Help
Hello,
I'm working on a computer and the person had the "Windows XP Recovery" virus. We got the system free of malware, but one of the things it did was hid many of the programs, and even now with the virus gone it the programs are still missing.
I know they are still there. Microsoft Word was one of the missing programs, but I was still able to open the program by opening a word document.
How can I find where they are hidden and return them to their proper spot?
Thank you in advance.
Markevens
Page 1 of 1
"Windows XP Recovery" hid programs. How do I bring them back?
Back to top
#2
- Agent ST
-
- Group: Malware Response Team
- Posts: 12,662
- Joined: 15-March 09
- Gender:Male
- Location:Antarctica
Posted 02 June 2011 - 01:48 PM
Hi!
Try this:
Please download UnHide.exe by Grinler.
It will unhide folders/files that were set to be hidden by the infection you had.
NEXT:
Let me know if your items have been restored.
Try this:
Please download UnHide.exe by Grinler.
It will unhide folders/files that were set to be hidden by the infection you had.
NEXT:
Let me know if your items have been restored.
Have I helped you? If you'd like to assist in the fight against malware, click here 
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
#3
- New Member
-
- Group: Members
- Posts: 13
- Joined: 01-June 11
Posted 04 June 2011 - 07:15 PM
Sweettech,
Thanks for the help. Unfortunatly, the Unhide did not show programs that were not previously shown.
Thanks for the help. Unfortunatly, the Unhide did not show programs that were not previously shown.
#4
- Agent ST
-
- Group: Malware Response Team
- Posts: 12,662
- Joined: 15-March 09
- Gender:Male
- Location:Antarctica
Posted 04 June 2011 - 08:11 PM
Try this;
This is a manual fix for XP users:
1. Copy the entire content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\1
and paste it to this folder:
C:\Documents and Settings\All Users\Start Menu
2. Copy the entire content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\2
and paste it to this folder:
C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch
3. Copy the entire content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\3
and paste it to this folder:
C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
4. Copy the entire content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\4
and paste it to this folder:
C:\Documents and Settings\All Users\Desktop
If the above does not work then you can restore the defaults for the Start Menu, Accessories and Administrative Tools as follows:
For any other missing program shortcuts you will probably need to reinstall the application or manually create new shortcuts.
This is a manual fix for XP users:
1. Copy the entire content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\1
and paste it to this folder:
C:\Documents and Settings\All Users\Start Menu
2. Copy the entire content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\2
and paste it to this folder:
C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch
3. Copy the entire content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\3
and paste it to this folder:
C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
4. Copy the entire content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\4
and paste it to this folder:
C:\Documents and Settings\All Users\Desktop
If the above does not work then you can restore the defaults for the Start Menu, Accessories and Administrative Tools as follows:
- Restore Accessories Program Files Menu with accrestore.zip for XP
- Extract (unzip) the tool, double-click on it to run and ensure that the following check boxes are checked (as shown below):
- Then click on the Restore button.
- Extract (unzip) the tool, double-click on it to run and ensure that the following check boxes are checked (as shown below):
- Restore Admin Tools Program Files Menu with admintools.zip for XP
- Extract (unzip) the tool, double-click on it to run and click on Restore Administrative Tools Items (as shown below):
- Then click on the Restore button.
- Extract (unzip) the tool, double-click on it to run and click on Restore Administrative Tools Items (as shown below):
For any other missing program shortcuts you will probably need to reinstall the application or manually create new shortcuts.
Have I helped you? If you'd like to assist in the fight against malware, click here
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
#5
- New Member
-
- Group: Members
- Posts: 13
- Joined: 01-June 11
Posted 04 June 2011 - 08:31 PM
Thanks again sweettech, you are giving awesome help.
The smtmp folder was not in the temp files for any of the user accounts. It may have been wiped out from the virus removal. The following is from a report the person who removed the virus gave the person:
The full report is as follows:
The smtmp folder was not in the temp files for any of the user accounts. It may have been wiped out from the virus removal. The following is from a report the person who removed the virus gave the person:
Quote
The following actions were taken:
-[snip]
- Temporary files were cleaned up across the system.
-[snip]
- Temporary files were cleaned up across the system.
The full report is as follows:
Quote
Service Report:
We scanned all critical system files and running processes on your PC with our specialized tools. We also manually reviewed all system error reporting, startup programs and processes, and installed software. Components such as your system registry, data files, and programs were all reviewed.
During these scans and manual audit of your PC, we found the following:
- Malware.Packer.GenX
- PUM.Disabled.SecurityCenter
- PUM.Hijack.DisplayProperties
- PUM.Hijack.TaskManager
- Trojan.FakeAlert
- Trojan.FakeAlert.Gen
______________________________________________
The following diagnostic steps were performed:
- Automated and manual scanning were used to identify any Malware/Viruses on the system.
- Windows Security and Update settings were verified.
- Antivirus applications were checked.
- Devices and drivers were checked.
- Error logs were checked.
- Installed software was checked.
* Hardware checks
- Memory
- Storage space
- Conflicts
* Performance checks
- Running processes
- Startup processes
- Startup services
* Vulnerability checks
- Status of anti-virus software
- Status of anti-spyware software
- Status of firewall
- Status of Windows Auto-Updater
_____________________________________________
The following actions were taken:
- All Trojans, Rogue Anti-Virus applications, and Malware were removed from your system.
- All Adware was removed from the system.
- All of your security settings were restored to their original configurations.
- Windows Updates were set to Automatic.
- A Clean System Restore Point was created.
- Your System and Startup Programs and Applications were optimized.
- Temporary files were cleaned up across the system.
A new system restore point (clean system restore) has been created for you. If you should encounter any malware infections in the future, you may revert your system back to this restore point in order to alleviate the symptoms of the malware.
We scanned all critical system files and running processes on your PC with our specialized tools. We also manually reviewed all system error reporting, startup programs and processes, and installed software. Components such as your system registry, data files, and programs were all reviewed.
During these scans and manual audit of your PC, we found the following:
- Malware.Packer.GenX
- PUM.Disabled.SecurityCenter
- PUM.Hijack.DisplayProperties
- PUM.Hijack.TaskManager
- Trojan.FakeAlert
- Trojan.FakeAlert.Gen
______________________________________________
The following diagnostic steps were performed:
- Automated and manual scanning were used to identify any Malware/Viruses on the system.
- Windows Security and Update settings were verified.
- Antivirus applications were checked.
- Devices and drivers were checked.
- Error logs were checked.
- Installed software was checked.
* Hardware checks
- Memory
- Storage space
- Conflicts
* Performance checks
- Running processes
- Startup processes
- Startup services
* Vulnerability checks
- Status of anti-virus software
- Status of anti-spyware software
- Status of firewall
- Status of Windows Auto-Updater
_____________________________________________
The following actions were taken:
- All Trojans, Rogue Anti-Virus applications, and Malware were removed from your system.
- All Adware was removed from the system.
- All of your security settings were restored to their original configurations.
- Windows Updates were set to Automatic.
- A Clean System Restore Point was created.
- Your System and Startup Programs and Applications were optimized.
- Temporary files were cleaned up across the system.
A new system restore point (clean system restore) has been created for you. If you should encounter any malware infections in the future, you may revert your system back to this restore point in order to alleviate the symptoms of the malware.
#6
- Agent ST
-
- Group: Malware Response Team
- Posts: 12,662
- Joined: 15-March 09
- Gender:Male
- Location:Antarctica
Posted 05 June 2011 - 10:23 AM
Hi!
Did you scroll down and read the instructions that start here: "If the above does not work then you can restore the defaults for the Start Menu, Accessories and Administrative Tools as follows:"?
Did you scroll down and read the instructions that start here: "If the above does not work then you can restore the defaults for the Start Menu, Accessories and Administrative Tools as follows:"?
Have I helped you? If you'd like to assist in the fight against malware, click here
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
#7
- New Member
-
- Group: Members
- Posts: 13
- Joined: 01-June 11
Posted 05 June 2011 - 07:47 PM
SweetTech, on 05 June 2011 - 10:23 AM, said:
Hi!
Did you scroll down and read the instructions that start here: "If the above does not work then you can restore the defaults for the Start Menu, Accessories and Administrative Tools as follows:"?
Did you scroll down and read the instructions that start here: "If the above does not work then you can restore the defaults for the Start Menu, Accessories and Administrative Tools as follows:"?
Sorry, I should be more specific in my replies.
Yes, I did everything on the list.
the \smtmp file is not in the temp folder. I also checked to see if it was hidden but it was still not there.
The restore accessories and restore admin programs did not make any changes.
I should also be more exact in my description. It appears that about 1/2 of the programs from the All Programs start menu list are missing, but they are not important to the computer owner. Many of the remaining programs have empty files in the start menu , but when I go to the actual location in the program file, the application icon is there and works normally. Here is a screenshot for clarity: http://i.imgur.com/Na6hc.png
All we would like to do at this point is to get the application shortcut icons in the start menu folders.
#8
- Agent ST
-
- Group: Malware Response Team
- Posts: 12,662
- Joined: 15-March 09
- Gender:Male
- Location:Antarctica
Posted 06 June 2011 - 03:13 PM
The easiest method for restoring those items in the start menu would probably be to re-install the applications.
Have I helped you? If you'd like to assist in the fight against malware, click here
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
#9
- New Member
-
- Group: Members
- Posts: 13
- Joined: 01-June 11
Posted 06 June 2011 - 05:39 PM
SweetTech, on 06 June 2011 - 03:13 PM, said:
The easiest method for restoring those items in the start menu would probably be to re-install the applications.
Is there a way to get the icons back without re-installing all the software?
Thank you for all the help you've given by the way, even though we haven't gotten far yet.
#10
- Agent ST
-
- Group: Malware Response Team
- Posts: 12,662
- Joined: 15-March 09
- Gender:Male
- Location:Antarctica
Posted 06 June 2011 - 06:11 PM
markevans,
I have instructions for manually re-creating them, but it's geared for Vista/7.
You can try it and see if it works for you;
The following is compliments of Broni.
I have instructions for manually re-creating them, but it's geared for Vista/7.
You can try it and see if it works for you;
The following is compliments of Broni.
Quote
To manually recreate "All Programs" entries, follow these steps...
In this example I'll recreate an entry for Avast antivirus program.
NOTE. Make sure, you right click on Avast program, NOT on Avast folder.
Due to the damage caused by the infection, you'll find "Target" box empty.
In case, program's link shows as (empty):
Alternatively....
...you paste that shortcut in:
(XP) - C:\Documents and Settings\All Users\Start Menu\Programs\Avast
(Vista/7) - C:\Program Data\Start Menu\Programs\Avast
- Download App Paths
- Double click on AppPaths.exe to run the program.
- Keep the program open.
In this example I'll recreate an entry for Avast antivirus program.
- Go Start>All Programs.
- Right click on Avast entry, click "Properties".
NOTE. Make sure, you right click on Avast program, NOT on Avast folder.
- You'll see this window:
Due to the damage caused by the infection, you'll find "Target" box empty.
- Go back to AppPaths window and find Avast entry.
- Right click on Avast line, click "Edit".
- A pop-up window will open:
- Highlight everything in "Path" box, right click on it, click "Copy"
- Go back to Avast "Properties" window, right click inside "Target" box, click "Paste".
- IMPORTANT! Add quotation marks at the beginning of the path and at the end
- Click OK and you're done.
In case, program's link shows as (empty):
- Open Windows Explorer, navigate to Avast folder in Program Files
- Right click on Avast ".exe" file, click "Create shortcut":
- Copy that shortcut, go back to Start menu.
- Right click on avast!Free Antivirus, click "Paste".
- You'll see Avast shortcut recreated replacing (empty) entry.
Alternatively....
...you paste that shortcut in:
(XP) - C:\Documents and Settings\All Users\Start Menu\Programs\Avast
(Vista/7) - C:\Program Data\Start Menu\Programs\Avast
Have I helped you? If you'd like to assist in the fight against malware, click here
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
#11
- New Member
-
- Group: Members
- Posts: 13
- Joined: 01-June 11
Posted 07 June 2011 - 11:20 PM
This is perfect. After some playing around I found the manual way myself (the second method you posted) and came to share it.
After an hour of creating shortcuts and folders I've finally gotten all the programs in the start menu, except for one.
I can't find windowsupdate anywhere. Even searching the computer isn't finding anything. Do you know where it should reside in the windows files?
After an hour of creating shortcuts and folders I've finally gotten all the programs in the start menu, except for one.
I can't find windowsupdate anywhere. Even searching the computer isn't finding anything. Do you know where it should reside in the windows files?
Share this topic:
Page 1 of 1