We help IT Professionals succeed at work.

Virus gone bad

ok so last week my boss got a new virus,, it took out all his desktop items and all his my computers and admin programs. I took is hdd and slaved it to my pc and performed a scan with 3 different virus scanners and they all came back ok so i proceeded to manually look for the virus and unfortunately i found it so it took over my pc and i ended up loosing alot as well. I did get the file to essentials who found that no one had been recognizing the virus as a virus so they immediately pushed out a update and i was able to scan find and delete the virus. but that is no my problem, my problem is that one my boss pc all menu items, admin programs(everything in the admin tools folder) are gone, as well EVERY file was hidden.  what i need is to get it all back, there are files listed in the start menu but when you open it up for example smart defrag> empty is what  i get. on my pc it also removed some items but not to the same extent. what can i do i would hate to have to reload two pcs,(i did try a restore to a differnt restore about 2 weeks back) and that had no effect.
Comment
Watch Question

CERTIFIED EXPERT

Commented:
it is very possible that the virus imposed restrictions are still present (assuming that the virus was actually removed completely - which I seriously doubt), there are some tools out there that claim to remove restrictions, personally I use rrt (Sergiwa Antiviral Toolkit Personal 6.8.0.0) unfortunately it is a commercial software but they do provide a free trial.
CERTIFIED EXPERT
Author of the Year 2011
Top Expert 2006
Commented:
If you could be a little more specific about your symptoms and the actions you have taken, we might be able to help you a little more.

This EE Article may be exactly what you need:
Windows-XP-Vista-Recovery-rogue-Desktop-icons-missing-Empty-program-files:

These other EE Articles will give you the basic steps you need to take in almost any situation:

http://www.experts-exchange.com/A_4922.html Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_5124.html Stop-the-Bleeding-First-Aid-for-Malware

Please attach the logs generated by any tools/scanners that you use.

**************************************************************************

One thing that you should understand clearly is that there is NEVER any reason to buy some application to clean up malware (as mentioned above). The best products for this kind of work are ALL free (but the creators do accept donations if you are so inclined).
MikeIT Manager
CERTIFIED EXPERT
Commented:
Just dealt with a similar virus this morning on a remote users laptop.  Luckily I was able to use GoToAssist to remote in, and then did a system restore to Friday.

Have you tried that?
CERTIFIED EXPERT
Author of the Year 2011
Top Expert 2006

Commented:
From the original post:

"(i did try a restore to a differnt restore about 2 weeks back) and that had no effect. "
CERTIFIED EXPERT

Commented:
The app I recommended is not only to cure the trouble but to prevent it, it sits in the system tray and prevents any harmful changes commonly applied by malware. For the prevention alone I think it is well worth paying for, and especially since from experience I know that the chances of removing completely  (100%) removing the virus are quite nil.
Have you used malewarebytes?  I recommend booting into safemode on the infected pc and running that.  If you've already ran that program then can you boot up into a linux live cd and copy the files you need from the hard drive to a usb stick.  you may need to re-install windows and wipe the drive...
CERTIFIED EXPERT
Author of the Year 2011
Top Expert 2006

Commented:
@bill_lynch -
Malwarebytes (with one of the 'rogue process stoppers) has already been recommended.

Author

Commented:
well i tried all of your suggestions but unfortunately it made it worse. my system was so unresponsive I just decided to reload it anyway :( Thanks for your suggestions
CERTIFIED EXPERT
Author of the Year 2011
Top Expert 2006

Commented:
@Stormyskies,

If you haven't already reloaded your OS, please post the logs as requested above.

There is no way for us to even identify the malware unless you participate and respond to our suggestions.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.