Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 331
  • Last Modified:

Missing shortcuts on desktop and start menu after removing ZeroAcesss rootkit

After removing ZeroAcess rootkit via CF and some remnants via TDSSkiller, we are missing the desktop shortcuts and all the start menu programs.  Can anyone recommend a proven fix?  Earlier this year various rogues (Windows Recovery I believe) part of the process was using unhide.exe to get things back, but want to be certain here before running anything since we are not sure exactly which rogue brought the rootkit as we never got any pop-ups from a rogue box and CF just seemed to remove the rootkit files and no obvious filenames that associate to a specific rogue.

OS is Windows XP Pro

Thanks
0
Jsmply
Asked:
Jsmply
  • 5
  • 4
  • 3
  • +2
4 Solutions
 
Sudeep SharmaTechnical DesignerCommented:
This might help

Windows XP/Vista Recovery rogue - Desktop icons missing - Empty program files
http://www.experts-exchange.com/A_6209.html

Sudeep
0
 
younghvCommented:
Jsmply,
Using 'unhide' is going to be safe regardless of the malware you repaired, so go ahead and use it.

We have been seeing a lot of the ZeroAccess bug, with mixed results on the repairs. Good on you for getting it gone.
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
I troubleshot this one over the phone recently (no I didn't get paid).  I suggested the user use System Restore to restore her system to a state before she was infected - worked like a charm.  This was especially effective since she is in Texas and I am in New York.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
JsmplyAuthor Commented:
Just tried unhide.exe.  It ran succusfuly, but still no desktop shortcuts or start menu programs.  They are still hidden.  No A/V was running when running unhide.
0
 
JsmplyAuthor Commented:
Okay after logging on and off, the desktop icons are back.  Start menu still missing.
0
 
Jim-RCommented:
Read the article by rpgamergirl posted in the first answer to your question by SSharma.  Everything you need to know is there.  Honest.  (Including some fixes)  Hint Hint

Windows XP/Vista Recovery rogue - Desktop icons missing - Empty program files
http://www.experts-exchange.com/A_6209.html

0
 
Sudeep SharmaTechnical DesignerCommented:
@Jim-R

I have already posted that article. See the very first post.

Thanks
Sudeep
0
 
Jim-RCommented:
That's what I said
0
 
Sudeep SharmaTechnical DesignerCommented:
Oh...I see you already mentioned that....my bad
0
 
JsmplyAuthor Commented:
Thanks.  Ccleaner was not run, but that folder seems to be empty anyway.  Perhaps something else in the removal process dumped it?  Looks like the faster way is to just clear out the start menu by hand and re-create whatever shortcuts are used normally.  
0
 
Jim-RCommented:
Looks like the faster way is to just clear out the start menu by hand and re-create whatever shortcuts are used normally.  

There are download tools posted within the recommended article first posted by SSharma and then reposted again by myself.

The will create the default shortcuts AUTOMATICALLY, and recreate all others from the Program Files directory.  All you have to do is cut and paste into the the Start Menu.

Because this problem is so common, some people have put some hard work into these tools so you don't have to do these things entirely by hand. :^)

Feel free to do all the shortcuts manually one by one if you like, but the other way is much better.
0
 
JsmplyAuthor Commented:
Thanks Jim.  Looked through that link pretty closely.  The defatuls are fine, but really not a big concern as the user doesn't use them anyway as this is a workstation with a few specific uses.  Is there any particular harm in not having those things on the start menu (accessories, etc)

The bigger concern is the non-default programs.  I assume you  mean the repair.zip that creates everything via a VB script and then lets you cut and paste them into the start menu?

We tried that, the problem we ran into was this literally creates EVERYTHING you can think of, not just the stuff that the third party programs would normally put on the start menu.  Seeing this OS install is several years old and lots of things have been installed, the list of folders and shortcuts it made was HUGE.  Determining what to cut and paste into the start menu from it's results was almost as tedious as just creating the stuff we know we needed over again.

Are we missing something?  Appreciate any thoughts.

Thx
0
 
Jim-RCommented:
No, the list of shortcuts created by the VB script is what I was thinking of.  Just wanted to make sure you had seen the option.

I use a free and small search program simply called "everything".  It does an amazing job of finding stuff instantly as you type and will initiate a search off the right click context menu anywhere in the computer.

Once the search items come up, you can sort them in the columns the way you want.

 x86 Program Files sorted by path
Using this tool I did a simple star dot exe on x86 Program Files and sorted the list by path shown in the screen shot above.

This free tool should make it easier to pick and choose the programs you want when all are sorted by their paths.  You can do anything you would normally do in windows explorer right within the list of results.  Copy, delete, Send to..., Create Shortcut etc.

The program "Everything" is a walloping 334KB and hunts like that Microsoft Puppy never could (except inside of files)
0
 
JsmplyAuthor Commented:
Thx all.  Sorry for the delay in closing the ticket.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 5
  • 4
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now