BleepingComputer.com: Help unhiding files after Vista Repair virus

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Help unhiding files after Vista Repair virus

#1 User is offline   rachymac 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 3
  • Joined: 19-June 11

Posted 19 June 2011 - 02:37 PM

I had posted this in another thread, but was told to start my own...

My computer was infected yesterday with the Windows Vista Repair virus - thanks to tutorials on this website I was able to get rid of it, but I can't seem to recover all the hidden files. The files which had disappeared from my desktop have returned, but my 'front' start menu is empty, and my control panel has disappeared - when I click on it it simply opens an empty box with nothing in it.

I have run unhide.exe - it said "Your files should now be visible" but all this brought back was the aforementioned desktop files and programs. It said to remove any other anti-virus or anti-malware which may have interfered with it, which I tried doing using the instructions on the Micrososft Essentials website, which said to run appwiz.cpl to find and disable them. However, becuase my control panel has disappeared, nothing happens when I try running this!

Any help would be greatly appreciated!

#2 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,165
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 19 June 2011 - 05:55 PM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :dir
%Temp%\smtmp /s


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#3 User is offline   rachymac 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 3
  • Joined: 19-June 11

Posted 20 June 2011 - 11:10 AM

Just copied the whole thing, cos none of it means anything to me:



SystemLook 04.09.10 by jpshortstuff
Log created at 17:09 on 20/06/2011 by Rach
Administrator - Elevation successful

========== dir ==========

C:\Users\Rach\AppData\Local\Temp\smtmp - Parameters: "/s"

---Files---
None found.

C:\Users\Rach\AppData\Local\Temp\smtmp\1 d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\PAV d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Accessories d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Adobe d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Amazon d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Amazon\Amazon MP3 Downloader d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\AVIcodec d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\BookSmart d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Delta d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Delta\DirectPlay d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Extras and Upgrades d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Games d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Google Chrome d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\HP d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\HP\Photosmart B109a-m d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\iTunes d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Maintenance d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office 2010 Tools d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\My HP Games d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Online Services d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Panda Antivirus + Firewall 2008 d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\QuickTime d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Recovery Manager d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\RegVac Registry Cleaner d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\SharePoint d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Skype d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Startup d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\SureThing d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Tablet PC d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\2 d------ [12:21 18/06/2011]
Apple Safari.lnk --a---- 2265 bytes [16:41 18/12/2008] [14:42 17/02/2011]
desktop.ini --ahs-- 346 bytes [15:53 14/11/2008] [20:08 09/09/2010]
Google Chrome.lnk --a---- 1955 bytes [18:10 21/09/2010] [18:10 21/09/2010]
Internet Explorer.lnk --a---- 949 bytes [20:08 09/09/2010] [20:08 09/09/2010]
Window Switcher.lnk --a---- 240 bytes [15:53 14/11/2008] [02:42 21/01/2008]
Windows Media Player.lnk --a---- 938 bytes [14:58 16/11/2008] [14:58 16/11/2008]

C:\Users\Rach\AppData\Local\Temp\smtmp\4 d------ [12:21 18/06/2011]
BBC iPlayer Desktop.lnk --a---- 822 bytes [13:27 27/02/2010] [18:14 07/06/2011]
CleVR Stitcher.lnk --a---- 772 bytes [15:26 02/05/2011] [15:26 02/05/2011]
desktop.ini --ahs-- 174 bytes [12:50 02/11/2006] [02:43 21/01/2008]
Google Chrome.lnk --a---- 1971 bytes [18:10 21/09/2010] [17:19 15/06/2011]
HP Help and Support.lnk --a---- 1871 bytes [19:53 31/07/2008] [19:53 31/07/2008]
iTunes.lnk --a---- 1624 bytes [15:56 23/12/2010] [15:56 23/12/2010]
QuickTime Player.lnk --a---- 1686 bytes [15:13 23/12/2010] [15:13 23/12/2010]
Safari.lnk --a---- 1854 bytes [16:41 18/12/2008] [19:27 22/11/2010]

-= EOF =-

#4 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,165
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 20 June 2011 - 06:51 PM

Unfortunately, all backup folders in C:\Users\Rach\AppData\Local\Temp\smtmp directory are empty, so you'll have to restore everything manually.

You can restore the defaults for the Start Menu and Administrative Tools as follows:


=======================================================================================

To manually recreate "All Programs" entries, follow these steps...

  • Download App Paths
  • Double click on AppPaths.exe to run the program.
  • Keep the program open.


In this example I'll recreate an entry for Avast antivirus program.
  • Go Start>All Programs.
  • Right click on Avast entry, click "Properties".


Posted Image
NOTE. Make sure, you right click on Avast program, NOT on Avast folder.

  • You'll see this window:


Posted Image

Due to the damage caused by the infection, you'll find "Target" box empty.

  • Go back to AppPaths window and find Avast entry.
  • Right click on Avast line, click "Edit".
  • A pop-up window will open:


Posted Image

  • Highlight everything in "Path" box, right click on it, click "Copy"
  • Go back to Avast "Properties" window, right click inside "Target" box, click "Paste".
  • IMPORTANT! Add quotation marks at the beginning of the path and at the end
  • Click OK and you're done.


Posted Image


In case, program's link shows as (empty):

Posted Image

  • Open Windows Explorer, navigate to Avast folder in Program Files
  • Right click on Avast ".exe" file, click "Create shortcut":


Posted Image

  • Copy that shortcut, go back to Start menu.
  • Right click on avast!Free Antivirus, click "Paste".
  • You'll see Avast shortcut recreated replacing (empty) entry.


Alternatively....
...you paste that shortcut in:
(XP) - C:\Documents and Settings\All Users\Start Menu\Programs\Avast
(Vista/7) - C:\ProgramData\Start Menu\Programs\Avast
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users