start menu icons- missing
working on a computer that had a virus.
i removed the virus and the computer seems to be functioning well.
i have done several scans in safe mode w/ networking and normal boot and all threats have been found, assuming the PC doesnt have a rootkit that Malwarebytes didn't detect.
the virus was windows xp recovery.
when i first got the PC, the desktop and all directories were blank. the files were still there, but they were all hidden.
after MBAM found and removed the viruses, and after a few reboots, the desktop icons, directories, and some of the start menu icons came back.
however, there are a handful of legit start menu programs that dont show any files when you go to view them.
i ran this .exe tool that i have used on other infected PCs, it is called unhide.exe, but that didnt seem to fix it.
is there something else that i am missing that can help get the remaining start menu files to appear, again?
thanks.
i removed the virus and the computer seems to be functioning well.
i have done several scans in safe mode w/ networking and normal boot and all threats have been found, assuming the PC doesnt have a rootkit that Malwarebytes didn't detect.
the virus was windows xp recovery.
when i first got the PC, the desktop and all directories were blank. the files were still there, but they were all hidden.
after MBAM found and removed the viruses, and after a few reboots, the desktop icons, directories, and some of the start menu icons came back.
however, there are a handful of legit start menu programs that dont show any files when you go to view them.
i ran this .exe tool that i have used on other infected PCs, it is called unhide.exe, but that didnt seem to fix it.
is there something else that i am missing that can help get the remaining start menu files to appear, again?
thanks.
Fatal_Exception
Have you tried Kelly's Corners solution? http://www.kellys-korner-xp.com/regs_edits/xp_taskbar_desktop_fixall.vbs
ASKER
nope, but i just ran it on the PC, it completed in about...1 second and that didnt fix it.
thanks for the quick reply.
thanks for the quick reply.
You might have to do an in-place repair install of XP.
While anti-virus and anti-malware detect, and sometimes fix the files infected or else move the files to the quarantine, you are left to undo the consequences yourself, the rest of the changes or damage that's been done by them, or reinstall or replace files that are now in the quaranteen or long gone or messed up without themselves necessarily containing the virus/malware. Some anti-malware reverses some changes, such as those that turn off the security advisor in the registry, but sometimes the consequences are too many too varied and too extreme. Also a somewhat difficult fix is some malware will change the attributes of some folders to system hidden when they're not supposed to be, the malware do this to purposely make it difficult not only to discover the malware but also to be able to do much of anything, thus huge obstacles to your getting the malware off. Some rootkits, such as TDL4, go so far as to encrypt a portion of the disk making it impossible to look inside and so impossible for anti-malware to "see" it, and near impossible to rectify short of wiping the disk.
Often System Restore is turned off, or worse had been broken. WindowsUpdates might also be broken.
Check the attributes of the individual folders under %username%\Start Menu\ as well as All Users\Start Menu\ to see if the items in question had attributes changed.
Some menu and desktop items instead of being folders\shortcuts under those paths are added instead directly in the registry, and that's what the Kelly's Korner fix tried to fix.
You should also try numerous anti-virus and anti-malware, rarely is one tool enough. Besides Malwarebytes, try SuperAntiSpyware portable, try TrendMicro HouseCall.
While anti-virus and anti-malware detect, and sometimes fix the files infected or else move the files to the quarantine, you are left to undo the consequences yourself, the rest of the changes or damage that's been done by them, or reinstall or replace files that are now in the quaranteen or long gone or messed up without themselves necessarily containing the virus/malware. Some anti-malware reverses some changes, such as those that turn off the security advisor in the registry, but sometimes the consequences are too many too varied and too extreme. Also a somewhat difficult fix is some malware will change the attributes of some folders to system hidden when they're not supposed to be, the malware do this to purposely make it difficult not only to discover the malware but also to be able to do much of anything, thus huge obstacles to your getting the malware off. Some rootkits, such as TDL4, go so far as to encrypt a portion of the disk making it impossible to look inside and so impossible for anti-malware to "see" it, and near impossible to rectify short of wiping the disk.
Often System Restore is turned off, or worse had been broken. WindowsUpdates might also be broken.
Check the attributes of the individual folders under %username%\Start Menu\ as well as All Users\Start Menu\ to see if the items in question had attributes changed.
Some menu and desktop items instead of being folders\shortcuts under those paths are added instead directly in the registry, and that's what the Kelly's Korner fix tried to fix.
You should also try numerous anti-virus and anti-malware, rarely is one tool enough. Besides Malwarebytes, try SuperAntiSpyware portable, try TrendMicro HouseCall.
"Check the attributes of the individual folders under %username%\Start Menu\ as well as All Users\Start Menu\ to see if the items in question had attributes changed."
To elaborate on this comment, make sure the foldershave probably been set to "Hidden". Try setting your Folder Options to view Hidden AND System Files/Folders as well for now....
And are you sure the PC is 100% clean?
Does another user work ok or no?
To elaborate on this comment, make sure the foldershave probably been set to "Hidden". Try setting your Folder Options to view Hidden AND System Files/Folders as well for now....
And are you sure the PC is 100% clean?
Does another user work ok or no?
Was that a fresh download of Unhide.exe? If not, then download a fresh one and run it again.
If the above doesn't fix it, try running RogueKiller option 6.
RogueKiller:
http://www.geekstogo.com/forum/files/file/413-roguekiller
If the above doesn't fix it, try running RogueKiller option 6.
RogueKiller:
http://www.geekstogo.com/forum/files/file/413-roguekiller
You didn't empty the temp files did you? Check to see if you have this folder smtmp, if so, leave it there and download the latest version of Unhide.exe and run it.
Go to Start > Run and copy/paste the below command
%temp%\smtmp
If the window opens with contents in it then the issue can still be fixed, the new version of Unhide.exe should fix it.
But, if you have already emptied your temp files then all is lost.
Go to Start > Run and copy/paste the below command
%temp%\smtmp
If the window opens with contents in it then the issue can still be fixed, the new version of Unhide.exe should fix it.
But, if you have already emptied your temp files then all is lost.
ASKER
thanks for all of the suggestions, i will try a few things and get back to you guys when time allows.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
all the files are where they should be. shorcuts, documents, etc...
the only thing that i am having issues with are that the start menu program folders still say empty...about 50% of them.
still working on some of the suggestions.
the only thing that i am having issues with are that the start menu program folders still say empty...about 50% of them.
still working on some of the suggestions.
Did you download the latest version of unhide.exe to remove the hidden flags on files and folders?
http://download.bleepingcomputer.com/grinler/unhide.exe
http://download.bleepingcomputer.com/grinler/unhide.exe
Also try HijackThis and Prcoess Explorer
http://technet.microsoft.com/en-us/sysinternals/bb896653
http://technet.microsoft.com/en-us/sysinternals/bb896653
ASKER
@ rpggamergirl
the latest version of unhide.exe didnt fix the start menu.
the latest version of unhide.exe didnt fix the start menu.
"the latest version of unhide.exe didnt fix the start menu."
%temp%\smtmp
Do you still have the above folder?
If that folder is gone then you can't recover those missing shortcuts.
You just have to replace them manually.. let us know and I'll post some ways to replace them.
%temp%\smtmp
Do you still have the above folder?
If that folder is gone then you can't recover those missing shortcuts.
You just have to replace them manually.. let us know and I'll post some ways to replace them.
How do you replace this manually?