Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Windows XP Recovery" hid programs. How do I bring them back?


  • Please log in to reply
10 replies to this topic

#1 markevens

markevens

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 01 June 2011 - 10:44 PM

Hello,

I'm working on a computer and the person had the "Windows XP Recovery" virus. We got the system free of malware, but one of the things it did was hid many of the programs, and even now with the virus gone it the programs are still missing.

I know they are still there. Microsoft Word was one of the missing programs, but I was still able to open the program by opening a word document.

How can I find where they are hidden and return them to their proper spot?

Thank you in advance.

Markevens

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:08 PM

Posted 02 June 2011 - 01:48 PM

Hi!

Try this:

Please download UnHide.exe by Grinler.

It will unhide folders/files that were set to be hidden by the infection you had.



NEXT:



Let me know if your items have been restored.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 markevens

markevens
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 04 June 2011 - 07:15 PM

Sweettech,

Thanks for the help. Unfortunatly, the Unhide did not show programs that were not previously shown.

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:08 PM

Posted 04 June 2011 - 08:11 PM

Try this;

This is a manual fix for XP users:

1. Copy the entire content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\1
and paste it to this folder:
C:\Documents and Settings\All Users\Start Menu

2. Copy the entire content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\2
and paste it to this folder:
C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch

3. Copy the entire content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\3
and paste it to this folder:
C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar

4. Copy the entire content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\4
and paste it to this folder:
C:\Documents and Settings\All Users\Desktop

If the above does not work then you can restore the defaults for the Start Menu, Accessories and Administrative Tools as follows:
For any other missing program shortcuts you will probably need to reinstall the application or manually create new shortcuts.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 markevens

markevens
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 04 June 2011 - 08:31 PM

Thanks again sweettech, you are giving awesome help.

The smtmp folder was not in the temp files for any of the user accounts. It may have been wiped out from the virus removal. The following is from a report the person who removed the virus gave the person:

The following actions were taken:
-[snip]
- Temporary files were cleaned up across the system.


The full report is as follows:

Service Report:
We scanned all critical system files and running processes on your PC with our specialized tools. We also manually reviewed all system error reporting, startup programs and processes, and installed software. Components such as your system registry, data files, and programs were all reviewed.

During these scans and manual audit of your PC, we found the following:

- Malware.Packer.GenX
- PUM.Disabled.SecurityCenter
- PUM.Hijack.DisplayProperties
- PUM.Hijack.TaskManager
- Trojan.FakeAlert
- Trojan.FakeAlert.Gen
______________________________________________
The following diagnostic steps were performed:
- Automated and manual scanning were used to identify any Malware/Viruses on the system.
- Windows Security and Update settings were verified.
- Antivirus applications were checked.
- Devices and drivers were checked.
- Error logs were checked.
- Installed software was checked.
* Hardware checks
- Memory
- Storage space
- Conflicts
* Performance checks
- Running processes
- Startup processes
- Startup services
* Vulnerability checks
- Status of anti-virus software
- Status of anti-spyware software
- Status of firewall
- Status of Windows Auto-Updater
_____________________________________________
The following actions were taken:
- All Trojans, Rogue Anti-Virus applications, and Malware were removed from your system.
- All Adware was removed from the system.
- All of your security settings were restored to their original configurations.
- Windows Updates were set to Automatic.
- A Clean System Restore Point was created.
- Your System and Startup Programs and Applications were optimized.
- Temporary files were cleaned up across the system.

A new system restore point (clean system restore) has been created for you. If you should encounter any malware infections in the future, you may revert your system back to this restore point in order to alleviate the symptoms of the malware.



#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:08 PM

Posted 05 June 2011 - 10:23 AM

Hi!

:)

Did you scroll down and read the instructions that start here: "If the above does not work then you can restore the defaults for the Start Menu, Accessories and Administrative Tools as follows:"?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 markevens

markevens
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 05 June 2011 - 07:47 PM

Hi!

:)

Did you scroll down and read the instructions that start here: "If the above does not work then you can restore the defaults for the Start Menu, Accessories and Administrative Tools as follows:"?

Sorry, I should be more specific in my replies.

Yes, I did everything on the list.

the \smtmp file is not in the temp folder. I also checked to see if it was hidden but it was still not there.

The restore accessories and restore admin programs did not make any changes.

I should also be more exact in my description. It appears that about 1/2 of the programs from the All Programs start menu list are missing, but they are not important to the computer owner. Many of the remaining programs have empty files in the start menu , but when I go to the actual location in the program file, the application icon is there and works normally. Here is a screenshot for clarity: http://i.imgur.com/Na6hc.png

All we would like to do at this point is to get the application shortcut icons in the start menu folders.

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:08 PM

Posted 06 June 2011 - 03:13 PM

The easiest method for restoring those items in the start menu would probably be to re-install the applications.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 markevens

markevens
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 06 June 2011 - 05:39 PM

The easiest method for restoring those items in the start menu would probably be to re-install the applications.

Is there a way to get the icons back without re-installing all the software?

Thank you for all the help you've given by the way, even though we haven't gotten far yet.

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:08 PM

Posted 06 June 2011 - 06:11 PM

markevans,

I have instructions for manually re-creating them, but it's geared for Vista/7.

You can try it and see if it works for you;

The following is compliments of Broni.

To manually recreate "All Programs" entries, follow these steps...

  • Download App Paths
  • Double click on AppPaths.exe to run the program.
  • Keep the program open.

In this example I'll recreate an entry for Avast antivirus program.
  • Go Start>All Programs.
  • Right click on Avast entry, click "Properties".

Posted Image
NOTE. Make sure, you right click on Avast program, NOT on Avast folder.

  • You'll see this window:

Posted Image

Due to the damage caused by the infection, you'll find "Target" box empty.

  • Go back to AppPaths window and find Avast entry.
  • Right click on Avast line, click "Edit".
  • A pop-up window will open:

Posted Image

  • Highlight everything in "Path" box, right click on it, click "Copy"
  • Go back to Avast "Properties" window, right click inside "Target" box, click "Paste".
  • IMPORTANT! Add quotation marks at the beginning of the path and at the end
  • Click OK and you're done.

Posted Image


In case, program's link shows as (empty):

Posted Image

  • Open Windows Explorer, navigate to Avast folder in Program Files
  • Right click on Avast ".exe" file, click "Create shortcut":

Posted Image

  • Copy that shortcut, go back to Start menu.
  • Right click on avast!Free Antivirus, click "Paste".
  • You'll see Avast shortcut recreated replacing (empty) entry.

Alternatively....
...you paste that shortcut in:
(XP) - C:\Documents and Settings\All Users\Start Menu\Programs\Avast
(Vista/7) - C:\Program Data\Start Menu\Programs\Avast


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 markevens

markevens
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 07 June 2011 - 11:20 PM

This is perfect. After some playing around I found the manual way myself (the second method you posted) and came to share it.

After an hour of creating shortcuts and folders I've finally gotten all the programs in the start menu, except for one.

I can't find windowsupdate anywhere. Even searching the computer isn't finding anything. Do you know where it should reside in the windows files?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users