Malware recovery

[Rico]

Hi Guys,

I cleaned a 64 bit Win7 machine that had, I believe it was "File Recovery" rogue AV. This rogue removed icons.

1. Used HMP removed rogue <reboot>
2. Went to c:\users\username\appdata\local\temp\smtmp found folders 1 & 4
copied 1 to c:\program data\start menu & 4 I copied to c:\program data\
desktop

many icons did not reappear, desktop & all programs!

3. run UNHIDE still all programs folders were "empty" & not all icons desktop
returned

4. The machine at this point is stable, & quick, many scans, nothing found.

5. With the system stable & quick, I used "System Restore" pre- infected
state.

After system restore all icons back plus, wallpaper restored.

What could I have done to get the icons & settings back, without having to use SR or re-install apps?

[Ranget]

well you could have tried using the repair section of superantispyware also
you could seek help at malware removal forums

[PhantomPhenix]

Hi, please download and scan Rogue killer. Delete any leftover reg keys left behind from infection.

-http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe-

and download unhide to fix the icons and folders.

-http://download.bleepingcomputer.com/grinler/unhide.exe-

[Rico]

Hi Guys,

The proplem was not removing the rogue. It's fixing the mess after removal. As I stated I did run Unhide.

I'm not sure if SAS can restore the icons + user settings.

[mick92z]

Quote:

Originally Posted by Rico

What could I have done to get the icons & settings back, without having to use SR or re-install apps?

It's easy reading removal guides, however when it comes to dealing with an infected machine,the goal posts seem to move . This is why experts from removal forums are always up to date with the latest tools.
Here is a link, http://malwaretips.com/blogs/remove-...d-check-virus/
in step 7 it gives instructions regarding desktop icons,it may be of use. However the goal posts will move again. I personally think malware removal is a waste of time.Buts thats just my opinion

[treehouse786]

check the tools on this page

specifically under 'Reverse Malware Damage'

[Rico]

Hi Mick,

Great post & now two posters providing a link to RogoueKiller, this one is news to me. Normally I would restore (Macrium Reflect) & move on, & never think twice about the bug. I volunteer my time, to a large club 4000 members, that for the most part do not know what a back-up is:

My frustration with this particular machine was:

1. Clean it, works great, but all programs (empty), & background missing. Giving the machine back in this state, would not be appreciated. And I'm not going to reinstall all there apps. so as to fill the 'all programs' list.

2. Malware free, I did SR, which worked. This could be a strategy: remove the infection > then use SR.

3. SAS does not provide the post malware solution that SR does. Perhaps Rogue Killer does, my next rogue, my first app will be roguekiller.

NOTE - In the brief time I've been working for the club, many AV, AS & other removal apps. did not see Rogues, now many solutions rogues. The industry moves fast.

Thanks
Rico

[Rico]

Hi Guys,

Treehouse: Thank You! Your sig is a GOLDMINE!!!

Thanks
Rico

[treehouse786]

Quote:

Originally Posted by Rico

Hi Guys,

Treehouse: Thank You! Your sig is a GOLDMINE!!!

Thanks
Rico

your welcome Reco