Spyware, Viruses, & Security forum

Question

Recover deleted files and icons after Trojan?

by mjfuller / November 22, 2011 2:58 PM PST

My AV, TrendMicro Internet Security found a trojan named TROJ Gen.RCIC7km and deleted it. This malware seems to have deleted many of my desktop icons and files. And when I clicked on Start there wasn't any items in the right column, like Control Panel or My Computer, etc. After I restarted the computer in Safe Mode that all came back. When I click on Start and All Programs it lists the programs, but most of the folders are empty. Is there any way to recover lost files and icons? I tried to do a system restore, but it didn't seem to fix anything. I also have a Carbonite account, but I'm not sure that will restore icons and program files. Is the worst case scenario to re-install windows and build everything over again? Help Mr. Wizard!!!!

Discussion is locked
You are posting a reply to: Recover deleted files and icons after Trojan?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Recover deleted files and icons after Trojan?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

All Answers

Collapse -
Answer
Tried "Unhide.exe'?
by Grif Thomas Forum moderator / November 23, 2011 1:11 AM PST

Some of the newer trojans create a registry entry that "hides" the items you're referring to.. They aren't really gone, they're just hidden.. Please download and run the file from the link below:

Clicking on the link below will immediately open a download dialogue window.

http://download.bleepingcomputer.com/grinler/unhide.exe

Hope this helps.

Grif

Collapse -
Tried it, no dice.
by mjfuller / November 23, 2011 2:22 AM PST
In reply to: Tried "Unhide.exe'?

Grif,
Thanks. I was hopeful but it doesn't seem to do anything. The program told me if it doesn't restore everything to try disabling your AV and I did that. It still doesn't seem to work. Any other suggestions?

I probably should have provided basic system info also. I have a 6-yr-old Dell Dimensions desktop PC with XP Home. I use TrendMicro Internet Security, Windows Defender, Spyware Blaster, Spybot Search & Destroy, Malware Bytes, and Ad Aware. I scan the computer religiously, but it still wasn't enough! I think I got the bug from a shopping site, but not sure which one.
Mike

Collapse -
See if following the FIX ...
by Edward ODaniel / November 25, 2011 4:25 AM PST
In reply to: Tried it, no dice.
Collapse -
Grif, please come in.
by mjfuller / December 1, 2011 11:33 PM PST
In reply to: Tried "Unhide.exe'?

Grif,
Did you have any more suggestions? Please see the last post. Do you suggest I try the solution in the blog it links to-- or something else? Thanks.
Mike

Collapse -
No need to try ...
by Edward ODaniel / December 2, 2011 8:10 AM PST
In reply to: Grif, please come in.

the fix I recommended -- Just keep trying the one that didn't work again and again until magic happens and it does work.

ONLY YOU sitting in front of your PC can follow the steps in the fix to see if they apply or not. NONE of us here can see if you have the directories mentioned in step one - if you do go on to step two and if not STOP because it does not apply.

Collapse -
And You Tried The One Provided By Edward O?
by Grif Thomas Forum moderator / December 5, 2011 3:22 AM PST
In reply to: Grif, please come in.

Sorry I haven't got back quicker. My home had a power, phone, and internet outage all weekend.. Powers on, but still no phone of DSL..

Either way, continue running the scanning tools you have installed, especially Malwarebytes, and give the suggestion posted by mister ODaniel above.

Hope this helps.

Grif

Collapse -
Icons
by naren_1 / December 14, 2011 11:34 PM PST
In reply to: Grif, please come in.

In case if you deleted temp file from the Os Then you dont have any choice. You have you to copy all the icons from c:\ Program files\* Specific Application *\ icons and past it in C:\Documents and Settings\All Users\Start Menu.

Collapse -
System Fix Malware
by nhojremlap / December 3, 2011 1:10 AM PST
In reply to: Tried "Unhide.exe'?

I was hit with System Fix - it got past updated antispyware and antivirus programs running in realtime!

Long story short: Before I was able to get onto the Internet and find the BleepingComputer.com instructions, I deleted all temp files and in the process, lost all the files and folders that were moved by System Fix. I've been manually copying shortcuts to the empty folders on the Start menu.

Collapse -
win32/tibs.it and win32alurian.fe
by 21sandals / July 23, 2012 6:20 AM PDT
In reply to: Tried "Unhide.exe'?

I had a vista and xp laptop infected with the above trojans and the link you supplied worked great on both. Once the file is opened a Dos window appears and sits there but be patient, give it a few minutes and the software will work its wonders...Many Thanks Grif

Collapse -
Answer
deleted files
by getreadyfor / December 8, 2011 3:31 PM PST

you may try freeware to restore.

there are many programs free could do the job

recuva
icare data recovery free
pc inspector

google the names

Collapse -
Answer
hidden files after virus
by tralynd / February 2, 2012 1:58 PM PST

Try this, it worked for me:
<blockquote class="jive-quote">This may be the solution you are
seeking.

I recently removed the Vista Recovery Center malware from another one of our
company laptops. It has ATI graphics installed. This malware hides most of the
files on the PC in an attempt to fool you into thinking that your PC is really
damaged like it is reporting. Removing the malware does not undo the hidden aspects. In
Vista, the c:\Users\"your profile name
(usually Owner)"
folder contains the AppData subdirectory that the
Catalyst Control Center needs to access in order to function. When this
directory is hidden, then CCC cannot locate the necessary files to launch. To
fix this issue, I use the following steps.
Navigate to c:\ and right click on Users. Select properties. Under the General tab, look at the
bottom for the Hidden selection. If there is not a check mark in the box, place
a check mark there. Hit apply, select yes to apply to all subdirectories. If you
clicked ok, you may notice that it disappeared from the right pane once it
finishes. It should still be listed under the tree on the left. Right click on
it again. This time remove the check mark and apply to all subdirectories. Once
it has finished, your files in the Users directory should reappear and Catalyst
Control Center should function normally again. This has worked in all cases that
I have encounterd so far. Hopefully this works for you as
well..
</blockquote><!-- [DocumentBodyEnd:dda6c774-b960-4dfa-a4c6-27fa47e8a5ed] -->

Collapse -
AppPaths
by rhabdomantist / February 2, 2012 11:08 PM PST
Collapse -
Answer
'bleepingcomputer/unhide
by morag_3750 / April 20, 2012 7:43 PM PDT

I used this link and it worked. Magic! Many Thanks

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Big stars on small screens

Smosh tells CNET what it took to make it big online

Internet sensations Ian Hecox and Anthony Padilla discuss how YouTube has changed and why among all their goals, "real TV" isn't an ambition.