Link to home
Start Free TrialLog in
Avatar of Jsmply
Jsmply

asked on

Missing shortcuts on desktop and start menu after removing ZeroAcesss rootkit

After removing ZeroAcess rootkit via CF and some remnants via TDSSkiller, we are missing the desktop shortcuts and all the start menu programs.  Can anyone recommend a proven fix?  Earlier this year various rogues (Windows Recovery I believe) part of the process was using unhide.exe to get things back, but want to be certain here before running anything since we are not sure exactly which rogue brought the rootkit as we never got any pop-ups from a rogue box and CF just seemed to remove the rootkit files and no obvious filenames that associate to a specific rogue.

OS is Windows XP Pro

Thanks
SOLUTION
Avatar of Sudeep Sharma
Sudeep Sharma
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Jsmply
Jsmply

ASKER

Just tried unhide.exe.  It ran succusfuly, but still no desktop shortcuts or start menu programs.  They are still hidden.  No A/V was running when running unhide.
Avatar of Jsmply

ASKER

Okay after logging on and off, the desktop icons are back.  Start menu still missing.
Read the article by rpgamergirl posted in the first answer to your question by SSharma.  Everything you need to know is there.  Honest.  (Including some fixes)  Hint Hint

Windows XP/Vista Recovery rogue - Desktop icons missing - Empty program files
https://www.experts-exchange.com/A_6209.html

@Jim-R

I have already posted that article. See the very first post.

Thanks
Sudeep
That's what I said
Oh...I see you already mentioned that....my bad
Avatar of Jsmply

ASKER

Thanks.  Ccleaner was not run, but that folder seems to be empty anyway.  Perhaps something else in the removal process dumped it?  Looks like the faster way is to just clear out the start menu by hand and re-create whatever shortcuts are used normally.  
Looks like the faster way is to just clear out the start menu by hand and re-create whatever shortcuts are used normally.  

There are download tools posted within the recommended article first posted by SSharma and then reposted again by myself.

The will create the default shortcuts AUTOMATICALLY, and recreate all others from the Program Files directory.  All you have to do is cut and paste into the the Start Menu.

Because this problem is so common, some people have put some hard work into these tools so you don't have to do these things entirely by hand. :^)

Feel free to do all the shortcuts manually one by one if you like, but the other way is much better.
Avatar of Jsmply

ASKER

Thanks Jim.  Looked through that link pretty closely.  The defatuls are fine, but really not a big concern as the user doesn't use them anyway as this is a workstation with a few specific uses.  Is there any particular harm in not having those things on the start menu (accessories, etc)

The bigger concern is the non-default programs.  I assume you  mean the repair.zip that creates everything via a VB script and then lets you cut and paste them into the start menu?

We tried that, the problem we ran into was this literally creates EVERYTHING you can think of, not just the stuff that the third party programs would normally put on the start menu.  Seeing this OS install is several years old and lots of things have been installed, the list of folders and shortcuts it made was HUGE.  Determining what to cut and paste into the start menu from it's results was almost as tedious as just creating the stuff we know we needed over again.

Are we missing something?  Appreciate any thoughts.

Thx
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Jsmply

ASKER

Thx all.  Sorry for the delay in closing the ticket.