# [Resolved] Files become hidden and can't unhide.



## Mullins (Jan 7, 2002)

Has anyone seen normal user created folders suddenly becoming hidden magically. And the folder property has the hidden property checked but grayed-out so it can not be unhide?

Background:
I recently did the latest critical updates for Window ME and also ran the McAfee Scan (ver 4.03) with the latest DAT file.
After everything was installed and checked I noticed some folders I made on the desktop were missing (deleted I thought). I did a file search and found them hidden on the desktop. (I then made all hidden files visible and there they were.)

Immediate Problem:
So, I tried to unhide it but the properties hidden check box was
checked and grayed-out...I could not uncheck it. So the folder can't be unhide.

I rebooted...probably not the best thing at the time...because
then I noticed more folders becoming hidden. Also, links in my Start-Program list began to disappear (ie., Accessory, System, Game...) mainly because those folders were becoming hidden as well. [Note: for awhile more folders became hidden after reboots
or accessing the folders.]

I did run Scandisk to check the harddrive and it would run for
awhile then seem to sit for ever....I would cancel and rerun and
then it would be fine.

I have recently ran scandisk, defrag, regscan, etc. and everything seems fine. All in all several folders here and there became hidden and I tried to unhide them but the hidden button is grayed out.

System Stable:
It seems that no additional folders have become hidden since that day12/23. No virus was found and no other problem has occured. I don't know what made the folders permenately hidden.

Has anyone seen this happen? Any suggestions to unhide these folders?


----------



## eddie5659 (Mar 19, 2001)

Hiya and welcome

Well, this is a strange one. One thing I can think of is a trojan, but then you did do the scan. Apart from that, it may be a spyware program conflicting with other programs.

Go here and downlaod AddAware www.lavasoftusa.com
Install and run, ensuring that Deep Registry Scan is enabled. Remove all except any references to Web3000 or new.net. If you're unsure, copy/paste the list.

Whilst you're there, get RefUpdate. Install and run to get the latest updates.

Also, what is your OS?

Plus, lets have a look at those startup programs.

Go to Run and type MSINFO32. On the left choose Software Enviroment, then Startup Programs. Copy/paste the list here.

Regards

eddie


----------



## Mullins (Jan 7, 2002)

Hello and Thank you,

I added the Ad-aware and RefUpdate files.
The run did the deep reg scan and found some
suspicious files:

Log files from Gator, WhenU, 
DSSAgent key:HKEY_LOCAL_MACHINE\software\broderbund software\dss\
Gator key:HKEY_LOCAL_MACHINE\software\gator.com\
SaveNow key:HKEY_LOCAL_MACHINE\software\whenu\
SaveNow key:HKEY_CLASSES_ROOT\wusn.1\
Web3000 key:HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\stashedgef
Web3000 key:HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\stashedgmg
DSSAgent key:Software\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\BBStore\DSS\DSSAGENT.EXE

Ad-aware pretty much deleted all the unwanted files and
then initialized the following. Also, it went through all my
cookies and deleted a bunch of site counter cookies.

Initializing:Web3000,2,HKEY_LOCAL_MACHINE,2,software\microsoft\windows\currentversion,stashedgef,
Initializing:Web3000,2,HKEY_LOCAL_MACHINE,2,software\microsoft\windows\currentversion,stashedgmg,
InitializingSSAgent,2,HKEY_LOCAL_MACHINE,2,Software\Microsoft\Windows\CurrentVersion\SharedDLLs,C:\WINDOWS\BBStore\DSS\DSSAGENT.EXE,

I hope this means I didn't have any spyware loaded.

Oh, here is the msinfo32 startup. I am running Windows Me.
Adaptec DirectCD	c:\progra~1\adaptec\directcd\directcd.exe
AvconsoleEXE	c:\program files\network associates\mcafee virusscan\avconsol.exe
CreateCD	c:\progra~1\adaptec\easycd~1\createcd\createcd.exe -r
QuickTime Task	c:\windows\system\qttask.exe
SystemTray	systray.exe
TaskMonitor	c:\windows\taskmon.exe
Vshwin32EXE	c:\program files\network associates\mcafee virusscan\vshwin32.exe
Vshwin32EXE	c:\program files\network associates\mcafee virusscan\vshwin32.exe
VsStatEXE	c:\program files\network associates\mcafee virusscan\vsstat.exe /showwarning

Thanks for the links to the neat programs. 
Mike


----------



## eddie5659 (Mar 19, 2001)

Okay

You have Web3000 and Gator.

Go to AddRemove and uninstall Gator. Now, to uninstall Web3000 you need to find the software that has installed it.

Now, I have a link at home, but I don't have my bookmarks here at work. So, go here and see if you have any of the programs listed.

http://www.suttondesigns.com/EnigmaBrowser/Spyware.html

When I get back, I can search on Web3000 and find the culprit.

When the program has been found, we can uninstall it and then go on. DON'T remove anything with AddAware at the moment.

Regards

eddie


----------



## Mullins (Jan 7, 2002)

Hello,
Good news...
The hidden property on my personal folders can now be
changed. They are no longer grayed-out. Most were
converted to READ only from hidden ....

Your suggestions to run Ad-aware and remove
the WEB3000 seemed to make this possible.

I checked some webpages on how to remove Web3000
and took care the rest. 

Ad-aware finds no suspicious files currently. (It does
occasionally remove some double-click cookies.)

All my folders-files have been changed to normal attributes...
(which means all my files are currently not read only,
not hidden, and not archived). I will have to see which
ones I will hide and make read-only later. Especially
my winsock.dll.....

Thanks again,
Mike


----------

