Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot see start menu files - unhide.exe didn't work


  • Please log in to reply
11 replies to this topic

#1 johnathonb

johnathonb

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 01 February 2012 - 02:11 PM

Hello,

I have an infected machine that has had Malwarebytes, SuperAntiSpyware and Microsoft Security Essentials ran on it and at the end of this process I ran the icons were still missing under the start menu and displayed as empty. I then ran unhide.exe but the icons were still missing.

I was hoping you could help me out a bit, just let me know what log you need me to run first.

Thanks,

John

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:06 PM

Posted 01 February 2012 - 02:20 PM

Can you post the resulting logs from Malwarebytes and Super Anti-Spyware?

Also did you run any registry or temp file cleaners?

#3 johnathonb

johnathonb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 01 February 2012 - 04:08 PM

Malwarebytes Log:

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.27.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sony Laptop :: SONYLAPTOP-VAIO [administrator]

Protection: Enabled

1/27/2012 4:36:24 PM
mbam-log-2012-01-27 (16-36-24).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 331739
Time elapsed: 2 hour(s), 26 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Sony Laptop\AppData\Local\Temp\msimg32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Sony Laptop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\36afad31-5a154bb2 (Trojan.Downloader.lb) -> Delete on reboot.

(end)


I ran SuperAntiSpyware portable so no log file was saved.

I'm not sure if we ran a temp file or registry cleaner like CCleaner on it yet, if we have I have a back up of the original machine I can pushed back to it to start the process over if needed.

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:06 PM

Posted 01 February 2012 - 04:11 PM

That would potentially reinfect you. Can you run SAS non-portable.

#5 johnathonb

johnathonb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 01 February 2012 - 05:20 PM

SAS No Portable Scan Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/01/2012 at 04:17 PM

Application Version : 5.0.1142

Core Rules Database Version : 8190
Trace Rules Database Version: 6002

Scan type : Complete Scan
Total Scan Time : 00:30:56

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 455
Memory threats detected : 0
Registry items scanned : 44364
Registry threats detected : 0
File items scanned : 56416
File threats detected : 0

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:06 PM

Posted 01 February 2012 - 06:01 PM

Can you navigate to c:\Program Files and see if all your applications are there also c:\Users\yourusername and find your start menu and see if its populated?

#7 johnathonb

johnathonb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 02 February 2012 - 10:36 AM

Posted Image

This is what is in the start menu.

All the files are still in the program files and program files(x86)

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:06 PM

Posted 02 February 2012 - 11:13 AM

Here is what mine looks like:

Posted Image

Have you reformatted?

#9 johnathonb

johnathonb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 02 February 2012 - 11:28 AM

No I haven't.

I am going to restore the backup because I believe someone ran CCleaner. I will just start the virus removal process over again. I will post in the next few hours to see if the files are back or not.

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:06 PM

Posted 02 February 2012 - 11:43 AM

if the applications are in c:\program files then I would reinstall the applications.

#11 johnathonb

johnathonb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 02 February 2012 - 01:36 PM

What I did was restore the backup I took before doing a virus removal and ran unhide.exe and all the applications returned to the start menu.

Thanks, site is a bunch of help, don't know where I'd be without the help you guys provide.

#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:06 PM

Posted 02 February 2012 - 03:41 PM

So someone did run ccleaner or another temp file cleaner.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users