Author Topic: Windows 7/Vista/XP Recovery Virus  (Read 3491 times)

Offline abensonTopic starter

  • ByteSpeed Technician
  • Newbie
  • ***
  • Posts: 17
Windows 7/Vista/XP Recovery Virus
« on: July 19, 2011, 04:09:45 PM »
The symptoms of this virus are:

  • Everything on your profile is missing (desktop icons, pictures etc.)
  • Your shortcuts in the Start Menu are missing

To get rid of the virus I would recommend Malwarebytes.  www.malwarebytes.org

Once you have gotten rid of the virus the missing files are still there.  They are just hidden.   If you can't see the hidden folder or files then in Windows Explorer press Alt+T to bring up the Tools menu and click on Folder Options.  Then click on View, then on Show hidden files and folders and then on OK.  Then select all of the files or folders that are hidden, right click on the selection and uncheck Hidden.  If it asks you to apply the option to the subfolders and files, you will want to do it.

As for the missing Start Menu shortcuts they are located in:

\Documents and Settings\[Infected User]\Local Settings\TEMP\SNTMP for XP
\Users\[Infected User]\AppData\Local\Temp\SNTMP for 7/Vista 

The easiest way to return the start menu to normal is to copy everything from folder 1 in the SNTMP folder to:

\Documents and Settings\All Users\Start Menu\Programs for XP
\ProgramData\Microsoft\Windows\Start Menu\Programs for 7/Vista

That will bring all the shortcuts back to every user on the machine.  This will cause duplicates in the start menu to popup.  Just right click the empty one and then click on delete.

Everything should be fixed.  I would also recommend changing any online passwords.
« Last Edit: December 02, 2011, 02:33:25 PM by abenson »

Offline thee_rook

  • Newbie
  • *
  • Posts: 2
Re: Windows 7/Vista/XP Recovery Virus
« Reply #1 on: December 02, 2011, 02:09:21 PM »
I would like to see a broader spectrum amount of scanners ran.  This is treating and ailment of an infection and not necessarily the actual cause.

Other good scanners to use are:

Hitman Pro from surfright.nl - http://www.surfright.nl/en
Spybot Search and Destroy - http://www.safer-networking.org/en/download/
Microsoft Security Essentials - http://windows.microsoft.com/en-US/windows/products/security-essentials
Combofix from Bleeping Computer - http://www.bleepingcomputer.com/download/anti-virus/combofix

There are a lot of other things to look at also. 

Offline lhulne

  • Administrator
  • Newbie
  • *****
  • Posts: 27
    • ByteSpeed
Re: Windows 7/Vista/XP Recovery Virus
« Reply #2 on: December 02, 2011, 03:45:40 PM »
Thanks for the suggestions, we appreciate it!
Lucas Hulne
Production Manager
ByteSpeed LLC
Toll Free: 888-658-0715
Fax: 218-227-0498
www.bytespeed.com