Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
A customer of mine brought in a Vista computer with the empty Startup folders, etc... I quickly located the smtmp in the user temp folder. It contained smtmp 1, 2, and 4. It did not contain smtmp 3.
However, smtmp 2 and 4 were both empty and smtmp 1 contained only folders. All the right folders were there but they were empty. I ran Unhide twice. MalwareBytes removed several malwares. But, I still could not locate the contents of the individual folders.
Is it possible that one virus rewrote the smtmps after everything was already hidden?
One more thing to add here. This customer signed up for a program called Swag Bucks that claims to pay you for surfing the web. The CouponsBar was installed at the same time. I had to uninstall CouponsBar twice as it quickly returned the first time.
I painstakingly rebuilt most of the shortcuts or copied them from their other computer. But I would like to know if there was another way. I do not have any attachments to include as they needed the computer back quickly to run their business accounting.
Thanks,
Ron
Back to top
