Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Folders inside "Start/ All Programs" mark as empty, after malware is removed??


  • Please log in to reply
7 replies to this topic

#1 CTSH

CTSH

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 03 June 2011 - 02:51 AM

Hi All.
I have an XP Home SP3 machine that was infected with one of the Bogus AV products.
It hid all my icons on the desktop, all docs etc.
I've given it a thorough clean as per the posts here, and have everything back to normal APART from one thing.

When opening any folders that where in Start/ All Programs before the infection, they simply say they are empty.

Any folders created since the clean up appear as normal.

I have googled the problem, and no fixes I have found, have worked.

Thanks in advance

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:47 AM

Posted 03 June 2011 - 10:13 PM

Hello.

Thanks to Broni for the below.

To manually recreate "All Programs" entries, follow these steps...

  • Download App Paths
  • Double click on AppPaths.exe to run the program.
  • Keep the program open.

In this example I'll recreate an entry for Avast antivirus program.
  • Go Start>All Programs.
  • Right click on Avast entry, click "Properties".

Posted Image
NOTE. Make sure, you right click on Avast program, NOT on Avast folder.

  • You'll see this window:

Posted Image

Due to the damage caused by the infection, you'll find "Target" box empty.

  • Go back to AppPaths window and find Avast entry.
  • Right click on Avast line, click "Edit".
  • A pop-up window will open:

Posted Image

  • Highlight everything in "Path" box, right click on it, click "Copy"
  • Go back to Avast "Properties" window, right click inside "Target" box, click "Paste".
  • IMPORTANT! Add quotation marks at the beginning of the path and at the end
  • Click OK and you're done.

Posted Image


In case, program's link shows as (empty):

Posted Image

  • Open Windows Explorer, navigate to Avast folder in Program Files
  • Right click on Avast ".exe" file, click "Create shortcut":

Posted Image

  • Copy that shortcut, go back to Start menu.
  • Right click on avast!Free Antivirus, click "Paste".
  • You'll see Avast shortcut recreated replacing (empty) entry.

Alternatively....
...you paste that shortcut in:
(XP) - C:\Documents and Settings\All Users\Start Menu\Programs\Avast
(Vista/7) - C:\Program Data\Start Menu\Programs\Avast

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 CTSH

CTSH
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 05 June 2011 - 07:11 PM

Thanks Blade.
Exactly the problem I had.

Do you think this is a registry corruption?

Thanx again.

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:47 AM

Posted 05 June 2011 - 07:51 PM

Hi CTSH.

No, this has nothing to do with the registry. The problem is that the malware removed the shortcut structure that makes up the All programs list. Unhide is designed to restore this structure if the backup copy made by the malware can be located, but apparently in this case the backup could not be found.

When cleaning the machine, did you run any temp file cleaners?

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 CTSH

CTSH
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 06 June 2011 - 11:58 PM

Yes, unfortunately.

ccleaner, & cleanup 4.0

Thanks for the heads up.
Looks like a manual fix coming up!!

Cheers

#6 CTSH

CTSH
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 07 June 2011 - 12:00 AM

P.S.

If I hadn't cleared all my temp files, this should have worked??

Just asking, as I'm sure I'm not the only one with this problem.

Thanks again.
Cheers

#7 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:47 AM

Posted 07 June 2011 - 12:37 AM

Possibly.

There's not a way to be certain at this point.

Let me know if the manual restore works.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#8 H1987

H1987

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 12 June 2011 - 03:24 AM

Hi all, Im new on here and having the same BLOODY PROBLEM.

I tried the fix above but another problem I face is having LOST administrator privileges - anyone have ANY idea how to rectify this problem as well? When I clicked 'okay' after making the above changes, it told me to 'prove' admin status or something.

Thanks in advance for any help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users