file”
“Type”=”radio”
“CheckedValue”=dword:00000002
“ValueName”=”NoFileFolderConnection”
“DefaultValue”=dword:00000000
“HKeyRoot”=dword:80000001
“HelpID”=”TBD”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NONE]
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer”
“Text”=”Show both parts and manage them individually”
“Type”=”radio”
“CheckedValue”=dword:00000001
“ValueName”=”NoFileFolderConnection”
“DefaultValue”=dword:00000000
“HKeyRoot”=dword:80000001
“HelpID”=”TBD”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarricade]
“Type”=”checkbox”
“Text”=”@shell32.dll,-30510”
“HKeyRoot”=dword:80000001
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced”
“ValueName”=”WebViewBarricade”
“CheckedValue”=dword:00000001
“UncheckedValue”=dword:00000000
“HelpID”=”shell.hlp#51148”
“DefaultValue”=dword:00000000
— 2.3. Save Text Lines above as a Registry Entry File (file format: .reg) : “Fix_Folder_Options.reg“
— 2.4. “Merge” it into Windows Registry Database:
3. Show The Files that had been hidden by Virus
After The Registry Entry Files had been merged successfully into Windows Registry Database, Folder Options will be ‘Your own’, and All Hidden Files (including Hidden System Files) will be shown with their unchanged file attributes (hidden and system attributes).
Then, finally You can simply manually change their file attributes back to their original attributes by a free recommended software named Attribute Changer that can be downloaded from here or directly from here.
NOTE:
The Resident Virus must be killed first with trusted AntiVirus (as the easiest way) before You can merge the Registry Entry File above into the Windows Registry Database to Recover Folder Options, or It won’t Work since the Virus will put the Folder Options Setting back to the wrong way…
Related and Supported Topic:
Memunculkan File Yang Disembunyikan Virus
Gracias
Filed under: Malware, Portable Application, Recovery, Security, Software, Virus, Windows, Windows Registry, Windows Vista, Windows XP | Tagged: Application |
HENRY's BLOG 
Hey, the article is bit lengthy, all we need is a simple solution and easy to solve solution. Just check out the link I have provided. It uses softwares for all the registry work you have told. My solution releases all the problems created by now a day viruses and rootkits. Just with the usage of two tools, one of kbs and other few mbs, its easy to recover your system from different viruses which disable registry, task manager, folder options, control panel, firewall….
This is my first visit to this blog, and it grabbed my interest, but few Indonesian posts pushed me out, but still I have subscribed to u…
Please check out my blog and leave your valuable comments….
Bye…
Henry said :
Hey, Pavan Kumar,
Thank You for Your Important Information, Advice, and Comment.
Yup, You are absolutely right, the registry keys i’d written above are not just a bit lengthy, but really take too long to read out 🙂 be careful to be bored! 🙂 .
The core of of the content I’d written above is how to recover the WHOLE PARTS of Folder Options settings by our own BARE HANDS, not by a Single-Click-Tool although the such Tool is proven to be a good Shortcut — practical indeed.
I’d did that so just because I was afraid that the virus (especially from Indonesia that have a bad habit to play Folder Options settings) not only changes a little part of the default check box settings in Folder Options, but a large part of them, so I tried to afford the whole registry keys for 1. MANUAL RECOVERY and 2. E-LEARNING, with two hopes: People can recover their damage Folder Options by their own bare hands, and They will also have a little bit additional knowledge about Registry Keys String/Structure for Folder Options that can not be gained from a Single-Click-Tool.
Anyway, ThanX a Lot, Pal!
Thanks Hennry….very very thanks again…
If it is lenghty but sooo working article
Do not complante
farimarwat
Pakistan
Henry said:
You’re Welcome, Mr. FariMarwat!
Glad if You can get a benefit from the article.
just leave us the of specefic antivrus program which can kill this virus would u plz ….
wuiiiih…pokoknya gak ada kurangnya blog anda bang Henry!!
semua yang anda posting dan reviewkan sangat bermanfaat sekali……ZALUT.
Thank you again again and again…GBU.
i still have to check it at the customer end. If it works i will let you know…….
Hi Henry,
Again I am here to inform you that I have written one more step by step solution to clear the viruses affecting our computers. It is also a small handy article to read… You may check it out and recommend the same to your readers…. You can find it here:
http://www.techpavan.com/2008/05/04/solve-virus-malware-attack/
thank you very much!!!
Henry said:
You’re Welcome, Ahmed!
[…] OPSI 2 :: Lakukan Pemulihan Folder Options Settings (Folder Options Recovery From Virus Attack) dengan me-recover Windows Registry Keys yang telah dirubah Virus . Untuk keperluan ini, saya telah […]
I have made two tools to remove such viruser or worms that disable task manager or currupt folder options.
http://www.marwattimes.netfirms.com
this is website and here you can download tools for free to reset your registry
hey loz loz of tnx henry..
i am too lazy to go tru ur script but the registry value that u uploaded worked gr8 fr me..
thank you mate, i only needed the default values!
if my registry editor disabled by virus how to merge it
Henry said :
Please download and use Folder Options Recovery for Windows I had provided for public in this article. One of he Tool’s feature is Windows Registry Enabler/Disabler.
As a Note: Remove the resident Virus first before executing the Tool, so the change you made in Folder Options Recovery can be correctly applied since the active Virus may realtered the change made as its self-protection.
thx bro….i’ll try it at once…my second comp’s folder option has been disabled 2 months ago…sucks
thanks
Henry said :
You’re Welcome!
Thanks, your post helped me figure out what was wrong with my flash drive and recover my files.
Henry said :
U’re Welcome, Tim!
Hope you can get your all files back soon! But be careful, some virus does both hide and infect files. Just make sure to scan your all recovered files before you open them.
Hey thanks a Zillion…
Ths Software Has Saved Around 4hrs of formatting and reinstalling time for me…
Henry said :
You’re Welcome, Aajay! 🙂
Terima kasih banyak bung Henry…!
Tuhan memberkati anda, amen…
Salam
– Kris –
Henry said :
Terima Kasih Kembali Bung Kris! 🙂
GBU too, Amen…
thank you for uploaded program
Henry said :
You’re Welcome, Hossein! 🙂
Henry tks a lot. I worked with premier, my C drive was full with temp & archive , & I was not able to clear drive as there was no folder option. 8 digit reg ………….. saved a lots of time.
Henry said :
You’re Welcome, Aziz! 🙂
Yup! Adobe Products are totally awesome, but are totally ‘greedy’ of memory and space 🙂 – Some people say “no pain, no gain” 🙂 .
I think, It would be better for you to use some third-party application such as free “CCleaner” or another else to clean the annoying applications’ trashes that was left behind in the hardisk even though the application had been terminated correctly.. Even People who have Tera (Jumbo) Disk still cry over the applications’ trashes 🙂
hello,
thank you for your post (folder option recovery), that rescue my project data and time.
Henry said :
You’re Welcome 🙂
Bagus banget nih program!
Kebetulan folder options komputer saya hilang dirusak virus lokal.
THE BEST AND SIMPLEST SOFTWARE EVER dech!
Salute! Makasih banyak ya Mas!
Henry said :
Terima Kasih kembali 🙂