ComboFix messed up with hidden folders?

Hi, first of all sorry for my english, is not very good.

Well the problem is that i was infected with Whistler Bootkit so i posted my problem is an experts forum of my language and the expert who assisted me told me to use Malawarebytes and ComboFix, after using it i noticed an Internet Explorer icon in my deskop who wasn´t there before using ComboFix so i asked to the expert about this icon but he didn´t answer me (at this point i didn´t notice the problem with folders unhidden, only the Internet Explorer icon) so the expert told me to use a program called MbrFix to eliminate the BootKit and told me to go to "Tools -> Folder Options -> View tab" and configurate it to show everything, that means checking "Show all hidden files and folders" and unchecking "Hide protected system files" and "Hide file extensions", and after this then boot in Safe Mode and run the MbrFix.exe to fix the mbr.

So after doing all of these steps and restoring the configuration of the "Tools -> Folder Options -> View tab" to the default to not show nothing i come and found that my RECYCLER folders wasn´t hidden.

I have 3 partitions and 2 Drives, Drive 1 have C: and Drive 2 have G: and H:.
The RECYCLER folder from C: is fine, but the ones from G: and H: are unhidden and even the attribute "Hidden" from the folders properties is unchecked, so i checked it to convert the folders back to hidden, but looks like these folders are not just simple hidden folders, looks like are hidden protected system files so even checking the "Hidde" attribute the folders are visible with the option "Show all hidden files and folders" activated:
http://img708.imageshack.us/img708/8199/hidden3i.jpg
but the C: one not, the C: one is only visible when the option "Hide protected system files" is unchecked and as you can see in the image the C: one have the "Hidden" attribute greyed out but the G: not.

And not only that, files from the folder WINDOWS looks like are messed up too with the hidden or not hidden attributes.

These are some images of the folders RECYCLE im talking about:
RECYCLER FOLDER of C: (appear as hidden "look at the transparency" and the HIDDE attribute is selected and not selectable"
http://img822.imageshack.us/img822/2051/hidden1.jpg

RECYCLER FOLDER of G: and H: (appear as not hidden "not transparency" and the HIDDE attribute is not selected)
http://img707.imageshack.us/img707/8126/hidden2.jpg

(The image is from G: but its the same on H

These images are taken with the "Tools -> Folder Options -> View tab" options configurated to show everything and the "Hidde" folder attribute of G: and H: folders not checked as it was in the first place.

Now with the attribute checked and only the "Show all hidden files and folders" activated the folder of C: is not visible but the rest are, that´s why i really think is because the RECYCLER from C: is a hidden system protected file and dont show up until the "Hide protected system files" is unchecked when the G: and H: are not because ComboFix changed the tiype of files or something.

This is a image from WINDOWS folder with everything from "Tools -> Folder Options -> View tab" configurated to not show anything:
http://img837.imageshack.us/img837/5400/hidden4.jpg


The expeto told me to unistall ComboFix and delete MbrFix.exe and i did and asqued him about the problem with the Internet Explorer icon and the folders but he have not answered my question.

I hope you guys can help me.

I have a copy of the ComboFix log if neccesary.

Thank you.

 

Oh im really sorry for posting in the wrong section, i just found a similar post in this section and and because i think the problem was originated by ComboFix I thought it was the right section, sorry again.

And thank you for the answer i really appreciate it, thank you very much.

Do you know if this was caused by the ejecution fo ComboFix?
Im going to do that command right now to see if it solves my problem, in case i find more problems or something what i need to do, reply again here or open another threat in the right section?

Thank You.

 

Yeah thank you very much, it worked like a charm.


I unistalled ComboFix as the expert told me, "start > run - ComboFix /Uninstall"

I just found two new desconfigurations, one is the the "adjust to line" option on notepad and another one is the location in the registry of Wordpad, the correct registry key for Wordpad is ""%ProgramFiles%\Windows NT\Accesorios\WORDPAD.EXE" and it was changed to "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

My sistem is in Spanish, Accesorios is Accessories in Spanish so i guess ComboFix just changed it to the default location but the English default location.

From now i only found these 3 desconfigurations and all of them are after using ComboFix, im still searching for more because im sure that if ComboFix or whatever desconfigured these 3 things maybe desconfigured more files, folders, registrys or other things the problem is that i need to find the desconfigurations manually and its hard.

I agree with you that a lot of people use this tool (ComboFix) every day but i don´t know maybe because my system is in Spanish or maybe because i aborted the ejecution of ComboFix the first time at the mddle of the Scan or something made ComboFix to not undo correctly the settings, but i can´t be sure.

Thank You.

 

Thank you again for the answers.

Is not the correct command? then the expert who assisted me is giving the bad unistall command to all the forum because he give the same way to unistall ComboFix to all the people he assist.

This is the exact thing the expert told me, i translated it to english:

Code:

Unistall (if you want) the tool MBRCheck and the files MBRFix.rar, C:\MbrFix.exe and G:\MbrFix.exe


Unistall CF with the next steps:
Go to Start > RUN
And write the following: ComboFix /Uninstall like showed in the image bellow:

http://www.forospyware.com/images/adv/CF_Cleanup.png

This will start the unistaller of ComboFix opening the main window and after some seconds you will see ("ComboFix is uninstalled")

If that is an incorrect way of unistall ComboFix maybe that caused my system to be desconfigured, that and maybe because of Windows being in Spanish.

I found another problem, the time clock is not automatically synchronized when Windows start, everytime Windows start the clock is at the time i shuted down Windows and i need to synchronize it manually.

I already posted the problem in bleepingcomputer.com, the answer was reparing Windows and a link to the ComboFix FAQ, maybe i need to try again in another section (i posted the problem in the Windows XP section) and telling them the new problems i found and see if they can be more expecific in what caused these problems to be sure if it was ComboFix or not.

And again i want to thank you because your command " attrib +s +h G:\Recycler" solved the folders problem just like i wanted and i apreciate so much your help because you are the only one who is really helping me, atleast the folders problem was solved thanks to you, so thank you.

 

Ah ok, then i think is correctly unistalled because the icon and the folders are gone.

Im considering that too (the residual damage) but only for the time clock problem, the hidden folders problem was exactly after using ComboFix, that´s why i think the problem comes from ComboFix.

It´s Ok, the problem was "only" a OS infected with Black Internet / Whistler Bootkit and the steps to remove it where Scaning with MalawareBytes (no results), Scaning with ComboFix (2 times, the first time the scan was aborted when ComboFix started to delete files, no results too) and the last one was using a program called FixMbr.

At first i was going to ask help about the Whistler Bootkit here because when searching info about the infection i found that this site was the best one with more info about the bootkit and resolved posts with the same infection as mine, but because of my english i decided to go to a site of my language (bad decision).

Maybe im not explaining this clearly as you say, is complicated for me explain the things as i want because of my limited english, sorry.

Im gonna try to put it simple:
If i shut-down the PC at 12:00pm then when i start the PC the clock is set to 12:00pm, even if the real time is 7:00am.

But i think this is happening to the BIOS clock too so i have to check it out because maybe is the mobo battery.

Yeah i expected that too.
I posted the problem in the "Windows XP" section and maybe that and my lack of being able to explaning the problem because of my english caused the short answer, maybe i need to post it again with a better explanation in another section, the malaware section maybe, to see if then they can see my problem more in deep.



Anyway i think that there are not more problems than the 3 ones i already mentioned (the hidden folders, the clock, the incorrect location -english location- in the registry of Wordpad) and with the first one already fixed thanks to you, the Wordpad one already fixed too (i manually changed the route to the correct location) and the clock one maybe being a problem with the battery as i said i think the best i can do is format the HDD one of these days when i find a way to backup the data and terminate and mark this thread as solved.

Again thank you very much for your time and your help, you helped me so much and i appreciate so much the attention you has given me.

Thank You.