Spyware, Viruses, & Security forum


Recover deleted files and icons after Trojan?

by mjfuller / November 22, 2011 2:58 PM PST

My AV, TrendMicro Internet Security found a trojan named TROJ Gen.RCIC7km and deleted it. This malware seems to have deleted many of my desktop icons and files. And when I clicked on Start there wasn't any items in the right column, like Control Panel or My Computer, etc. After I restarted the computer in Safe Mode that all came back. When I click on Start and All Programs it lists the programs, but most of the folders are empty. Is there any way to recover lost files and icons? I tried to do a system restore, but it didn't seem to fix anything. I also have a Carbonite account, but I'm not sure that will restore icons and program files. Is the worst case scenario to re-install windows and build everything over again? Help Mr. Wizard!!!!

Discussion is locked
You are posting a reply to: Recover deleted files and icons after Trojan?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Recover deleted files and icons after Trojan?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

All Answers

Collapse -
Tried "Unhide.exe'?
by Grif Thomas Forum moderator / November 23, 2011 1:11 AM PST

Some of the newer trojans create a registry entry that "hides" the items you're referring to.. They aren't really gone, they're just hidden.. Please download and run the file from the link below:

Clicking on the link below will immediately open a download dialogue window.


Hope this helps.


Collapse -
Tried it, no dice.
by mjfuller / November 23, 2011 2:22 AM PST
In reply to: Tried "Unhide.exe'?

Thanks. I was hopeful but it doesn't seem to do anything. The program told me if it doesn't restore everything to try disabling your AV and I did that. It still doesn't seem to work. Any other suggestions?

I probably should have provided basic system info also. I have a 6-yr-old Dell Dimensions desktop PC with XP Home. I use TrendMicro Internet Security, Windows Defender, Spyware Blaster, Spybot Search & Destroy, Malware Bytes, and Ad Aware. I scan the computer religiously, but it still wasn't enough! I think I got the bug from a shopping site, but not sure which one.

Collapse -
See if following the FIX ...
by Edward ODaniel / November 25, 2011 4:25 AM PST
In reply to: Tried it, no dice.
Collapse -
Grif, please come in.
by mjfuller / December 1, 2011 11:33 PM PST
In reply to: Tried "Unhide.exe'?

Did you have any more suggestions? Please see the last post. Do you suggest I try the solution in the blog it links to-- or something else? Thanks.

Collapse -
No need to try ...
by Edward ODaniel / December 2, 2011 8:10 AM PST
In reply to: Grif, please come in.

the fix I recommended -- Just keep trying the one that didn't work again and again until magic happens and it does work.

ONLY YOU sitting in front of your PC can follow the steps in the fix to see if they apply or not. NONE of us here can see if you have the directories mentioned in step one - if you do go on to step two and if not STOP because it does not apply.

Collapse -
And You Tried The One Provided By Edward O?
by Grif Thomas Forum moderator / December 5, 2011 3:22 AM PST
In reply to: Grif, please come in.

Sorry I haven't got back quicker. My home had a power, phone, and internet outage all weekend.. Powers on, but still no phone of DSL..

Either way, continue running the scanning tools you have installed, especially Malwarebytes, and give the suggestion posted by mister ODaniel above.

Hope this helps.


Collapse -
by naren_1 / December 14, 2011 11:34 PM PST
In reply to: Grif, please come in.

In case if you deleted temp file from the Os Then you dont have any choice. You have you to copy all the icons from c:\ Program files\* Specific Application *\ icons and past it in C:\Documents and Settings\All Users\Start Menu.

Collapse -
System Fix Malware
by nhojremlap / December 3, 2011 1:10 AM PST
In reply to: Tried "Unhide.exe'?

I was hit with System Fix - it got past updated antispyware and antivirus programs running in realtime!

Long story short: Before I was able to get onto the Internet and find the BleepingComputer.com instructions, I deleted all temp files and in the process, lost all the files and folders that were moved by System Fix. I've been manually copying shortcuts to the empty folders on the Start menu.

Collapse -
win32/tibs.it and win32alurian.fe
by 21sandals / July 23, 2012 6:20 AM PDT
In reply to: Tried "Unhide.exe'?

I had a vista and xp laptop infected with the above trojans and the link you supplied worked great on both. Once the file is opened a Dos window appears and sits there but be patient, give it a few minutes and the software will work its wonders...Many Thanks Grif

Collapse -
deleted files
by getreadyfor / December 8, 2011 3:31 PM PST

you may try freeware to restore.

there are many programs free could do the job

icare data recovery free
pc inspector

google the names

Collapse -
hidden files after virus
by tralynd / February 2, 2012 1:58 PM PST

Try this, it worked for me:
<blockquote class="jive-quote">This may be the solution you are

I recently removed the Vista Recovery Center malware from another one of our
company laptops. It has ATI graphics installed. This malware hides most of the
files on the PC in an attempt to fool you into thinking that your PC is really
damaged like it is reporting. Removing the malware does not undo the hidden aspects. In
Vista, the c:\Users\"your profile name
(usually Owner)"
folder contains the AppData subdirectory that the
Catalyst Control Center needs to access in order to function. When this
directory is hidden, then CCC cannot locate the necessary files to launch. To
fix this issue, I use the following steps.
Navigate to c:\ and right click on Users. Select properties. Under the General tab, look at the
bottom for the Hidden selection. If there is not a check mark in the box, place
a check mark there. Hit apply, select yes to apply to all subdirectories. If you
clicked ok, you may notice that it disappeared from the right pane once it
finishes. It should still be listed under the tree on the left. Right click on
it again. This time remove the check mark and apply to all subdirectories. Once
it has finished, your files in the Users directory should reappear and Catalyst
Control Center should function normally again. This has worked in all cases that
I have encounterd so far. Hopefully this works for you as
</blockquote><!-- [DocumentBodyEnd:dda6c774-b960-4dfa-a4c6-27fa47e8a5ed] -->

Collapse -
by rhabdomantist / February 2, 2012 11:08 PM PST
Collapse -
by morag_3750 / April 20, 2012 7:43 PM PDT

I used this link and it worked. Magic! Many Thanks

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions

CNET Holiday Gift Guide

Looking for great gifts under $100?

Trendy tech gifts don't require a hefty price tag. Choose from these CNET-recommended useful and high-quality gadgets.