"Empty" Program Folder

[gruntsolitude21]

Hey guys, I just recently got a Trojan which hid all of my programs from my desktop and start menu. I managed to get the ones on the desktop and the start menu you up, but when I go into All Programs and click open some of the folders it says "empty." I know that my programs are in the c drive and can work, but like I said their folders are coming up "empty." Can you guys help me out?

 

[Trivium]

It's quite possible that the virus switched the visibility of the files to "hidden". if this is the case, open up explorer, go to Folder Options->View and select "Show hidden files and folders". Then click "Apply to all folders". This should reveal any hidden files.

If you can now see the files in your All Programs folder, you can now go ahead and unhide them, by selecting all the files and folders, right clicking and selecting Properties, and unchecking the "Hidden" option. Now they should no longer be hidden, and you can uncheck "Show hidden files and folders" if you wish.

I hope that solves your problem

 

[johnb35]

Try downloading and running UNHIDE.EXE. This will unhide all your files, desktop icons and start menu programs providing you haven't ran a temp file cleaner.

Then If you haven't already, I suggest you do the following.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

 

[gruntsolitude21]

Trivium, thanks for your advice, but I was not able to unhide the programs.
johnb35, I ran unhide.exe before and nothing worked. I'm able to get the log for malwarebytes and rkill but not for Hijackthis. When I ran Hijackthis, when it was trying to save the log the notepad was empty, showing no log info at all. Below is the malwarebytes and rkill logs.

Malware:


1/5/2012 2:53:06 AM
mbam-log-2012-01-05 (02-57-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 173075
Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Rkill:
kill was run on 01/05/2012 at 3:13:43.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 01/05/2012 at 3:14:14.

 

[johnb35]

Your malwarebytes log shows no action was taken, did you click on the remove selected button?

In order to run hijackthis in vista and windows 7 you must run it as an administrator. Right click on the hijackthis icon and click on run as, if the run as option doesn't appear then press and hold the shift key while right clicking on the icon.

If unhide didn't work then its possible you ran a temp file cleaner program and remove the temp file that the malware moved your programs too. You can try doing a sytem restore prior to get infected but i doubt that will bring your programs back.