You are on page 1of 1

What I really think is this : i) The virus hide all the .doc files with the +h +s attribute.

+h means "h"idden file attribute/properties +s means "s"ystem file attribute/properties, also will grey out "hidden" option. ii) Then it create multiple .exe copies of itself and used all the hidden .doc f ilenames. So the actual .doc file is hidden while all the .exe are FAKES. Renaming these fake files into .doc do not solve anything and these FAKES will c ause MSDOS command shotcuts to be created. Set the Explorer view to -> Details and see if all these .exe are same size. If they are same size & quite small 100% confirm FAKES. The solution is to use the command prompt. Lets say your pendrive is F: Use these commands. C:\> f: F:\> attrib -h -r -s /S This -h = -r = -s = /S = command will set all files as "not" hidden "not" read only "not" system process include current folder & all subfolders.

Then you will see all the files are unhidden from your pendrive. Microsoft Windows 2000 and Windows XP syntax Displays or changes file attributes. ATTRIB /D]] + R A S H /S /D [+R -R] [+A -A ] [+S -S] [+H -H] [[drive:] [path] filename] [/S [

Sets an attribute. Clears an attribute. Read-only file attribute. Archive file attribute. System file attribute. Hidden file attribute. Processes files in all directories in the specified path. Process folders as well.