How to restore Start menu and files hidden/deleted by a virus

3 posts in this topic

Post #: 1   Posted

METHOD 1 - automatic

Download and run UnHide

Note 1. If the first run doesn't fix the issue, try to re-run UnHide.
Note 2. If any temporary file cleaner has been run after the infection, the above method will NOT work.

(credit goes to Grinler at http://www.bleepingcomputer.com)

=========================================================================================

METHOD 2 - semi-automatic

Vista/Windows 7

IF folder C:\Users\user_name\AppData\Local\Temp\smtmp exist...

Copy all content of this folder:
C:\Users\user_name\AppData\Local\Temp\smtmp\1
and paste it to this folder:
C:\Program Data\Start Menu

NOTE. "Start Menu" folder is a system folder, so in order to see it, in Windows Explorer, go Tools>Folder Options>View tab and UN-check "Hide protected operating system files".
In order to access "Start Menu" folder, you may need take ownership of that folder: http://www.howtogeek...-menu-in-vista/


Copy all content of this folder:
C:\Users\user_name\AppData\Local\Temp\smtmp\2
and paste it to this folder:
C:\Users\user_name\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch

NOTE. "Quick Launch" is also a system folder. See note above.


Copy all content of this folder:
C:\Users\user_name\AppData\Local\Temp\smtmp\3
and paste it to this folder:
C:\Users\user-name\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar


Copy all content of this folder:
C:\Users\user_name\AppData\Local\Temp\smtmp\4
and paste it to this folder:
C:\Program Data\Desktop

NOTE. "Desktop" folder is also a system folder. See note above.

==================================================================

Windows XP

IF folder C:\Documents and Settings\user_name\Local Settings\Temp\smtmp exist...

Copy all content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\1
and paste it to this folder:
C:\Documents and Settings\All Users\Start Menu


Copy all content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\2
and paste it to this folder:
C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch


Copy all content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\3
and paste it to this folder:
C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar


Copy all content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\4
and paste it to this folder:
C:\Documents and Settings\All Users\Desktop


==================================================================================================

METHOD 3 - manual

If, for any reason, Method 1, or Method 2 don't work you can...


***** ...restore the defaults for the Start Menu, Accessories and Administrative Tools as follows:

Windows 2000 US English
http://download.blee...00-sm-reset.exe

Windows XP Pro 32-bit US English
http://download.blee...it-sm-reset.exe

Windows Vista 32-bit US English
http://download.blee...32-sm-reset.exe

Windows Vista 64-bit US English
http://download.blee...64-sm-reset.exe

Windows 7 32-bit US English
http://download.blee...32-sm-reset.exe

Windows 7 64-bit US English
http://download.blee...64-sm-reset.exe

(credit for the above goes to Grinler from http://www.bleepingcomputer.com)



***** ...manually recreate "All Programs" entries, following these steps...

NOTE. In case programs links shows as (empty) see )(3)(Inc)%26%2F%2Fa%5B%40id%3D%26quot%3Bentry167099%26quot%3B%5D%2Ffollowing-sibling%3A%3Adiv%5B1%5D%2Fdiv%5B2%5D%2Fdiv%5B1%5D%2Fspan%5B12%5D%2Fstrong%5B1%5D(41)(3)(y)%3A)

  • Download App Paths
  • Double click on AppPaths.exe to run the program.
  • Keep the program open.

In this example I'll recreate an entry for Avast antivirus program.

  • Go Start>All Programs.
  • Right click on Avast entry, click "Properties".

p4481214.gif
NOTE. Make sure, you right click on Avast program, NOT on Avast folder.

  • You'll see this window:

p4481211.gif

Due to the damage caused by the infection, you'll find "Target" box empty.

  • Go back to AppPaths window and find Avast entry.
  • Right click on Avast line, click "Edit".
  • A pop-up window will open:

p4481212.gif

  • Highlight everything in "Path" box, right click on it, click "Copy"
  • Go back to Avast "Properties" window, right click inside "Target" box, click "Paste".
  • IMPORTANT! Add quotation marks at the beginning of the path and at the end
  • Click OK and you're done.

p4481213.gif

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In case, program's link shows as (empty):

p4481404.gif

  • Open Windows Explorer, navigate to Avast folder in Program Files
  • Right click on Avast ".exe" file, click "Create shortcut":

p4481405.gif

  • Copy that shortcut, go back to Start menu.
  • Right click on avast!Free Antivirus, click "Paste".
  • You'll see Avast shortcut recreated replacing (empty) entry.

Alternatively....
...you paste that shortcut in:
(XP) - C:\Documents and Settings\All Users\Start Menu\Programs\Avast
(Vista/7) - C:\Program Data\Start Menu\Programs\Avast

This post has been promoted to an article


Share this post


Link to post
Share on other sites

Post #: 2   Posted

Share this post


Link to post
Share on other sites

Post #: 3   Posted

It Figures I'd read this after I posted in the Comodo uninstaller thread..

Bump.

:gallery_49404_3_2468:

Edit: not used to using downloaded external gui tools yet to fix a file structure yet Broni. I'm used to wrenching on text files manually via terminal and geany.


Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.