Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smart HDD removal-Missing system files


  • Please log in to reply
9 replies to this topic

#1 Paul Tiser

Paul Tiser

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 05 May 2012 - 12:39 PM

Hello all, Great webpage and thanks for the help!!!

My computer was recently infected by the Smart HDD virus/malware on my HP laptop using Windows 7. I followed the "Remove Smart Hdd (Uninstall Guide" from this site. One important note, I DID run a Temp file cleaner when the infection first happened, prior to finding this site telling me NOT TO!!

Summary I ran 1)Rkill, 2)TDSS rootkit, 3)Malwarebytes, 4)Un-hide.exe

After doing 1-4 above, my computer seems back to normal except I dont have the files under the start menu/all programs, all folders are empty (i.e. office suite, HP Help and Support.......). I was able to open a photo using microsoft picture editor,so it appears the programs are still loaded, just hidden from the folders?

I just downloaded SUPERantiSpyware and am currently running the scan.

Also, I still have a "Data_Recovery" icon on my desktop? When I view properties for this icon I get "C:\programData\Kra6Nn3Bfwgn2u.exe", and if I select any other tabs on from the properties box I get a popup that says "The name C:\programData\Kra6Nn3Bfwgn2u.exe specified target box is not valid"? Can I assume the file is gone and just delete this Icon??

Thanks again for your help!
Paul

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:40 AM

Posted 05 May 2012 - 12:46 PM

Right click on your startmenu-properties

Check mark

store and display recently opened programs
store and display recently items


Click on customize

Click on Use default settings at the bottom

Now go to

c:\ProgramData\Microsoft\Windows

right click on startmenu folder,click on restore previous versions

Now select a snapshot before you were infected by the rogue,click on restore

You should get back the startmenu programs

"The name C:\programData\Kra6Nn3Bfwgn2u.exe specified target box is not valid"? Can I assume the file is gone and just delete this Icon??


Yes,delete the icon and delete the FOLDER too

good luck

#3 Paul Tiser

Paul Tiser
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 05 May 2012 - 01:14 PM

narenxp,

That seems to have fixed it, all seems back to normal!

I can not thank you guys enough for this great site!

So as long as my scan doesnt show anything and everything seems to be functioning correctly I dont have to worry about any other hidden issues?

Paul

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:40 AM

Posted 05 May 2012 - 01:29 PM

So as long as my scan doesnt show anything and everything seems to be functioning correctly I dont have to worry about any other hidden issues?

Yes,click on startmenu and make sure to delete the SMART HDD folder

safe surfing :thumbup2:

#5 Paul Tiser

Paul Tiser
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 05 May 2012 - 01:37 PM

I do not see any "SMART HDD" folders, good go to! :) I assume the "recovery manager" folder is a Microsoft folder that is supposed to be in the startmenu?

Sorry for the stupid questions, I know enough to be dangerous! haha

Thanks again!

Edited by Paul Tiser, 05 May 2012 - 01:40 PM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:40 AM

Posted 05 May 2012 - 01:42 PM

You're good then :thumbsup:


Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off


Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

Edited by narenxp, 05 May 2012 - 01:43 PM.


#7 Paul Tiser

Paul Tiser
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 05 May 2012 - 02:16 PM

Ok last stupid (ok 2) questions!

1) I did as you requested:

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,

How do I create a new restore point? I assume I need to turn the system restore back on, and if so which one do I pick a or b below?

a) To be able to restore system settings and previous versions of files, click Restore system settings and previous versions of files.

b)To be able to only restore previous versions of files, click Only restore previous versions of files.




2) I have McAfee which is supplied free via Cox Cable, I also just upgraded and purchased the "malwarebyte" software.
Should I uninstall the "SUPERantispyware", or just leave it on my system?

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:40 AM

Posted 05 May 2012 - 03:05 PM

How do I create a new restore point? I assume I need to turn the system restore back on, and if so which one do I pick a or b below?

Select the first one

Restore system settings and previous versions of files

Run scan with malwarebytes and super antispyware frequently.You can uninstall them now

good luck

Edited by narenxp, 05 May 2012 - 03:05 PM.


#9 Paul Tiser

Paul Tiser
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 05 May 2012 - 03:35 PM

Excellent, Mission accomplished! Thanks again for the help

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:40 AM

Posted 05 May 2012 - 04:21 PM

You're most welcome :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users