Windows – What else besides a virus would keep turning on “Show Hidden Files” in WinXP


I've got a couple of machines that definitely recently had viruses and very likely still do.

I've run Norton AV, Radix RootKit remover, Sophos Rootkit remover, Spybot, Ad-Aware, CA Antivirus Plus, AVG, AntiVir, SysInternals Rootkit Revealer and none of them can find any more nasties on these machines.

I've even taken out the hard drives, stuck them in a USB drive casing and scanned them from another virus free machine. Still nothing.

The Windows "Show Hidden files/folders" setting however keeps turning itself on. You switch it off click OK and straight away it's back on again.

I've monitored the registry key for the setting with SysInternals RegMon and that revealed that the setting was being reset by explorer.exe as soon as I change it manually.

Like I said I'm fairly certain that there is still some sort of extra sneaky virus or root kit on these machines but I'm now investigating the remote possibility that the viruses are gone and something else is resetting the "Show hidden files" setting.

Any suggestions? I'd really like to avoid a reformat of these machines.

Best Answer

You may also want to monitor these registry entries:




A little bit of research shows a lot of viruses which tamper with all 3 registry entries. It is very likely there is still something on your system. Personally I don't feel safe using an OS after it's been compromised, even if a scanner picks up a lot of viruses and successfully removes them, who knows what it's left behind? If it is an option (even though you prefer not to), I would suggest you do a clean install. Immediately after all of your must-have programs and drivers are installed, make a backup image with Acronis True Image or Norton Ghost that you can fall back on. I would also suggest updating said backups frequently.

Related Question