Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Windows XP Recovery Virus cleanup

  • Please log in to reply
3 replies to this topic

#1 Magnus303


  • Members
  • 10 posts
  • Local time:04:41 PM

Posted 29 May 2011 - 03:13 AM

Hi, I recently got infected with the "Windows XP Recovery" rogue spyware, and I followed the instructions of the bleepingcomputer how-to guide. The only problem that I'm having now, though, is that even after cleaning it up, and even after running the "unhide.exe" tool, I am still missing pretty much everything out of my start menu--the folders are back, but the shortcuts are pretty much all gone. I'm wondering if there is anything else I can do, or if I have to resign myself to the fate of creating new shortcuts for *everything* that was in my start menu. I had even tried disabling my AVG antivirus and re-running unhide.exe like it asked me to, but no luck.

On a side note, is it too much to ask that the people behind this particular piece of malware go play out in traffic on the autobahn?...

BC AdBot (Login to Remove)


#2 Blade


    Strong in the Bleepforce

  • Site Admin
  • 12,740 posts
  • Gender:Male
  • Location:US
  • Local time:03:41 PM

Posted 29 May 2011 - 11:14 AM


It appears that a Temp Cleaner was run during your cleaning process. Unfortunately this means that the shortcuts are now lost.

Credit to Broni for the following.

To manually recreate "All Programs" entries, follow these steps...

  • Download App Paths
  • Double click on AppPaths.exe to run the program.
  • Keep the program open.

In this example I'll recreate an entry for Avast antivirus program.
  • Go Start>All Programs.
  • Right click on Avast entry, click "Properties".

Posted Image
NOTE. Make sure, you right click on Avast program, NOT on Avast folder.

  • You'll see this window:

Posted Image

Due to the damage caused by the infection, you'll find "Target" box empty.

  • Go back to AppPaths window and find Avast entry.
  • Right click on Avast line, click "Edit".
  • A pop-up window will open:

Posted Image

  • Highlight everything in "Path" box, right click on it, click "Copy"
  • Go back to Avast "Properties" window, right click inside "Target" box, click "Paste".
  • IMPORTANT! Add quotation marks at the beginning of the path and at the end
  • Click OK and you're done.

Posted Image


If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!

#3 DonnyDaveUK


  • Members
  • 1 posts
  • Local time:09:41 PM

Posted 01 June 2011 - 02:08 PM

I have a PC that is infected with this. I have disabled it by removing it from the Run key in the registry.

It appears that it has made a back-up copy of all the icons on the Start menu, albeit they are hidden. I will post the path for them, but you should be able to use the Search facility to find them. You will need to go to Folder Options > View tab > Tick Show hidden and system files.

The current Start menu is blank. When viewing the Start Menu directory, there are the subdirectories in their which were the ones that were there previously. They have their hidden flag set and are empty.

#4 Grinler


    Lawrence Abrams

  • Admin
  • 43,666 posts
  • Gender:Male
  • Location:USA
  • Local time:03:41 PM

Posted 17 June 2011 - 01:03 PM

If you are still having a problem, please try this version of unhide and tell us if it resolved the issue:


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users