Need some virus help

[Humboldt]

Trying to fix a friend's HP machine w/ a smart hdd virus that hid all of her data.

Pulled the hdd and scanned it from another machine. Found 29 trojans and has since scanned clean with Malwarebytes and MSE.

Boots just fine now but all the icons and shortcuts are still hidden.

Added the run command back to the start menu manually but am not sure whether to download unhide.exe or not.

Am trying this: http://superuser.com/questions/298605/a ... -infection

Malware now commonly will apply the System or Hidden attributes to hide your files as Windows by default has files with these attributes hidden in Explorer, this also applies to the Start Menu.

To fix it you will need to enter the command line.

On the Start Menu you will see a search box.

Bring up the Run applet Windows Key + R OR Start > Run and type cmd.
Type attrib -H -S "%USERPROFILE%\Start Menu" /S /D
Type attrib -H -S "%ALLUSERSPROFILE%\Start Menu" /S /D

This will remove the Hidden and System attributes from all the shortcuts in the Start Menu.

You may also need to run the same command on your user profile to show everything else the malware hid.

Type attrib -H -S "%USERPROFILE%" /S /D

Once you have done this I would backup the data and reload Windows, while you can fix most problems caused by malware you can never be 100% sure you got rid of everything.

You can also use a program called Unhide from BleepingComputer.com, but it will UNHIDE EVERY FILE ON THE DRIVE! http://download.bleepingcomputer.com/grinler/unhide.exe

but am getting "the /D switch is only valid with the /S switch"

Any help appreciated, thanks

[YeOldeStonecat]

Run that "unhide" from BleepingComputer...does the job for you, and restores the stuff that gets hidden in a folder deep in the users profile.
Don't run any temp file cleaner like CCleaner before restoring hidden files..they usually get moved to a folder deep in the users temp directory. Unhide will find them (unless you ran a temp files cleaner)..and put them back.

[TonyT]

Just use the unhide utility. Download & save, double click.

[PsykoPenguin]

Run it a couple of times just to be safe.

[Humboldt]

I think I got everything back except the desktop background image.

Not sure since I didn't even bother booting it from that disk initially.

[RaisinCain]

Personally, I would wipe the drive and do a clean install.

[Humboldt]

Personally, I would wipe the drive and do a clean install.

If it was my own I might. As it belongs to a friend I'm trying everything I can do to get it working again as is.

[Ken]

I think I got everything back except the desktop background image.

Not sure since I didn't even bother booting it from that disk initially.

If it was my own I might. As it belongs to a friend I'm trying everything I can do to get it working again as is.

Well? Is it fixed?

Craig (Mnosteele) has a page with good tools that he keeps updated...

http://www.drtweak.com/index.php?topic=176.0

[Humboldt]

Well? Is it fixed?

Hey Ken
It's fixed. Scans clean w/ Malwarebytes and MSE and got the desktop and original icon positioning back w/ system restore.

Biggest bitch was just getting into the damn computer

*goes back to watching latest eBay coin auction*

[Ken]

Hey Ken
It's fixed. Scans clean w/ Malwarebytes and MSE and got the desktop and original icon positioning back w/ system restore.

Biggest bitch was just getting into the damn computer

*goes back to watching latest eBay coin auction*

See my edit... (I see yours! )

[Humboldt]

He's always been very helpful over the years.

Damnit, got outbid.