Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Recovery


  • Please log in to reply
3 replies to this topic

#1 AnitaG

AnitaG

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 19 June 2011 - 12:06 PM

Was able to remove the Windows XP Recovery virus after following instructions in the Removal Guide, but after running Unhide.exe I still can't see System Restore or the Accessories folder at Start/Programs/Accessories. What other options are available now? I hesitate to use ComboFix as it can mess up more than it fixes.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:25 AM

Posted 19 June 2011 - 02:11 PM

Let's check something...

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :dir
    %Temp%\smtmp /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 AnitaG

AnitaG
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 04 July 2011 - 11:32 AM

Finally had opportunity to run Systemlook, but I had cleaned out all the user temp files to make sure the problem wasn't lurking. Results of Systemlook posted below:
SystemLook 04.09.10 by jpshortstuff
Log created at 11:28 on 04/07/2011 by Jerry
Administrator - Elevation successful

========== dir ==========

C:\DOCUME~1\Jerry\LOCALS~1\Temp\smtmp - Unable to find folder.

-= EOF =-

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:25 AM

Posted 04 July 2011 - 11:51 AM

I had cleaned out all the user temp files to make sure the problem wasn't lurking

Normally, it's not a bad move, but in case of this particular malware, it removed all backups, so you'll have to restore everything manually.

You can restore the defaults for the Start Menu, Accessories and Administrative Tools as follows:
Posted Image
  • Then click on the Restore button.

==================================================================================

To manually recreate "All Programs" entries, follow these steps...

  • Download App Paths
  • Double click on AppPaths.exe to run the program.
  • Keep the program open.

In this example I'll recreate an entry for Avast antivirus program.
  • Go Start>All Programs.
  • Right click on Avast entry, click "Properties".

Posted Image
NOTE. Make sure, you right click on Avast program, NOT on Avast folder.

  • You'll see this window:

Posted Image

Due to the damage caused by the infection, you'll find "Target" box empty.

  • Go back to AppPaths window and find Avast entry.
  • Right click on Avast line, click "Edit".
  • A pop-up window will open:

Posted Image

  • Highlight everything in "Path" box, right click on it, click "Copy"
  • Go back to Avast "Properties" window, right click inside "Target" box, click "Paste".
  • IMPORTANT! Add quotation marks at the beginning of the path and at the end
  • Click OK and you're done.

Posted Image


In case, program's link shows as (empty):

Posted Image

  • Open Windows Explorer, navigate to Avast folder in Program Files
  • Right click on Avast ".exe" file, click "Create shortcut":

Posted Image

  • Copy that shortcut, go back to Start menu.
  • Right click on avast!Free Antivirus, click "Paste".
  • You'll see Avast shortcut recreated replacing (empty) entry.

Alternatively....
...you paste that shortcut in:
(XP) - C:\Documents and Settings\All Users\Start Menu\Programs\Avast
(Vista/7) - C:\ProgramData\Start Menu\Programs\Avast

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users