Jump to content

Recommended Posts

Hi,

My computer contracted the Windows Recovery Virus the other day. I followed the instructions on the link below, and believe that the virus has been successfully removed using Malwarebytes.

http://www.bleepingcomputer.com/virus-removal/remove-windows-recovery

Subsequently, I also used unhide.exe to unhide various files hidden by the virus and various icons on my desktop. This worked fine.

My problem now is that the various program shortcuts within Start --> All Programs are still missing, with the various program folders in the Start menu saying that they are empty.

Can you please help me with this issue and is there any way to fix the above?

Many thanks in advance for your help!!

Link to post
Share on other sites

Hi,

In addition to the above, a number of shortcuts on my desktop are also missing. Similarly, the shortcuts within the Start Menu and on the desktop are also missing when I log into my other user account on my PC.

Thanks again for your help. Much appreciated.

Link to post
Share on other sites

Greetings :)

These rogues have been moving the links from users' START menu\All Programs folders along with desktop shortcuts to a random temp location, as such, please make certain you don't run any temp file removers or disk cleanup which is built into Windows.

To locate the files and verify that the entire infection has been removed, please do the following:

Please read and follow the directions here, skipping any steps you are unable to complete. Then create a NEW topic here and include a description of your issue as you did with this topic so they know that you're trying to restore your shortcuts which were moved by the rogue software.

One of the expert helpers there will give you one on one assistance when one becomes available.

Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help.

If you are unable to do all or any of the steps in the link to the directions above, just post your problem into the forum I gave you a link to anyway and someone will be able to assist you.

If you prefer to be assisted via email you may contact support@malwarebytes.org and one of our support staff members will assist you directly.

If you are a reseller, affiliate, technician, corporate, business, educational, government or non-profit customer then please contact corporate-support@malwarebytes.org and include full contact details along with your Reference # when you do to ensure that you receive prompt assistance.

Thank you :)

Link to post
Share on other sites

  • 2 weeks later...

Start Menu Program shortcuts

Current User Quick Start shortcuts

All Users Desktop folders and shortcuts

Try navigating to the following path: (make sure you have the hidden files and folders visible)

C:\Documents and Settings\your user name goes here \Local Settings\Temp\smtmp

Inside the smtmp folder you will see three folders named 1, 2, 4

1 = Start Menu Program shortcuts

2 = Current User Quick Start shortcuts

4 = All Users Desktop folders and shortcuts

Simply copy the shortcuts back to the original path.

Hope this helps!

Link to post
Share on other sites

Can anyone tell me how this virus launches ? Does it come in after clicking a fake warning popup ?

I have removed it from several machines and I tell customers that they probably clicked on a fake warning popup but i'm not certain. A screen shot would be great if it is. Most customers say it just appeared...

Thanks

Link to post
Share on other sites

Some do come from clicking pop ups, but others use malicious scripting/Java in web pages so that it downloads and installs automatically and silently (usually using an exploit or vulnerability in Java, Flash, Firefox or Internet Explorer). The best thing to do is keep everything up to date. Remove old browser plugins and install the latest versions, install any security updates from Windows Update and use an up to date antivirus (and also having the PRO version of Malwarebytes' Anti-Malware doesn't hurt either, as we block many of these threats from getting in by both blocking many malicious websites that serve these threats using our Malicious Website Blocker as well as detecting and blocking the threats when they try to execute using our realtime protection).

Link to post
Share on other sites

  • 2 weeks later...

Some do come from clicking pop ups, but others use malicious scripting/Java in web pages so that it downloads and installs automatically and silently (usually using an exploit or vulnerability in Java, Flash, Firefox or Internet Explorer). The best thing to do is keep everything up to date. Remove old browser plugins and install the latest versions, install any security updates from Windows Update and use an up to date antivirus (and also having the PRO version of Malwarebytes' Anti-Malware doesn't hurt either, as we block many of these threats from getting in by both blocking many malicious websites that serve these threats using our Malicious Website Blocker as well as detecting and blocking the threats when they try to execute using our realtime protection).

Ive just had this as well. Worked through most of the issues and only thing ' missing ' is the start menu programs and taskbar shortcuts. Ive found them in a temp folder and the folders are indeed named 1,2 and 4 ass corsearle indicated but not sure where to copy them back to

Link to post
Share on other sites

  • 2 weeks later...

thanks for posting this!!!! My Sister in Law had this on her PC and I was banging my head against the wall trying to figure it out. I think I'll recommend she buys the full version of malwarebytes to prevent her husband from clicking on every little pop-up that appears. (Also need to tell him to stop visiting those kinds of websites)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.