Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus hid programs and files


  • Please log in to reply
11 replies to this topic

#1 djditto

djditto

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 24 May 2011 - 07:02 AM

I have removed a virus (CXmal/FakeAV-A) ran virus scanner in safe mode and it removed it. Now all programs that were listed under the start menu are missing. If I go to my computer all files have been hidden. not sure where to go from here any help will be appreciated.

Thanks!

Edited by hamluis, 24 May 2011 - 09:34 AM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 invision

invision

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 24 May 2011 - 10:17 AM

What OS (Windows 7, Vista, XP) are you using?

The symptoms you describe can be indicative of a side effect from the HDD Defrag family of rogue security programs which changes file attributes to "hidden", making them appear invisible so the user thinks some of their files have been deleted. Newer variants of the FakeHDD rogue delete Quick Launch and Start Menu items/folders.

Please download unhide.exe by Grinler and save to your Desktop. Double-click on the file to run the tool.

After running it, all files will have the "hidden" attribute removed. This includes files that are normally hidden by the operating system and any files you may have intentionally hidden. The tool is designed not to remove hidden attribute for system files. If Quick Launch and the Start Menu were deleted, unhide.exe will attempt to restore them back to their proper location. When done you will need to restore the hidden attributes to those files manually. To do that, open Windows Explorer, go to Tools > Folder Options > View and make that change there.

Note: Do not clean out your temporary files/folders until this issue is resolved.


This did it for me

Edited by invision, 24 May 2011 - 10:17 AM.


#3 djditto

djditto
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 26 May 2011 - 09:45 AM

Thanks for your help. This seems to have resolved the issue as it relates to items in the folders.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:02 AM

Posted 26 May 2011 - 10:47 AM

What issues remain?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 djditto

djditto
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 26 May 2011 - 11:46 AM

When you click on start all folders under all programs are empty. I have started to manually copy the .exe files back into each one. is there an easier way to get them back?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:02 AM

Posted 26 May 2011 - 12:42 PM

What OS (Windows 7, Vista, XP) are you using?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 djditto

djditto
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 26 May 2011 - 01:04 PM

XP with Service pack3

#8 xyrhou

xyrhou

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 26 May 2011 - 01:22 PM

I have the same problem.

I also manually copy all the application shortcuts to the C:\Documents and Settings\All Users\Start Menu\Programs\"Name of Application Folder.

Already performed unhide.exe. unhide all folders, attrib and check the registry.

Is there any other way to restore all those shortcuts that i believe was deleted by the windows xp recovery malware?

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:02 AM

Posted 26 May 2011 - 01:31 PM

Welcome to BC xyrhou

If you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more members at the same time in the same thread. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

Thanks for your cooperation.
The BC Staff


djditto

This is a manual fix for XP users:

1. Copy the entire content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\1
and paste it to this folder:
C:\Documents and Settings\All Users\Start Menu

2. Copy the entire content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\2
and paste it to this folder:
C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch

3. Copy the entire content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\3
and paste it to this folder:
C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar

4. Copy the entire content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\4
and paste it to this folder:
C:\Documents and Settings\All Users\Desktop

If the above does not work then you can restore the defaults for the Start Menu, Accessories and Administrative Tools as follows:
For any other missing program shortcuts you will probably need to reinstall the application or manually create new shortcuts.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 xyrhou

xyrhou

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 26 May 2011 - 02:07 PM

Just a quick question regarding this fix.
This fix is also applicable in windows vista and 7?

I dont have problems anymore.
Im just searching for more possible solution if something like this happens again :)

Sorry for posting here without considering the forum rules :)

Thank you for the fix. :)

More Power!!!

Edited by xyrhou, 26 May 2011 - 02:17 PM.


#11 djditto

djditto
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 26 May 2011 - 02:30 PM

thanks that fixes the last of my issues

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:02 AM

Posted 26 May 2011 - 02:37 PM

Just a quick question regarding this fix.
This fix is also applicable in windows vista and 7?

No the manual fix for those OS's is different.


thanks that fixes the last of my issues

You're welcome.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users