Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

S.M.A.R.T. HDD


  • Please log in to reply
4 replies to this topic

#1 Sax_man

Sax_man

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 24 April 2012 - 11:01 PM

Hello.

I was infected with the smart hdd virus earlier and following topics posted in the forums i have been able to finally get the popup windows to stop.

However, i am still having issues. All my desktop icons are now present but my desktop is not the same. Further, the start menu items are still showing as missing / empty.

Other things that are abnormal are my desktop wallpaper is now gone and so are most of my gadgets. I would like to recover my desktop but more importantly my start menu items not being empty.

Any help would be appreciated.

Thanks.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:45 PM

Posted 25 April 2012 - 03:07 AM

Press Windows+R key and type

%temp% and click ok

If you have a folder called SMTMP ,save it to a safe location

Download

UNHIDE

Allow it to run,after the scan,a log should be generated on the desktop.Post the log here

NOTE:Do not turn off or delete your restore point until i advise you

good luck

#3 Sax_man

Sax_man
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 25 April 2012 - 07:27 AM

Hello narenxp...thanks for the help.

I did not have a folder named SMTMP.

I ran the unhide program but it did not help. It also appears that my AV program is not showing up in the tray at all anymore. UNHIDE advises to turn this off and retry if it did not succeed. Without the icon in the tray I am assuming it is off.

#4 Sax_man

Sax_man
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 25 April 2012 - 08:20 AM

Should of included this:

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 04/25/2012 05:12:19 AM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 310046 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 10744 files processed.

Processing the G:\ drive
Finished processing the G:\ drive. 0 files processed.

Processing the H:\ drive
Finished processing the H:\ drive. 0 files processed.

Processing the I:\ drive
Finished processing the I:\ drive. 0 files processed.

Processing the J:\ drive
Finished processing the J:\ drive. 0 files processed.

The C:\Users\CHRISS~1\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowPrinters was set to 0! It was set back to 1!
* Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1!
* Start_ShowNetConn was set to 0! It was set back to 1!
* Start_TrackDocs was set to 0! It was set back to 1!
* Start_TrackProgs was set to 0! It was set back to 1!
* Start_ShowUser was set to 0! It was set back to 1!
* Start_ShowMyGames was set to 0! It was set back to 1!

Restarting Explorer.exe in order to apply changes.

Program finished at: 04/25/2012 05:16:50 AM
Execution time: 0 hours(s), 4 minute(s), and 31 seconds(s)

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:45 PM

Posted 25 April 2012 - 12:37 PM

Click on startmenu and type

cmd

right click on it and select run as administrator


now run this command

attrib -h c:\*.* /s /d

Allow it to run,this should unhide your files


Right click on your startmenu-properties

Check mark

store and display recently opened programs
store and display recently items


Click on customize

Click on Use default settings at the bottom

Now go to

c:\ProgramData\Microsoft\Windows

right click on startmenu folder,click on restore previous versions

Now select a snapshot before you were infected by the rogue,click on restore

You should get back the startmenu programs

good luck

Edited by narenxp, 25 April 2012 - 12:37 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users