Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Post-Virus Issues


  • Please log in to reply
10 replies to this topic

#1 Charley316

Charley316

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 16 June 2011 - 02:53 AM

Hi!

I had problems with a variant of the 'System Restore' virus, which managed to disable my Avast and Malware Bytes, and hid pretty much everything on my Hard Drive.

I followed the instructions left here on a previous thread, used Grinler's excellent Unhide, cleared out and re-installed Malware Bytes, ran it and got rid (I think!) The most up to date versions of Avast and Malware Bytes are saying that my system is clear.

However, a lot of my files appear to be 'empty', when they're defiantely still there when searched for. While all my docs are back, Firefox, my VPN software, and several other program files, along with things like my screensaver, are still 'missing' on the surface.

Can anyone offer any advice as to how to restore them? I'm also concerned that, if this problem still remains, the virus is still hiding in the background.

Thank you so much for any help you can offer!!

BC AdBot (Login to Remove)

 


#2 invision

invision

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 16 June 2011 - 08:35 AM

They can be found in a folder named smtmp inside:

(XP)- C:\Documents and Settings\Username\Local Settings\Temp
(W7)- C:\Users\(Username)\AppData\Local\Temp


These will be there unless you have removed temp files / folders

#3 mainst4

mainst4

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 16 June 2011 - 11:11 AM

This is exactly what I was looking for (I had cleared my temp folders but was able to restore the smtmp folder) -- is there a fast way to restore the icons to their proper location or just drag-n-drop them one at a time?

Also, does anyone have a remedy for the 'disabled right click on the desktop' remnant from the Windows XP Recovery malware?

Thanks for your help!

#4 invision

invision

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 16 June 2011 - 11:18 AM

try this

This is a manual fix for Vista/Windows 7 users:

1. Copy the entire content of this folder:
C:\Users\user_name\AppData\Local\Temp\smtmp\1
and paste it to this folder:
C:\Program Data\Start Menu

2. Copy the entire content of this folder:
C:\Users\user_name\AppData\Local\Temp\smtmp\2
and paste it to this folder:
C:\Users\user_name\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch

3. Copy the entire content of this folder:
C:\Users\user_name\AppData\Local\Temp\smtmp\3
and paste it to this folder:
C:\Users\user-name\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar

4. Copy the entire content of this folder:
C:\Users\user_name\AppData\Local\Temp\smtmp\4
and paste it to this folder:
C:\Program Data\Desktop

-- Note: The "Start Menu", "Quick Launch" and "Desktop" folders are system folders. In order to see them, you need to Reconfigure Windows to show hidden files, folders. In Windows Explorer go to Tools > Folder Options and click on the View tab. Under Advanced settings > Files and Folders > Hidden Files and Folders, uncheck "Hide Protected operating system Files (recommended)" and hit Apply > OK. In order to access the "Start Menu" folder, you may need to "take ownership" of that folder as shown here.

If the above does not work, then you can restore the defaults for the Start Menu and Administrative Tools as follows:


For any other missing program shortcuts you will probably need to reinstall the application or manually create new shortcuts.



#5 Charley316

Charley316
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 16 June 2011 - 11:44 AM

They can be found in a folder named smtmp inside:

(XP)- C:\Documents and Settings\Username\Local Settings\Temp
(W7)- C:\Users\(Username)\AppData\Local\Temp


These will be there unless you have removed temp files / folders


Invision, thanks for that. They are indeed there. However,it's the program files access via the Start Menu that is the main problem. How to I go about restoring them, please?

Thanks!

#6 invision

invision

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 22 June 2011 - 07:48 AM

Note: The "Start Menu", "Quick Launch" and "Desktop" folders are system folders. In order to see them, you need to Reconfigure Windows to show hidden files, folders. In Windows Explorer go to Tools > Folder Options and click on the View tab. Under Advanced settings > Files and Folders > Hidden Files and Folders, uncheck "Hide Protected operating system Files (recommended)" and hit Apply > OK. In order to access the "Start Menu" folder, you may need to "take ownership" of that folder as shown here.

If the above does not work, then you can restore the defaults for the Start Menu and Administrative Tools as follows:
For any other missing program shortcuts you will probably need to reinstall the application or manually create new shortcuts.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:21 AM

Posted 22 June 2011 - 01:02 PM

Try running this version first...
UnHide
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 azra14

azra14

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 22 June 2011 - 02:20 PM

i had the same problem as charley316, and I was able to fix it, however my desktop gadgets still aren't showing. when i right click on the desktop and press on gadgets, they still do not open. Any ideas? Thanks!

#9 azra14

azra14

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 22 June 2011 - 02:22 PM

actually, i just solved my problem ;)

i tried installing a new gadget and then when i clicked on gadgets from my desktop, the old ones showed up again.

#10 Charley316

Charley316
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 22 June 2011 - 06:29 PM

Thanks Invision - I'd already got the hidden files sorted - it's the start menu that's causing consternation. I'm sorry to be a pain, but you don't happen to know how to restore the start menu defaults in XP, do you?

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:21 AM

Posted 22 June 2011 - 07:08 PM

Yes, I saw you had already removed the malwares. I suggested a newer version of UnHide to try..
it is important that you do not delete any files from your Temp folder or use any temp file or registry cleaners.
Please try that and let me know.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users