Undo Virus Hidden File Activity Without flash Disk Formatting

Introduction

At times you may have inserted your flash disk into a virus manifested computer and realize that all your files and folders become shortcuts, further to this the shortcut locate to your original files that have now been set hidden to your flash.

Looking at the properties, you may find that the size in your flash disk is all the same.

I am now going to show you how to revert all this through command prompt.

Steps

Click on start button and click Run. 

1.      Type Cmd on the run dialog box and press Enter. A command prompt appears where we have to type the commands. Double click on the title bar to maximize the command prompt or else press Alt+D+Enter to work with a full screen.

2.      On the command line, type the drive letter that you need to recover the files from e.g. H: and press enter. The entry point of your command should now read the drive letter.

3.      Type "dir /a:h" (without the quotes) and press Enter. Dir is the short for directory while "/a:h" is a switch used to display only the hidden files. Otherwise, /a only will enable the display of all the files and directories in the drive including the unhidden ones. If no hidden files are in the drive, typing /a:h will indicate directory not found.

4.      Having seen the hidden items, we need now to make them be displayed in windows by removing the hidden properties. Now type, attrib -h -s -r *.* (notice the spaces) and press Enter. Attrib is the short for attribute while -h is to remove any hidden property on the files, -s to deactivate any properties set as system files while -r removes the read-only properties. *.* represents a string of characters for the names of the items in the drive. Most viruses will come with the above properties turned on so that you can't delete them easily.

5.      Incase of a suspicious file and you may need to delete it, type del (file name together with the extension) and press Enter. e.g. del xyzg.inf

6.      Type Exit and press Enter to escape the cmd window. When you try to access your drive now from My Computer, you will notice that the items have been restored and thats it buddie!!! you have your data back.

NB : my as parameter will allow for the folder to be unset as hidden