MntDrCore.exe is Worm!

[coolioWiZ]

I’m not much sure about what you mean by supper hidden. But when this virus wanted to hide files, it makes them both “system” and “hidden”. So if you want to unhide these files you have to use “attrib” command with both –H and –S operators.

$> attrib –H –S [path to file]

Some times isass.exe related viruses disable the ability of the user to unhide files though windows explorer. If isass.exe is not running in the background in this situation, there might be another process.

Most of the times it starts with letter ‘c’. The only real system process start with letter ‘c’ is “csrss.exe”. Try killing all other process start with letter ‘c’.

I'm sure there are no more instances of this worm on my computer. But I still can't view those files marked as system and hidden in explorer. I can unmark files set as system through the command line using attrib as you specified.
But still I can't view other system files in explorer.

As per sophos:

W32/SillyFDC-AJ also sets the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden
UncheckedValue
0

I think if I could reset this value, I'll get the ability to view files normally. Will I?

 

[thilina84]

No

No you can't. By setting it to '0' you can keep "Hide system files option" unchecked. But that do not show files attributed by (attrib +H +S) command.

 

[thilina84]

How to Show Hidden System Files

If you can’t view hidden system file in the usual way u used to do with explorer and you don’t need to use (Attrib –H –S), bcoz you want to keep change the attributes. (it dangerous to remove system attribute of your system files).

Try this method.

1. Go to folder options and select show hidden files.
2. Open regedit and go to HKEY_CURRENT_USER\Software\Mocrosoft\Windows\CurrentVersion\explorer\advanced
3. Change the value of ‘SuperHidden’ to 0
4. Change the value of ‘ShowSuperHidden’ to 1

Done

 

[coolioWiZ]

If you can’t view hidden system file in the usual way u used to do with explorer and you don’t need to use (Attrib –H –S), bcoz you want to keep change the attributes. (it dangerous to remove system attribute of your system files).

Try this method.

1. Go to folder options and select show hidden files.
2. Open regedit and go to HKEY_CURRENT_USER\Software\Mocrosoft\Windows\CurrentVersion\explorer\advanced
3. Change the value of ‘SuperHidden’ to 0
4. Change the value of ‘ShowSuperHidden’ to 1

Done

It worked! ! ! ! !

Thanks

 

[aruna47]

USE THE KASPERSKY INTERNET SECURITY. IT GOT THE VIRUS. I Unrar the File Then Kasperesky got the virus