Can you really recover from a trojan without reinstalling your operating system?

by on June 26, 2009

Q: I have root on my XP machine, it is my own machine, and it recently had a trojan on it. I have removed the trojan (after much grief), but a bizarre side-effect from the trojan is this that when you go to the ‘folder view’ menu, and you select ‘SHOW hidden files’ and ‘SHOW system files’, it allows you to select those boxes, and allows you to select APPLY, but when you close the window it simply ignores the request, and keeps them hidden.

Also, even though I have my searches set to ‘search hidden files’ it does not search them. I really do not want to reinstall my OS. Is there a way to view the hidden files in the command window? Or is there a way to change a regkey so that these files are no longer hidden? Do you know of any work-around?

Part of this is that I want to be able to actually LOOK for the any virus remnants, either in a command window, or in the gui.


3 Responses to “Can you really recover from a trojan without reinstalling your operating system?”
  1.  

    The only way to be 100% sure everything is cleaned up is to do a fresh reinstall of your operating system. If the system was compromised by a trojan there is no telling what other stuff might have been installed or settings have been screwed up.

    Next time (or if you have access to a clean pc) you can save yourself some time on your reinstall by making a slipstream of your OS install http://lifehacker.com/386526/slipstream-service-pack-3-into-your-windows-xp-installation-cd

     
  2.  

    Yes, thank you. I am aware that the only way to be really sure is to reinstall, but that simply isn’t going to happen. I am hoping that someone knows how to view hidden files from the command prompt. Or someone will know how to tweak the settings that makes them stay hidden, etc. Obviously whoever wrote the trojan knew how, so it MUST be possible. I’m just hoping someone will actually be able to tell me what that is.

     
  3.  

    Okay, here is a registry tweak that has worked for others with the same problem:

    http://www.holyplanets.com/forums/index.php?s=&showtopic=96544&view=findpost&p=543068

    Try at your own risk, here are directions to backup your registry to be extra safe: http://support.microsoft.com/kb/322756