Virus deletes all Start Menu icons...

Pretty nasty virus going around... once removed, your icons, folders are hidden. DON'T USE COMBOFIX OR CCLEANER UNTIL YOU COMPLETE THE STEPS BELOW. They clean temp files, and that's what you don't want. Use Hitman Pro and Malwarebytes.

 

Start in Safe Mode and try to log in as the built-in Administrator for best results.

 

AFTER you remove the virus w/ Hitman and MBAM, do the following:

Use Grinler's Unhide.exe to fix the hidden folders.

http://download.bleepingcomputer.com/grinler/unhide.exe

 

After that, your start menu is still virtually worthless. All the shortcuts are gone. The malware does not delete the shortcuts, instead it moves the icons into a temp folder under the user that got the virus.

The location is:
Windows XP – “C:\Documents and Settings\%username%\Local Settings\Temp\SMTMP”
Windows Vista/7 – “C:\Users\%username%\AppData\Local\Temp\SMTMP” (I think this is the location. Please double check)

Inside that folder there are 3 folders named 1, 2 and 4.
Folder “1″ has all the Program icons.
Folder “2″ has all the Quick Launch Icons.
Folder “4″ has all the Desktop icons.

TIP:
When restoring Program Icons try and restore them to “C:\Documents and Settings\All Users\Start Menu\Programs” so it can repair the start menu for all users

All of your shortcuts should be restored. Please note that ComboFix, Disk Cleanup, CCleaner, or any application that deletes temporary files will delete the SMTMP folder and you will be stuck manually rebuilding the start menu. So please try this method first and it will save you A LOT of time.

Best Regards, 

Kyle B. Hanson 
Mobile Computer Wizard 

619-796-4629 Mobile 
858-345-0382 Office 
kyle@mobilecomputerwizard.com 
www.mobilecomputerwizard.com
< kyle@mobilecomputerwizard.com>