Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Start up files empty after removal of win32/fakesysdef and trojan gen-nullo/short


  • Please log in to reply
6 replies to this topic

#1 tommop

tommop

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 24 June 2011 - 01:27 PM

I was browsing the internent 2 nights ago when I suddenly came upon what I now know to be a virus claiming to be a Windows related security programme - This was stopped by AVG but not before I lost most of my desktop icons and most of the items from my start up menu including the pre loaded microsoft games which come with windows XP home edition and also most of the other files now read "empty"
I've recovered several items by using methods recommended on the internet, but still many of my items aren't accessible and still say "empty"
I understand that these viruses cause files to be hidden, and I'd appreciate anyones assistance in getting things back, these include the software for my printer, mp3 player, M/S word, and even AVG, even though I know that some of these progremmes still exist on my computer, I'd like to get these back on my start menu, but dont want to make things worse by tinkering.
AVG found and removed win32fakesysdef, and I downloaded SUPERantispyware which found the trojan gen-nullo(short).
Any assistance would be appreciated!

Edited by hamluis, 24 June 2011 - 01:34 PM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:37 AM

Posted 24 June 2011 - 02:56 PM

Let's see, if we can recover your missing features.
Download and run UnHide

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 tommop

tommop
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 24 June 2011 - 03:21 PM

Thanks, that was one of the first things I did , after visitng this website, and it brought the icons back to the start menu, but the folders still say that they are empty, and some items haven't reappeared at all in the start menu, altough I know the programmes are still on my computer.

#4 tommop

tommop
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 24 June 2011 - 03:25 PM

Many of the icons I recovered appeared "feint" or transparent, and I merely deleted these in favour of new icons from shortcuts to the programmes or websites in question. many of the folders on my computer still contain files which have an almost transparent, pale yellow colour to them that usual, I'm not sure if they always did, or if this has just happened since this incident. Again, I'm at a loss as to what to do other than re-format.?

Edited by tommop, 24 June 2011 - 03:29 PM.


#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:37 AM

Posted 24 June 2011 - 03:30 PM

Nah...
We have to check couple of things first...

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :dir
    %Temp%\smtmp /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#6 tommop

tommop
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 25 June 2011 - 11:31 AM

Thankyou for this, I really appreciate your help.


C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Samsung\EmoDio d------ [21:15 22/06/2011]

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Samsung New PC Studio d------ [21:15 22/06/2011]

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\SoftMaker Office 2010 (Trial) d------ [21:15 22/06/2011]

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\SoftMaker Office 2010 (Trial)\Documentation d------ [21:15 22/06/2011]

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\SoftMaker Office 2010 (Trial)\Utilities d------ [21:15 22/06/2011]

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Startup d------ [21:15 22/06/2011]
desktop.ini --ahs-- 84 bytes [15:57 17/01/2011] [16:28 17/01/2011]

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Trusteer Rapport d------ [21:15 22/06/2011]

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Winamp d------ [21:15 22/06/2011]

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\WinRAR d------ [21:15 22/06/2011]

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\WinZip d------ [21:15 22/06/2011]

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\2 d------ [21:15 22/06/2011]
desktop.ini --ahs-- 119 bytes [16:34 17/01/2011] [16:34 17/01/2011]
Show Desktop.scf --a---- 79 bytes [16:34 17/01/2011] [16:34 17/01/2011]

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\4 d------ [21:15 22/06/2011]

-= EOF =-

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:37 AM

Posted 25 June 2011 - 11:45 AM

Unfortunately, all backups are gone, so you'll have to restore all items manually.

You can restore the defaults for the Start Menu, Accessories and Administrative Tools as follows:
Posted Image
  • Then click on the Restore button.

==================================================================================

To manually recreate "All Programs" entries, follow these steps...

  • Download App Paths
  • Double click on AppPaths.exe to run the program.
  • Keep the program open.

In this example I'll recreate an entry for Avast antivirus program.
  • Go Start>All Programs.
  • Right click on Avast entry, click "Properties".

Posted Image
NOTE. Make sure, you right click on Avast program, NOT on Avast folder.

  • You'll see this window:

Posted Image

Due to the damage caused by the infection, you'll find "Target" box empty.

  • Go back to AppPaths window and find Avast entry.
  • Right click on Avast line, click "Edit".
  • A pop-up window will open:

Posted Image

  • Highlight everything in "Path" box, right click on it, click "Copy"
  • Go back to Avast "Properties" window, right click inside "Target" box, click "Paste".
  • IMPORTANT! Add quotation marks at the beginning of the path and at the end
  • Click OK and you're done.

Posted Image


In case, program's link shows as (empty):

Posted Image

  • Open Windows Explorer, navigate to Avast folder in Program Files
  • Right click on Avast ".exe" file, click "Create shortcut":

Posted Image

  • Copy that shortcut, go back to Start menu.
  • Right click on avast!Free Antivirus, click "Paste".
  • You'll see Avast shortcut recreated replacing (empty) entry.

Alternatively....
...you paste that shortcut in:
(XP) - C:\Documents and Settings\All Users\Start Menu\Programs\Avast
(Vista/7) - C:\ProgramData\Start Menu\Programs\Avast

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users