I'm trying to repair a Dell laptop running Windows XP SP3 that was infected with a variation of fairly typical malware that makes a user think a virus was detected and prompts them to go purchase a solution.
I am pretty sure I deleted the executable responsible for the initial problems. Task manager had been disabled, right click had been disabled, all system files had been set to "Hidden" and all program folders in show "Empty" where you expect to see program names like Excel or Notepad. I did verify that all those program files are still in their proper folders, they've just been removed from the All Programs menu.
I unhid the files, I fixed the registry to renable right click, Task Manager, and to show desktop shortcuts.
However I still have a lingering problem in that all program groups continue to show Empty and the Quick Launch area next to the Start button is empty. I've confirmed that this behavior is present regardless of the profile so I can't just delete the user's profile and recreate it. If it's another registry setting I have been able to identify it. Anybody know how to restore these program groups? Thank you.
Best Answer
Malware now commonly will apply the System or Hidden attributes to hide your files as Windows by default has files with these attributes hidden in Explorer, this also applies to the Start Menu.
To fix it you will need to enter the command line.
On the Start Menu you will see a search box.
This will remove the Hidden and System attributes from all the shortcuts in the Start Menu.
You may also need to run the same command on your user profile to show everything else the malware hid.
Once you have done this I would backup the data and reload Windows, while you can fix most problems caused by malware you can never be 100% sure you got rid of everything.
You can also use a program called Unhide from BleepingComputer.com, but it will UNHIDE EVERY FILE ON THE DRIVE! http://download.bleepingcomputer.com/grinler/unhide.exe