The file hiding technology is one of the most common techniques for spreading Trojans and viruses. It uses the unfamiliar features of most users on basic operations to escape users' discovery and inspection, the standard setting method for displaying hidden files is used by all users. Once hidden problems are combined with virus Trojans, such as typical autorun viruses, such simple settings may not be able to view the hidden content. This article describes how to use hidden files in the sequence from Standard settings to virus cleanup.
I. Basic settings for displaying hidden files
For example, on Windows XP (other Windows Vista, Windows 7), we know that there are some system hidden files on drive C. Below we will use drive C as an example to demonstrate this, the location is in the menu tool-Folder Options.
Click Open to unhide the protected operating system files (recommended) and all files and folders in sequence, and click OK.
Then we can see the hidden files (system hidden files) under drive C. If you need to view files in other drives or folders, the method is similar.
The above are all very simple methods, but in actual use, it is often ineffective. Common phenomena are as follows:
1. After setting "show all files and folders", the system automatically jumps back to "do not show hidden files and folders", which means the modification is invalid. Hidden Files cannot be viewed at all.
2. The above settings are all OK, but the hidden files still cannot be viewed.
We need to try the following method.
2. Display hidden files by modifying the Registry
In start -- run, enter regedit and find [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden]. There are two table items under this item: NOHIDDEN and SHOWALL, among them, NOHIDDEN is the setting item that does not show hidden files, and SHOWALL is the setting item that shows all files.
Only when the CheckedValue under the SHOWALL table item is set to 1, the display setting through the folder above will be valid. If the CheckedValue is 0, the preceding options will be invalid, that is, the hidden files will not be displayed (only the above settings are valid ). That is to say, the CheckedValue permission is higher than the preceding two settings.
If you delete the Text key values under the NOHIDDEN and SHOWALL tables @ shell32.dll,-30500 and @ shell32.dll,-30501, in this case, the folder options in the preceding section will contain missing settings for hidden files and cannot be selected. However, you generally do not need to do this, just remind everyone to check whether the key value exists if the display setting item is not displayed in the folder selection.
There are also the following relationships:
If the CheckedValue under [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden \ NOHIDDEN] is set to 1, whether or not the Hidden files are displayed in the Folder options, the results show hidden files. CheckedValue is set to 0. The folder option setting takes effect completely (it seems that 2 can also be used ).
After the above settings, will the hidden files be displayed? Not necessarily, if it is a virus or Trojan (some special junk software also like this), the virus programs that may be loaded will monitor the changes to the registry location at any time, maybe the virus will be modified immediately after you modify it, so we need to first consider clearing the virus.
Iii. virus detection and removal
When you find that each time you modify a configuration, and then enter and go back again, you need to suspect that there may be viruses or Trojans on the host, and you need to clear them first, after cleaning up the virus, you can use the above method to check it.
4. Why can't some hidden file attributes be canceled?
When we view some hidden files, this hidden property may not be able to cancel the hidden state.
This is because the file has system attributes, that is, it is considered a system file. We can use:
Attrib C: \ metsky.txt-h-s command to remove system properties. after removal, you can see that the Properties window has been opened.
Of course, you can also follow the following steps:
Attrib C: \ metsky.txt + s + h to add system attributes.