Jump to content


Photo

Windows Recover Virus: Start Menu program shortcuts missing after removal


  • Please log in to reply
9 replies to this topic

#1 cdub

cdub

    New Member

  • Members
  • Pip
  • 3 posts

Posted 13 May 2011 - 09:53 PM

Hi,

My computer contracted the Windows Recovery Virus the other day. I followed the instructions on the link below, and believe that the virus has been successfully removed using Malwarebytes.

http://www.bleepingc...indows-recovery

Subsequently, I also used unhide.exe to unhide various files hidden by the virus and various icons on my desktop. This worked fine.

My problem now is that the various program shortcuts within Start --> All Programs are still missing, with the various program folders in the Start menu saying that they are empty.

Can you please help me with this issue and is there any way to fix the above?

Many thanks in advance for your help!!

#2 cdub

cdub

    New Member

  • Members
  • Pip
  • 3 posts

Posted 13 May 2011 - 10:11 PM

Hi,

In addition to the above, a number of shortcuts on my desktop are also missing. Similarly, the shortcuts within the Start Menu and on the desktop are also missing when I log into my other user account on my PC.

Thanks again for your help. Much appreciated.

#3 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,022 posts
  • Gender:Male

Posted 13 May 2011 - 11:03 PM

Greetings :)

These rogues have been moving the links from users' START menu\All Programs folders along with desktop shortcuts to a random temp location, as such, please make certain you don't run any temp file removers or disk cleanup which is built into Windows.

To locate the files and verify that the entire infection has been removed, please do the following:

Please read and follow the directions here, skipping any steps you are unable to complete. Then create a NEW topic here and include a description of your issue as you did with this topic so they know that you're trying to restore your shortcuts which were moved by the rogue software.
One of the expert helpers there will give you one on one assistance when one becomes available.

Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help.

If you are unable to do all or any of the steps in the link to the directions above, just post your problem into the forum I gave you a link to anyway and someone will be able to assist you.

If you prefer to be assisted via email you may contact support@malwarebytes.org and one of our support staff members will assist you directly.

If you are a reseller, affiliate, technician, corporate, business, educational, government or non-profit customer then please contact corporate-support@malwarebytes.org and include full contact details along with your Reference # when you do to ensure that you receive prompt assistance.

Thank you :)
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#4 colsearle

colsearle

    New Member

  • Members
  • Pip
  • 5 posts

Posted 28 May 2011 - 07:47 AM

Start Menu Program shortcuts
Current User Quick Start shortcuts
All Users Desktop folders and shortcuts

Try navigating to the following path: (make sure you have the hidden files and folders visible)

C:\Documents and Settings\your user name goes here \Local Settings\Temp\smtmp

Inside the smtmp folder you will see three folders named 1, 2, 4

1 = Start Menu Program shortcuts
2 = Current User Quick Start shortcuts
4 = All Users Desktop folders and shortcuts

Simply copy the shortcuts back to the original path.

Hope this helps!

#5 colsearle

colsearle

    New Member

  • Members
  • Pip
  • 5 posts

Posted 28 May 2011 - 10:41 AM

Can anyone tell me how this virus launches ? Does it come in after clicking a fake warning popup ?

I have removed it from several machines and I tell customers that they probably clicked on a fake warning popup but i'm not certain. A screen shot would be great if it is. Most customers say it just appeared...

Thanks

#6 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,022 posts
  • Gender:Male

Posted 28 May 2011 - 10:20 PM

Some do come from clicking pop ups, but others use malicious scripting/Java in web pages so that it downloads and installs automatically and silently (usually using an exploit or vulnerability in Java, Flash, Firefox or Internet Explorer). The best thing to do is keep everything up to date. Remove old browser plugins and install the latest versions, install any security updates from Windows Update and use an up to date antivirus (and also having the PRO version of Malwarebytes' Anti-Malware doesn't hurt either, as we block many of these threats from getting in by both blocking many malicious websites that serve these threats using our Malicious Website Blocker as well as detecting and blocking the threats when they try to execute using our realtime protection).
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7 Ged

Ged

    New Member

  • Members
  • Pip
  • 3 posts

Posted 10 June 2011 - 09:10 PM

Some do come from clicking pop ups, but others use malicious scripting/Java in web pages so that it downloads and installs automatically and silently (usually using an exploit or vulnerability in Java, Flash, Firefox or Internet Explorer). The best thing to do is keep everything up to date. Remove old browser plugins and install the latest versions, install any security updates from Windows Update and use an up to date antivirus (and also having the PRO version of Malwarebytes' Anti-Malware doesn't hurt either, as we block many of these threats from getting in by both blocking many malicious websites that serve these threats using our Malicious Website Blocker as well as detecting and blocking the threats when they try to execute using our realtime protection).



Ive just had this as well. Worked through most of the issues and only thing ' missing ' is the start menu programs and taskbar shortcuts. Ive found them in a temp folder and the folders are indeed named 1,2 and 4 ass corsearle indicated but not sure where to copy them back to

#8 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,022 posts
  • Gender:Male

Posted 12 June 2011 - 10:13 AM

The tutorial located here should correct the issue. If it does not, then please follow the instructions here to receive assistance with getting the problem resolved.

Thanks :)
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 mirmsauce

mirmsauce

    New Member

  • Members
  • Pip
  • 1 posts

Posted 22 June 2011 - 07:00 PM

Just wanted to say Thank You! This thread was extremely helpful in resolving one of my users issues. You guys are great and are doing a great job here. Keep up the good work

#10 davidcito989

davidcito989

    New Member

  • Members
  • Pip
  • 9 posts

Posted 24 June 2011 - 08:52 PM

thanks for posting this!!!! My Sister in Law had this on her PC and I was banging my head against the wall trying to figure it out. I think I'll recommend she buys the full version of malwarebytes to prevent her husband from clicking on every little pop-up that appears. (Also need to tell him to stop visiting those kinds of websites)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users