A lot of users lately told me that a System Check virus is hiding their files and icons. Here’s how you can quickly unhide all of your files with a few commands.

Unhide System Check Virus Files

Tip: The following tutorial is intended for beginners. If you are new make sure to follow the links to get more detailed explanations. e.g. how to open a cmd prompt with elevated rights

You can use the Windows folder settings to unhide hidden system files (Unhides protected operating system files), but viruses use file attributes to hide files, so it’s a little more complicated to unhide them.

Using CMD To Modify System Attributes (Hidden + System)

1. Step Open an elevated command prompt – if you are new to cmd, read this guide how to launch a cmd prompt with admin rights

2. Step Next we are going to enter a command that will quickly unhide all files that the System check virus and many other clones hide from you

attrib -h C:\*.* /S /D

Enter it exactly as seen above. What it does is basically remove the attributes “hidden”  from all files on your C: drive. If your main drive is not C: then replace C: with the drive letter of the partition where your Windows folder is e.g. D:, E:, F: and so on. This will make sure files that viruses like System Check hid on your hard drive will be visible again.

Your main drive is always the drive with a folder called Windows – in most cases this will be C:, however if the person that administrates your PC (if that is not yourself) decided to install Windows on D: then you will have to replace the letter. It would look like this:

attrib -h D:\*.* /S /D
attrib -h E:\*.* /S /D

If you are unsure, you can simply run them all. In some special cases, it is possible that the virus is also using the +s attribute on virus files, which means it’s trying to make the infected files “system files” to make you believe they may not be deleted .

If you want to remove the system attributes from all your files you can add the -s switch:

attrib -s -h C:\*.* /S /D

Tip: Testing How The Unhide Command Works

Testing Unhide Files And Folders Via System Attributes

Before you run the commands above it might be a good idea to see how the attrib command works. Create a folder test on D: and run various queries on that and change the folder attributes. The paramters /S /D are there to process all folders and files in the path as well. As mention -s removes system file attributes and -h unhides files.

The System Check virus may have other clones that improved the hiding process or uses other ways to create fake files or remove icons.