Jump to content

Recommended Posts

I am pretty sure the virus is gone. I followed these instructions. I have done this many times before on various systems with good luck. The app Unhide.exe was added to the removal process and it brought back the Windows default shortcuts except the Desktop, (went to properties and turned them back on) and Administrator Tools. (I created/pasted shortcuts from the system32 folder).

The only thing left are the 'empty' folders in [All Programs]. All of which are third party software installs (like Quickbooks, Office Suite, Roxio, Skype, etc.) Like many other posters here the apps are there and can go find the .exe files to launch the programs.

I was hoping it is a reg key or Group Policy that was turned off/disabled/deleted by the virus, but have not been able to find a fix. I have read that some suspect the shortcuts are moved to a hidden temp folder, but I am not able to confirm that. I am able to do a reinstall/repair install of the apps but was hoping to find a quicker fix.

I see this is becoming more prevalant lately and am asking if anyone has found anything that would help.

On a side note, the only common computing activity I can surmise between all of the infections lately is users have visited or were visiting Google Images. I was hit myslef while there just this week. I was able to shut down the browser and system before it installed. whew :excl: It doesn't seem to matter what pics one is searching, celebrity, medical, puppies, kitties, etc. Obviously these pics are not hosted on Google servers so it the hosting server/pic that is infected. At least as near as I can tell.

Link to post
Share on other sites

So am I to understand that this virus moves these third party software shortcuts to Temp folders?

Do we know which ones?

Does it create new temps folders? Locations?

Are they hidden?

Is it random or the same temp folder every time?

From my post above, The app Unhide.exe was added to the removal process and it brought back the Windows default shortcuts except the Desktop, (went to properties and turned them back on) and Administrator Tools. (I created/pasted shortcuts from the system32 folder).

Is unhide.exe updated rather quickly? I notice the version I downloaded earlier this week is 491kb and your link is 592kb.

What does unhide do exactly?

In my case all the temp folders are clean but for future reference it would be nice to know.

Link to post
Share on other sites

  • Staff

Hi,

So am I to understand that this virus moves these third party software shortcuts to Temp folders?

The malware moves most, if not all shortcuts to the Temp folder. I'm pretty sure it doesn't discriminate against any software in particular.
Do we know which ones?
See above.
Does it create new temps folders? Locations?
Yes it creates folders in %temp%\smtmp
Are they hidden?
Yes I believe so.
Is it random or the same temp folder every time?
See above.

From my post above, The app Unhide.exe was added to the removal process and it brought back the Windows default shortcuts except the Desktop, (went to properties and turned them back on) and Administrator Tools. (I created/pasted shortcuts from the system32 folder).

Is unhide.exe updated rather quickly? I notice the version I downloaded earlier this week is 491kb and your link is 592kb.

What does unhide do exactly?

It's updated every so often. It moves the moved files back to their default location, un-hiding them, as the name implies.

Hope that answered your questions.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.