Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help unhiding files after Vista Repair virus


  • Please log in to reply
3 replies to this topic

#1 rachymac

rachymac

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 19 June 2011 - 02:37 PM

I had posted this in another thread, but was told to start my own...

My computer was infected yesterday with the Windows Vista Repair virus - thanks to tutorials on this website I was able to get rid of it, but I can't seem to recover all the hidden files. The files which had disappeared from my desktop have returned, but my 'front' start menu is empty, and my control panel has disappeared - when I click on it it simply opens an empty box with nothing in it.

I have run unhide.exe - it said "Your files should now be visible" but all this brought back was the aforementioned desktop files and programs. It said to remove any other anti-virus or anti-malware which may have interfered with it, which I tried doing using the instructions on the Micrososft Essentials website, which said to run appwiz.cpl to find and disable them. However, becuase my control panel has disappeared, nothing happens when I try running this!

Any help would be greatly appreciated!

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:14 AM

Posted 19 June 2011 - 05:55 PM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :dir
    %Temp%\smtmp /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 rachymac

rachymac
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 20 June 2011 - 11:10 AM

Just copied the whole thing, cos none of it means anything to me:



SystemLook 04.09.10 by jpshortstuff
Log created at 17:09 on 20/06/2011 by Rach
Administrator - Elevation successful

========== dir ==========

C:\Users\Rach\AppData\Local\Temp\smtmp - Parameters: "/s"

---Files---
None found.

C:\Users\Rach\AppData\Local\Temp\smtmp\1 d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\PAV d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Accessories d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Adobe d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Amazon d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Amazon\Amazon MP3 Downloader d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\AVIcodec d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\BookSmart d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Delta d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Delta\DirectPlay d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Extras and Upgrades d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Games d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Google Chrome d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\HP d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\HP\Photosmart B109a-m d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\iTunes d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Maintenance d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office 2010 Tools d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\My HP Games d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Online Services d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Panda Antivirus + Firewall 2008 d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\QuickTime d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Recovery Manager d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\RegVac Registry Cleaner d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\SharePoint d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Skype d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Startup d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\SureThing d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\1\Programs\Tablet PC d------ [12:21 18/06/2011]

C:\Users\Rach\AppData\Local\Temp\smtmp\2 d------ [12:21 18/06/2011]
Apple Safari.lnk --a---- 2265 bytes [16:41 18/12/2008] [14:42 17/02/2011]
desktop.ini --ahs-- 346 bytes [15:53 14/11/2008] [20:08 09/09/2010]
Google Chrome.lnk --a---- 1955 bytes [18:10 21/09/2010] [18:10 21/09/2010]
Internet Explorer.lnk --a---- 949 bytes [20:08 09/09/2010] [20:08 09/09/2010]
Window Switcher.lnk --a---- 240 bytes [15:53 14/11/2008] [02:42 21/01/2008]
Windows Media Player.lnk --a---- 938 bytes [14:58 16/11/2008] [14:58 16/11/2008]

C:\Users\Rach\AppData\Local\Temp\smtmp\4 d------ [12:21 18/06/2011]
BBC iPlayer Desktop.lnk --a---- 822 bytes [13:27 27/02/2010] [18:14 07/06/2011]
CleVR Stitcher.lnk --a---- 772 bytes [15:26 02/05/2011] [15:26 02/05/2011]
desktop.ini --ahs-- 174 bytes [12:50 02/11/2006] [02:43 21/01/2008]
Google Chrome.lnk --a---- 1971 bytes [18:10 21/09/2010] [17:19 15/06/2011]
HP Help and Support.lnk --a---- 1871 bytes [19:53 31/07/2008] [19:53 31/07/2008]
iTunes.lnk --a---- 1624 bytes [15:56 23/12/2010] [15:56 23/12/2010]
QuickTime Player.lnk --a---- 1686 bytes [15:13 23/12/2010] [15:13 23/12/2010]
Safari.lnk --a---- 1854 bytes [16:41 18/12/2008] [19:27 22/11/2010]

-= EOF =-

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:14 AM

Posted 20 June 2011 - 06:51 PM

Unfortunately, all backup folders in C:\Users\Rach\AppData\Local\Temp\smtmp directory are empty, so you'll have to restore everything manually.

You can restore the defaults for the Start Menu and Administrative Tools as follows:

=======================================================================================

To manually recreate "All Programs" entries, follow these steps...

  • Download App Paths
  • Double click on AppPaths.exe to run the program.
  • Keep the program open.

In this example I'll recreate an entry for Avast antivirus program.
  • Go Start>All Programs.
  • Right click on Avast entry, click "Properties".

Posted Image
NOTE. Make sure, you right click on Avast program, NOT on Avast folder.

  • You'll see this window:

Posted Image

Due to the damage caused by the infection, you'll find "Target" box empty.

  • Go back to AppPaths window and find Avast entry.
  • Right click on Avast line, click "Edit".
  • A pop-up window will open:

Posted Image

  • Highlight everything in "Path" box, right click on it, click "Copy"
  • Go back to Avast "Properties" window, right click inside "Target" box, click "Paste".
  • IMPORTANT! Add quotation marks at the beginning of the path and at the end
  • Click OK and you're done.

Posted Image


In case, program's link shows as (empty):

Posted Image

  • Open Windows Explorer, navigate to Avast folder in Program Files
  • Right click on Avast ".exe" file, click "Create shortcut":

Posted Image

  • Copy that shortcut, go back to Start menu.
  • Right click on avast!Free Antivirus, click "Paste".
  • You'll see Avast shortcut recreated replacing (empty) entry.

Alternatively....
...you paste that shortcut in:
(XP) - C:\Documents and Settings\All Users\Start Menu\Programs\Avast
(Vista/7) - C:\ProgramData\Start Menu\Programs\Avast

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users