[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Start Menu Programs show empty

Posted on 2011-05-10
12
Medium Priority
?
896 Views
Last Modified: 2012-06-27
After cleaning up from a Malware attack, clicking the start/all programs, all the programs are now listed after removing the hidden attribute, but the folders show 'empty'.

If I navigate to the actual program folder, the executables are there.  I can recreate a shortcut and paste it into the start menu programs folder and it will work.  However, there are 3 columns of programs here, and it will take me an awfly long time to do this one by one.

Does anyone know if it's a registry setting to get these to re-appear?  
Thank in advance for any help.
0
Comment
Question by:drivetech
  • 4
  • 3
  • 2
  • +3
12 Comments
 
LVL 6

Expert Comment

by:linraf
ID: 35733134
I have found that this is because the malware has hidden these folders and / or the files under them.

You should be able to right click on the actual folder for the start menu under the user's profile, go to properties,  and uncheck hidden. Then it gives you option of this folder only or Folder and files, choose folders and files.
0
 
LVL 29

Expert Comment

by:Paul Jackson
ID: 35733241
I had similar happen to me and it was becuase the all users profile had been deleted from the harddrive.
Have you considered doing a system restore to a time before the attack, this is what I ended up doing to save the hassle of recreating shortcuts..
0
 
LVL 6

Expert Comment

by:linraf
ID: 35733258
Jacko is right, it is probably actually with the all users folder, not that user, but again, I have found it hidden as opposed to deleted.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 35733372
Run this tool to remove the hidden flags on files and folders.
http://download.bleepingcomputer.com/grinler/unhide.exe

If the above doesn't fix it, try running RogueKiller option 6.
RogueKiller:
http://www.geekstogo.com/forum/files/file/413-roguekiller

Sudeep
0
 

Expert Comment

by:TEK911
ID: 35734310
Perform a system restore to a time before the infection.
0
 

Author Comment

by:drivetech
ID: 35786629
Thank you everyone for your thoughts and input.  However, nothing fixed the problem.  I ended up saving data to a temporary system and performed a clean install of Windows XP.  Today, again I'm presented another system with the same exact problem.  Hit with Malware - All desktop items gone, all programs in start menu hidden and their directories empty.
This specific piece of malware is brutal.  There's GOT to be a way to clean and aviod a complete reinstall of Windows.  Restore points are unsuccessful.  I tried about 20 different restore points, none worked.

0
 
LVL 1

Expert Comment

by:sc456a
ID: 35820800
I'm seeing the same issue on a Windows 7 Pro 64bit workstation. Ran both of the utils SSharma listed with no joy, now trying various system restore points. Nothing so far...
0
 

Author Comment

by:drivetech
ID: 35861941
Two more systems are on their way into my shop today - SAME malware.  Desktop icons gone, start menu program directories EMPTY.
I'm going to attempt to recover recently DELETED files and restore them to their original locations using a data recovery program I have. Also, obviously clean the malware.

I can't believe this program!  It's popping up everywhere now.  Viper saw the attack and didn't stop it.  It gets passed Norton's, Kaspersky, McAfee, Microsoft Security Essentials, CA, everything!!

We need to solve this.
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 35862124
Check the temp files, if you could see smtmp in temp folders there is still a chance to recover the hidden files and folders. Unless the Malware is removing those files and folders.

On your system click on Start --> Run , type %Temp%\smtmp\ and click on OK.

If you could see a windows open and has content in it (obviously they would be hidden too), there are chances that you could recover the links and hidden Start Menu.

Sudeep
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 35863436
You could also try running the Combofix and paste its logs. I have read that latest version of Combofix has fix for this issue:

Download Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Tutorial on how to use combofix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post logs here for further analysis.

Sudeep
0
 

Accepted Solution

by:
drivetech earned 0 total points
ID: 35983500
As I'm sure that all of you have experienced, there is no fix for this.  It requires either recreating all of the shortcuts manually, or a reinstall of Windows.  What we've done for our contract customers is creat a script that backs up the start menu programs folder for each user.  This will give us the ability to import the users programs folder as it was previous to infection.  A very worthy proactive excersize.

Thanks everyone for your input.

-Drivetech
0
 

Author Closing Comment

by:drivetech
ID: 36008971
Closed, thank you. Please come again.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses
Course of the Month20 days, 9 hours left to enroll

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question