Windows Restore
Windows Restore virus is another type of rogue hard drive utility application that utilizes proficiency of Trojan towards infecting the system unobserved even with security programs in place. Windows Restore virus can penetrate a computer without being detected while facilitating sophisticated rootkit technology. Once contained on victim’s computer, it will start to generate excessive alert messages exerting all efforts to induce users about occurrences of system errors. In addition, automatic virus scan is launched each time Windows is started to deceive users that numerous executable files are damaged. Similar to rightful optimization program, Windows Restore will advise to fix these errors. The only hint that Windows Restore is a scam application is when it begins to force users into paying for the registered version before any fix can be completed on the system.
Disregard Windows Restore together with all of the warnings and prompts presented. A single click on any of those buttons may lead to harmful consequences. The best approach for this scenario is to download and execute effective security solution that does not only remove Windows Restore but also watch over for imminent attack.
If presence of Windows Restore is uncovered, immediately run a full scan of suggested anti-malware program. Ensure that latest database is stored to fully identify malevolent files that are connected to Windows Restore.
Screen Shot Image:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Added Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'yes'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policie \Associations "LowRiskFileTypes" = '{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
Associated Files and Folders:%UserProfile%\Start Menu\Programs\Windows Restore\Windows Restore.lnk %UserProfile%\Start Menu\Programs\Windows Restore\Uninstall Windows restore.lnk %AppData%\Microsoft\[random].exe %UserProfile%\Desktop\Windows Restore.lnk %UserProfile%\Start Menu\Programs\Windows Restore\
How to Remove Windows Restore
Manual Removal Procedure
1. Press Ctrl+Alt+Del on keyboard to stop the process associated to "Windows Restore". When Windows Task Manager opens, go to Processes tab. Find and end this process.
(random characters).exe
2. You need to update your installed antivirus software. Please connect to the Internet and download the most recent database. This is a one-click process from your AV program’s console.
3. Thoroughly scan the computer and remove any threats found by your antivirus program. If delete option is not available, your best next choice is to quarantine the infected file. There is also a need to manually locate and delete malicious files. Please see the file section for items that are relevant to Windows Restore Virus.
4. Next, you need to remove registry entries created by Windows Restore. Please refer to registry section to view entries related to the rogue program. [how to edit registry]
5. Exit registry editor when you are done.
6. Get rid of Windows Restore start-up entry by going to Start > Run, type msconfig on the "Open" dialog box. It will launch a new window containing System Configuration Utility. Click on the Startup tab and uncheck the following item.
(random characters).exe
fletch
Apr 07, 2011 @ 15:53:56
Wow just had this nasty windows restore virus. I think i have it cleaned up. Fixed reg malware found 23 infectionsvfrom it looks like a quiet firefox extension was the source. It came quick while computer was idol. I need more help now. It hid all my desktop icons and files in programs folder. I got the icons back but if i go to start button ,programs it shows nothin just empty. Can restore as no way to get to tools. it blocked my admin privledges get messages saying i am not authorized.if i go to run browse programs folder it shows nothing but checking properties i see the size and it reflects it should be full of programs. How do i unhide or repopulate my programs list in start button areas???
fletch
Apr 07, 2011 @ 16:07:10
Ok figured out how to get prgrams back it hide the program folder and program start up then turned show hidden folders off . I unhide but acrobat reader gives error saying i need to have admin permission which i am on the admin account so maybe acrobat reader was culprit door
fletch
Apr 07, 2011 @ 16:53:02
Ok update. I got alot back but this does destroy aol,ie browsers. My accessory folder and content is gone and my owner folder is now empty all folders and files gone. Im looking for a way to restore to earlier point if i xan find away to get to system restore
zack
Apr 07, 2011 @ 18:51:31
Did you get any of your programs back? If so, how?
zack
Apr 07, 2011 @ 19:26:17
Update. Once everything is deleted, virus wise, all folders in “my computer” are listed as “hidden”. just right click and under the general tab unclick hidden towards the bottom. Once i did this all my programs populated and everything was back to normal. the only thing im still having trouble with is my desktop. all my background have been disabled and i can only pick solid colors. any ideas?
Connie
Apr 07, 2011 @ 23:14:18
I also had the Windows Restore Virus and I got it all removed. I had the problem where everything was hidden which I did unhide. The main problem I am noticing right now is that when I click on the Start Menu and then All Programs it shows the folders like usual but all the folders are empty.
All the programs are still on my computer in C:\Program Files they are just not in the Start Menu\Programs. I’ve tried copying the main program .exe to the Start Menu\Programs but when I try to open it from the Start Menu it says I can’t. Has anyone else had this problem with the Start Menu? I’ve found a lot of people online saying their All Prgram’s is empty, I see the folders but it’s the folders that are empty. Any help would be appreciated. Thank you!
Kathy
Apr 07, 2011 @ 23:46:24
I have this windowsrestore virus. I am unable to open the task manager. When I hit control-alt-del the task manager only shows on the bar at the bottom of the window. Any way I can get it to open so I can delete the program and run anti virus program?
Thank you
James
Apr 08, 2011 @ 01:40:11
Hi,
I had a similar problem this evening (April 07, 2011). I followed the instructions for Manual Removal (Steps 1-3 and 6) on this webpage. After msconfig, I ran SUPERAntiSpyware, Spybot–Search and Destroy, and CCleaner (Registry scan).
All of my programs now appear in my start menu and I unchecked hidden folders and everything returned to my desktop. All set now…I think!
Thanks so much for posting!
Alec
Apr 08, 2011 @ 06:49:20
I’m currently having this problem. What were you all doing when this problem started?
Fook-Chuen
Apr 08, 2011 @ 08:56:11
thank for the guide. I however have a problem similar to Connie.
I am unable to see any file is the “document and settings” folder. I have asked it to show all hidden files but still nothing and in my start menu almost all the program shortcuts are missing – program are still working.Help would be appreciated
oldsol
Apr 09, 2011 @ 01:31:41
I clicked on a “sponsored” link from ebay 10 minutes ago…!! Freakn great now I too get to deal with this crap..!!
Todd
Apr 09, 2011 @ 05:21:12
The right click on “my computer” worked like a champ. Everything is back where is belongs. Once everything was visible, I right clicked on each folder’s Properties and unclicked the “Hidden” button.
jon k clifton
Apr 09, 2011 @ 09:55:18
i had this and it made my entire c drive hidden desktop icons and all i had to go to folder options every few min to set it back to show hidden files and quickly found the problem oh side note ctrl alt delete was disabled so it could not be used while the virus was active anyway i just right clicked on the desktop icon for windows restore found the target location identified the file name by sorting files by date created witch showed 3 files recently added and used ccleaner to stop the startup ap and just deleted it on the next startup havent had a problem since viruses are easy to fix if you got the patience without buying any crap software
jon k clifton
Apr 09, 2011 @ 10:27:14
to see your programs ect. you have to go to start-ctrol panel-folder options-view tab-show hidden files and folders-apply then open my computer-c drive-and right click on the folders-properties-unselect hidden file-apply every will be back to normal same concept with your desktop icons while there faded out in hidden mode just right click and do the same with them you can highlight all and do as a group so you dont have to go it one at a time but will repeat the nonsence if the virus isnt removed but this will give you something to work with dont worry there is no problem with your hard drive or ram capacity and all your files and programs will still be there and function normally once the virus is fixed
Scott
Apr 09, 2011 @ 11:56:51
Will not update melwarebytes or my anti virus. Give an error message that disk is full. How can I correct this. Disk is only 40% full.
Ivy
Apr 09, 2011 @ 16:11:43
I had this virus and believe I’ve removed it. I’ve been able to get most of my stuff to show up again (pics, docs, etc) but I’m having an issue with my Public folder. I can search for things I know should be there, and find them. But when I click on the file, it says something about not being able find it because it might have been moved. I can’t even go into properties in that folder to try to unclick hidden. It’s like it’s not even there. If anyone has had this problem/fixed it I would appreciate hearing what you did. Thanks!
(Btw Malwarebytes worked miracles taking this off. However I did have to run it twice before I got everything!)
Johnson
Apr 09, 2011 @ 22:25:10
Got this damn virus… just finished cleaning everything up I think. After some research online, manually deleted most of the virus files, then a full scan cleared a few I couldnt find.
As mentioned, it sets all your files and folders to hidden. Unhiding them fixed those problems. It also puts a few registry entries for “DisableTaskMgr”, which I deleted and now I can pull up task manager again.
One more thing I don’t think anyone’s mentioned yet.. The virus blanked out my desktop background and it disabled some features so I couldn’t change it. Went to this folder in the registry (run > regedit):
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
The virus had put an entry there called Blockdesktopbackground or something like that. Deleted that and it was back to normal.
sw
Apr 09, 2011 @ 23:46:32
I couldn’t get online, run virus scan, couldn’t get system restore to run. Finally got system restore to ran on admin and since it’s been restore not showing any signs of win 7 virus 2011. Haven’t tired internet because I think well know they virus is in the router here where I’m getting free wifi.
Esther
Apr 10, 2011 @ 08:34:37
I’m currently running a malwarebytes scan. I tried to unhide my files but it says I need admin approaval. I’m assuming that after the scan, it will no longer ask me for approval – ?
Alec: A pop-up came up saying something was wrong with adobe flash and that I needed to do something about it – I have windows 7 and the pop-up wasn’t an explorer pop-up, it looked like a separate application. I clicked “cancel” several times but the same app kept popping up. Then the windows restore “scan” started and now I’m here.
Esther
Apr 10, 2011 @ 08:36:47
How do I know all traces of the trojan have disappeared? Do I just keep running the anti-malware scan?
Is this trojan able to trace keyboard entries? (ie if I type in a password, will the trojan be able to identify it?) How do I know I am completely safe from this?
Thanks everyone for your previous comments by the way, it’s been a great help!
Esther
Apr 10, 2011 @ 08:45:02
Sorry to post so many comments all at once, but I just realized that I had some images of online bank receipts in my desktop when the trojan hit. I already changed my passwords and phone by bank; am I still at risk?
ben
Apr 10, 2011 @ 08:45:46
Hi, i’m not much of a computer guy, so i’m having trouble understanding what i should do for steps 4 and 6. If someone could help i’d be gratefull.
Jade
Apr 10, 2011 @ 15:25:35
Ben; click the start button and there is says ‘search’ type regedit from there follow the steps to delete the entries listed.
Jade
Apr 10, 2011 @ 15:27:27
It’s ridiculous the amount of viruses these days. I was simply searching on google and this virus appeared, it’s impossible to do harmless searches now without one of these infecting your system. Wish the arseholes who make them would piss off and find something better to do.
ben
Apr 10, 2011 @ 19:40:23
Jade; which steps are you refering to, because when i click on the [how to edit registry] link all it tells me is how to get to the registry. Am I missing something?
one80
Apr 10, 2011 @ 19:48:30
I’ve done everything listed to remove the Windows Restore virus but i’m unable to fix my background. I took Johnson’s advice and checked HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop but nothing was there. Any suggestions?
Artist Drive
Apr 10, 2011 @ 19:52:42
I ran into the same issue. I could figure it out it is spam after the system started rebooting automatically after 10-15 min when I am trying to kill this app. I ran into this while trying to download some Indian music/movie files. After reading this website, I checked msconfig and disabled the following
HP Health, GPA, KBD, Pivot software, Mousesuite98.
Not sure which one was the fake one
I could only find few of the registries mentioned above and corrected them(no to yes etc., checked on my other laptop). Fortunately taskmanager was working for me.
As soon as the computer started I clicked ctrl+Alt+Del and looked for suspicious files and killed that App (after 2 reboots I did this). It installed “34856712.exe” (windows restore) and “jnnVMiGJogPQ.exe” as a HIDDEN files in my C:\. Deleted them.
Misty
Apr 10, 2011 @ 20:21:00
I have this ugly virus now. I’m trying my hardest to get it off. All my pictures and videos are gone though. Is there anyway to get them back?
Lyndsay
Apr 10, 2011 @ 22:28:43
I have been hit by this today. I cannot find all my programs such as word, excel, paint, calculator….. HELP?
Brandon MiNichol
Apr 10, 2011 @ 23:15:39
I am having the same proplem as Kathy any help?
Brad
Apr 10, 2011 @ 23:21:20
I too seem to have this virus. I have run malwarebytes and havemanaged to copy my files on the desktop over to a portable drive. The issues now are that 1. My outlook pst file has completely disappeared and 2. I cant boot without going through the hard disk failing screens.
Can anyone help me in finding my outlook pst file?
Thanks.
Randy
Apr 11, 2011 @ 00:50:45
I recently had this virus. I ran Malware Bytes and SuperAntiSpyware to get rid of it. For anyone who thinks their files are missing, they’re not. They’re just hidden. Go to Control Panel, then Folder Options, and click “Show all files and folders”. After this, the files will show, but they will be greyed out. So, you have to right-click on the folders where your files are, click “Properties”, and then un-click “Hidden”. It will take several minutes as the new properties are being applied, but your files will then fully show.
Brad
Apr 11, 2011 @ 03:30:11
I cant seem to even get ino windows now. I keep getting hard disk failure messages at start up. Any suggestions?
Donald J. Priour, Jr.
Apr 11, 2011 @ 05:32:53
Thank you for all of the useful comments. I encountered the same difficulty, having been infected by the “Windows Restore” virus this afternoon. I downloaded AVG, and the virus was very effectively removed. Now, as others have already noted, most of my files were concealed, a potentially serious problem. However, I followed the same general strategy that others have mentioned.
I have windows 7, and to restore my hidden files, I opened “My Computer”. Then, I chose the “Organize Tab”, and selected “Folder and Search Options”. Next, I selected the “View” tab, and then I activated “show hidden files, folders, and drives”. Although the icons are faded out (there is advice given earlier how to fix this issue), at least they are visible.
With regard to the solid background, I have chosen a cheerier light blue color from my control panel, but no doubt it would be useful to find a way to retrieve the factory setting, which I preferred. Even so, with the aid of the comments others have provided, I am thankfully at an acceptable level of functioning.
Thanks for the helpful suggestions.
Martin
Apr 11, 2011 @ 10:37:55
I’ve had/got the virus and have manually deleted the registry entries and files mentioned above. I’ve got task manager back, desktop icons and wallpaper but I’m still having a problem that everything is missing in Start -> All Programs. I have changed c:\program files back to un-hide and I can see everything via Windows Explorer (I know they’re all there) but see nothing in Start -> All programs.
Also I’ve noticed now that when I exit Word, I get the following:
“The file Normal already exists. Do you want to replace the existing file”.
Any help greatfully received on both fronts, particularly the first one! This damn thing seems to have got everywhere :-(
Ed
Apr 11, 2011 @ 14:47:17
I just obtained the Windows Restore virus. Some of the key items I noticed are: It removed all restore points from system restore, there were 3 task running I had to end, it made the following changes to My Documents (READ ONLY & HIDDEN) which means they appeared to not be there and it imbedded several registry entries. This article shows them (most of them).
First I had to end the processed via Task manager. Then I had to select properties on My Documents and deselect Read only and Hidden. Append to all folders and subfolders. (it did not work for all of them so I had to sift through them at a later time)
There was nothing in my control panel but it was in my programs>Windows Restore. It had an uninstall item in there but I was scared to click on it. I deleted everything from the program folder. On to REGEDIT > searched on Windows Restore and by identifying items I found within those folders, I performed additional searches and deleted them as well. I found this article and checked all the identified registry items and discovered I missed one.
After all of this I rebooted and it worked great. Still had some clean up on the files being read only and hidden.
Also discovered that the drivers for my Catalyst Control Center were removed and the drivers for my ATI RADEON 4350 Vid card were not recognized.
So, I backed up all my files (most were already) and reset my PC to Factory default settings which formatted drive C and reimaged it.
No more worries. Luckily the processes would remain ENDED and not come back like many viruses I have seen.
Odd thing, my Gmail account was hacked simultaneously and the password (which is saved via firefox) was changed. I also have this email on my Android. 1 month ago experienced the same with 2nd of 3 emails accounts on my Android phone. Othere than these two instances, I have never had email hacked and rarely get viruses. I normally catch them and can restore instantly or remove them.
SUPER USER!
Ed 4 FLETCH
Apr 11, 2011 @ 14:52:48
Looks like Fletch had identical issue as me. Read what I posted previously Fletch. Some of this may help.
Also, Programs > Accesories was removed. I had my user set up with admin priviledges so I had very few issues with this portion.
To unhide: First you need to Go to > Start > Right click > Explore > Tools > Folder options > View “tab” > deselect anything that has word Hide or hidden. Append to ALL folders. Now Go to > [folder name] and righ click and select properties, deselect read only and hidden.
Hope this helps!
leapyear
Apr 11, 2011 @ 16:35:31
I can’t get my background back to normal eithere. Tried Johnson’s suggestion by looking for the Blockdesktopbackground file. Can’t find anything like that. Advice?
David
Apr 11, 2011 @ 17:10:49
How do we find these guys? They are collecting credit card information right? So we should be able to find them. If they are in my local area i wouldn’t mind visiting them to discuss this issue.
Kelly
Apr 11, 2011 @ 18:05:29
I too cannot get my background to be able to change. I tried Johnsons suggestion but nothing was there. Anyone have other solutions?
Kelly
Apr 11, 2011 @ 18:42:39
i finally found the answer on how to get your desktop back. Follow the below. It worked for me.
Go to Control Panel \ Appearance \ Personalization. Click “Show hidden files and folders”. It’s right next to folder options, then check the box for “show hidden files, folder, and drives”. Click Ok. Now, navigate to C:\Users\[YOUR_USERNAME]\ AppData\ Roaming\ Microsoft\ Windows\ Themes. If there’s a wallpaper(s), delete it. If there’s an .ini file, open it with Notepad and erase the contents. Reboot.
JHD
Apr 12, 2011 @ 01:34:17
Did anyone else lose all of their favorites/bookmarks in Internet Explorer?
If this is just a case of another hidden folder, where can I find the data to unhide? I have been looking in the Windows Explorer and haven’t found it.
Sam
Apr 12, 2011 @ 03:32:10
I have come across this virus. I deleted all of the registry entries, and used AVG and malwarebytes to try to find and remove the rest. They are failing to find anything in safe mode or normal mode. All of my desktop and files are still hidden, only able to see them if show hidden files is selected. None of my start menu icons are present, except for the anti virus programs installed because of this. System restore is not working past the “next” button when you confirm the restoration. What do I do. Using windows xp sp3.
adi
Apr 12, 2011 @ 03:52:39
Thanks guys!
Fin
Apr 12, 2011 @ 09:57:52
Came across this, this morning. have so far managed to unhide my files nd folders thanks to one of the comments above, am just doing a last Full Scan using Mal-ware (cos its awesome) but ive gotten rid of 5 infected items so far with Quick Scan. didnt have problems with sorting my Background out again, altho i did check in RegEdit to be sure, nothing there.
Only major problem i encountered was that when i tried starting up in Safemode with Networking, was that the computer wouldnt startup, it would have to be restarted and would claim there wasa problem with my Harddrive (yet i could start up normally (to which the virus would get to work) but thats sorted now, so im hoping ive gotten the bugger and things will run normally til the nxt virus >_>
thanks for all the help in theses comments etc :)
Fin
Apr 12, 2011 @ 10:05:27
Also, i have just noticed that similar to JHD, im also missing my Favourites in Explorer… any info on where the folder is to ‘un-hide’ would be appreciated :)
Fin
Apr 12, 2011 @ 10:16:53
figured out how to fix the Favourites issue… just type a random letter into your Search bar… search for anything to do with your webpages/folders/vids in your Favourites and then right click it and Open File Location… this will bring you to you Favourites folder which you can then ‘un-hide’ and get back to normal :)
Babygirl
Apr 12, 2011 @ 14:40:19
Hi Guys,
I got hit last night and Thanks to all you guys I am no longer having a panic attack ;)
I downloaded the malware thingy…and restarted and so far it seems to be gone.
BUT…can you guys pls explain to me how to unhide my much needed files? Please use lamenst terms so I can understand..lol–apparently it must be simple bc everyone else seemed to figure it out without help/ which gives you an understanding of my comp level-lol!! Seriously though…pls help me!!! Thanks this site and you guys are awesome! Thanks again!
Steve
Apr 12, 2011 @ 18:56:57
To unhide your programs in the Start>All Programs menu: Right click on Start, Explore all users, open the Programs folder. From there it’s the same as unhiding the desktop icons: right click on each transparent program, Properties>General unclick Hidden and Apply. (For XP)
kairi2
Apr 12, 2011 @ 19:25:35
Well, I have figured out how to get the Favorites/Programs/Quick Launch back. I couldn’t find anywhere online that said how to do this so hopefully by posting it I can help someone else.
* Make sure SHOW HIDDEN FOLDERS/FILES is on
* GO TO: My computer – C:/ – Documents and Settings
* I went to every user folder and made sure everything was unhidden (right click – properties – uncheck Hidden)
* When I un-hid Application Data under Administrator, all my start menu programs came back.
* Quick Launch and my Favorites are back too. smile.gif
Now I just need to fix these script errors, get Windows Update to work, and stop the Google redirecting.
roman
Apr 12, 2011 @ 20:03:28
hey, with your help i restored nearly everything that was lost.
But there are still two things i couldn’t solve and couldn’t find an answer online eithere:
- my programs (start-all programs) are still hidden.
- my favorites (IE 8) are still hidden.
Everything else is visible!
Any ideas??
Thanks so much!
figment
Apr 12, 2011 @ 20:13:03
you guys are RAD!!!!!! thank you all sooo very much for keeping information alive! if it werent for people like you, the virus industry would OWN us all!!!!! thanks to you, we can fight back and keep our much needed and loved programs and documents. THANK YOU!!!
Colin McKenzie
Apr 13, 2011 @ 00:59:26
Just to be clear….
1. Do the registry thing as listed at the top of the post.
Task manager comes back once you have removed the registry key blocking it.
Don’t forget to do the background wallpaper one:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\Blockdesktopbackground
2. Run task manager and stop the services. Random means they look like random characters 12345YYhh.exe
3. Delete all the files as listed.
4. Unhide your directories.
Personally I did this by clickking on my C: drive and the selecting all and then right click for properties and click unhide. Just be aware that this unhides all the directories…. Some are supposed to be hidden.
5. Install a decnet Antivirus and run a full scan.
Thats it really.
Best of luck
Colin McKenzie
Apr 13, 2011 @ 01:03:58
Of course you cannot see the fies at all unless you change the options in Explore to view hidden files…
Blaine``
Apr 13, 2011 @ 02:01:11
I recently got the Windows Restore Virus and I got it fixed the problem was all my icons and every single document that I had were deleted, all of them all the documents that I had are now gone. Also the games that I downloaded dont work right even after I uninstalled and reinstalled them. Did anyone else have this problem? and if so can you help me? I run a 32 bit vista operating system
Stephen Whaley
Apr 13, 2011 @ 04:30:17
Just got hit by this tonight. I’m having two problems.
1. When I go to delete the files in the users directories, windows is indicating that there are no sub-directories in the users folders. Are they hidden? If so how do I restore them.
2. When editing the Registry am I supposed to delete each of the listed items or change their values. It seems pretty clear that I should delete the “random”.exe files. I turned that off in Start up. But what do you do with the other items. Delete them or change their value?
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ‘0?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ‘1?
Stephen Whaley
Apr 13, 2011 @ 05:56:06
Clarifying question.
Are you simply supposed to delete the registry entries or change their value from no to yes or 1 to 0?
Tobias
Apr 13, 2011 @ 18:14:16
I got the Windows Restore Virus on my computer and I think also others. At the same time all folders and docuements on the desktop disappeard. Are they somewhere or have they gotten deleted by the virus? How canI restore them? I run Malwarebytes to remove the virus.What else do I have to do?
Roland
Apr 13, 2011 @ 18:21:53
Save yourself time and use Windows built in system Restore.
Go to the control panel, click on system, click on system restore to launch.
I resolved this issue by restoring windows 7 64bit back 10 days.
Currently running Kaspersky full version which didn’t catch this. Malwabytes, super-anti spyware,removed Windows restore. But some of my 30 programs I use took forever to “UN hide” files and still didn’t work correctly.
The real windows restore work for me if you take it back before the infection. I tried 3 times. The day before, 5 days then 10 days.
Lastly, when the restore actually worked the 3rd time all the text was blue. I had to change it back in personal
Roland
Apr 13, 2011 @ 18:27:14
Personalization, window color and appearance, advanced appearance settings. Click on “Window text” and “message text” Change it back to black. Click apply.
roman
Apr 13, 2011 @ 18:39:17
@ Stephen Whaley:
i decided to delete the registry entries and it worked. don’t know if just changing the values would cause the same effect. but deleting them shouldn’t harm your system at all.
EShine
Apr 13, 2011 @ 19:11:27
Having the same problem as @ Stephen Whaley… seems as though we have the latest version. I can’t expand the registry folders because now I suddenly dont have admin rights to them. I tried updating permissions with no success. I can’t get the latest version of Malware Bytes because it can only download updates while open – which it wont allow (even w/ download as admin). I’ve been at this for hours in various forums and am losing patience with this thing.
cindy
Apr 13, 2011 @ 19:16:14
i want to know how to do the registery anybody please help i disabled the virus but i cant access task manager or anything and whats the registery?and how do i access it in anyway shape or form you can help me it would be greatly appreciated.
roman
Apr 13, 2011 @ 20:48:04
@ cindy:
start menu – run – type: regedit. regestry should open. then follow the steps mentioned above.
if you do NOT see the “run button” (default in win 7)do the following:
1. Right Click on Windows 7 Start Menu and select Properties
2. Click on Customize under Start Menu tab
3. Scroll down and locate Run Command checkbox
4. Check “Run Command” option to enable Run command in your Start Menu, click Ok and Apply and save settings.
Cheri
Apr 13, 2011 @ 23:41:46
Ok, I really really appreciate everything you all have shared… However, I tried to just get my computer back to the way it was by a system restore, and I don’t have a “Restore” date… which is amazing to me, because I restored no less than 8 days ago, for a problem just the same. -I’m also having problems getting my Dell Dock back, I’ve tried the “Unhide” technique, and been unsucessful getting my dock back, and my wallpaper back… I’m not upset about losing the wallpaper.. I’ve already changed it to a different theme…but I do want my dock back. I think I’ve pretty much run the virus off my system by doing everything “bass-ackwards”, but I did it… Any help or insight as to why my system restore has no memory of a restore date… I’m simply mortified.
Thanks in advanced.
Cheri
Apr 13, 2011 @ 23:42:44
Never Mind… got the dock back, by putting “Dell Dock” into my system search bar, and it brought it right up.
Jerry
Apr 14, 2011 @ 00:42:32
I have Windows 7 Home. I’ve gotten this virus twice already. Both of the times, it killed Task Manager, hid almost all of my files, wiped out my System Restore points that were over a week old, and made it hard to boot, changed my Most Recently Used list in Word, and killed MalwareBytes. Here’s what I did to fix my computer:
I went into MSConfig (Start:Run:MSConfig), and forced the computer to boot in Safe Mode
I did a System Restore using the restore points that I still had
Unistalled the now-broken MalwareBytes, then reinstalled it
Ran MalwareBytes, Windows Security Essentials, and SpyBot
Deleted files that MalwareBytes found, but couldn’t fix (two .Vir files in .Zip files)
I still can’t run Windows Update. I get error 80070005.
per
Apr 14, 2011 @ 04:05:53
I am unable to update my AVG and malwarebytes programs. Malwarebytes says “access denied” when trying to install the newest version. I have already followed the step above (cleaning the regedit and msconfig startup). Any suggestions plz?
j
Apr 14, 2011 @ 04:22:23
thank you for the info.. repairing right now… can anyone tell me why a program like malwarebytes picks up all this junk and other scans do not recognise any problems?? AVG found nothing, ADAWARE found nothing, I apparently have some sort of SUPERfirewall through my provider, which did nothing… throughout all the research ive done on this particular virus, ive read norton and kaspersky finds nothing… any reasons why
????
thanks again for all of the info, from the site as well as the comments.. ive learned a lot the last couple of days
Ronald
Apr 14, 2011 @ 08:34:56
Attacked on 13-0-2011
The virus markes all files on ALL hard drives! as hidden (i killed several instances off the attrib command in taskmanager (wich is disbled bij te reg setting)
recover manualy to toggle hidden flag in exlprer on several directories and with command boc attrib -h *.* /s
Ronald
Apr 14, 2011 @ 08:37:05
Reboot in safe mode (with network) before trying to remove!
roman
Apr 14, 2011 @ 11:18:30
@ronald:
yeah, as said before. does it make sense to repeat what is already written in the original articel?
chris
Apr 14, 2011 @ 13:26:49
another victum here. XP with SP3 and I had the windows restore virus which I first noticed because my system was expereincing exsessive disk activity. I cleaned the virus with the manual steps here on this page along with Malwarebytes with the latest signature files. Some notes for you still haveing some problems with apps…
*You have to unhide the start menu in your profile as well as the all users profile. Many of your applications may have been installed for “All users” so you have to unhine the all users content as well.
I still have 1 problem in that I cannot navigate to any website that has virus removal related content and web radio content keeps playing on my system with no visable IE window. killing ie process stops the web radio… *(&*^^&%%$%$##$@ any ideas?
Final note: if you are having the issue in which you do not have writes to files to change the properties (You may have caught this virus to late) or you are logged in with an account that does not have admin privlages
davy
Apr 14, 2011 @ 19:32:10
I’ve tried to run Malwarebytes and it will do its thing for a few seconds, then stop with “access is denied” message. Rest of program does not download. Anyone know how to get around this?? Superspyware ran all right, but not Malwarebytes. Thanks.
Gerry
Apr 14, 2011 @ 23:10:17
I have everything back, except I cannot open my “system restore”. Anyone have any ideas, I am worried I lost a file to open it. If someone helps me to get system restore open, if I run it, will it remove the new Norton Anti Virus I just purchased yesterday.
Ada Esther
Apr 15, 2011 @ 00:59:15
today i just found out that something was wrong with my husbands pc. i was trying to do my sister in law taxes and i was not able to open the software. i got all upset and texted my husband why did he deleted everything i had in his pc. he was like i havent done anything. i started looking and thought the the files might have been hidden so i went to control panel, appearance and personalization and then the folder option and unhid everything. i found all the pix and docs i had saved but still the softwares such microsoft office and tax software is not found. i still havent figured out what to do in order to get those working properly. since couple months ago the pc at my job got a virus and i was trying to find out how to get rid of it i read a lot and learned how to remove that virus. i started looking at the screen and notice some icons that were sort of different and put in in the google browser “windows restore” and it came to this. so i will try to remove it right now and run the antivirus. even thought seems like norton still havent detected this as a virus and hacker, so everybody be aware and post it everywhere to warn people about it.
KROBO
Apr 15, 2011 @ 03:38:38
I got rid of this virus with a slew of scans in Safe mode with AVG free edition and a 10 and a half hour intensive scan from the free Malwarebytes scan. And I removed ‘BEARSHARE’ a music download program which I think brought in this virus.But now that I got my document files and desktop icons back, My canon Zoom Browser EX does not recognize my camera, so I can’t transfer pics from my camera to my comp. AND All the desktop icons and picture previews are kind of transparent or grayed out.I can right click on each file,pic,or icon, go to properties and remove the check from “HIDE” in the attributes. BUT I would have to do this thousands of times to correctly view these. IS THERE A WAY TO DO IT TO THE WHOLE COMPUTER AT ONCE? I think it may have to be done in DOS?
Gerry
Apr 15, 2011 @ 14:31:20
Thanks to all your comments I got everything back, however I cannot open “system restore”. Anyone got any ideas, please help me.
Renee
Apr 17, 2011 @ 18:15:42
I just want to say thank you to the author and everyone who has posted! My laptop was infected yesterday, and I was devastated about the amount of information I lost. Most of my important files are backed up on a flash drive but music, photos, ect are not. With all the helpful insight my laptop is back to normal!
Packfan1
Apr 17, 2011 @ 23:41:19
I found that the icons were hidden but at the same time the properties of the parent folder “hidden” was not checked I had to go into each folder such as documents and favorites, check on “hidden”, apply to all subfolders. Then I went back into the parent folder unchecked “hidden”, applied to all subfolders. All my file icons are back.
Kat
Apr 18, 2011 @ 21:39:06
I removed the virus and have restored my files/folders. My only problem is my desktop, I run Windows 7. I usually have a task bar at the very top of my screen with photos/recycle/trash/internet icons. That bar is now missing, as well as my usual background. I’ve been able to change to a different background, but am wondering if these two issues are related.
Gerry
Apr 18, 2011 @ 21:53:32
“SYSTEM RESTORE” will not open after this virus, all I get when I try to open System Restore is: “System Restore is not able to protect your computer, please restart your computer and try again” it does not work. Anyone have any ideas???????
Lemons
Apr 19, 2011 @ 01:10:37
Thank you all for these post! Randy you are the bomb, thank you for my post to help me go inand find my hidden filess!!!! I loooooove you!! I had tonnnnnns of pics and I thought they were lost. Thank you !!!!If you are having trouble with this virus, read ALL of these post until you fix it!!! Everyone knows exactly what they are talking about, and it will save you lots of money from the other scams that try to fix it
Best post-
Remove virus-
- click ctrl/ shift/ esc at the same time to get to task mananger and stop “windows restore” from running.
- then go to control panel and get into the screen where you can unhide all files and it takes about 10 min to unload, but your files will come back.
Thank you Jesus and Holy Spirit for leading me to this site and providing these individuals as resources to get to my files.
Southernboy02
Apr 20, 2011 @ 19:05:06
Got this virus today by clicking on a sponsor banner on ebay, I manages to clear it all up by first using rkill to stop the process and then scanning with SAS portable, I then used unhide.exe to restore all my hidden folders. Everthing worked like a charm
me2011
Apr 21, 2011 @ 01:57:17
My problem is the same as all. I’ve managed to fix it on my own but I would like to know if the desktop items are supposed to be shortcuts (with the little blue arrow to the lower left of the icon)? I kind of want to original back. Also, I checked the processes in my task manager and I have NO CLUE which belongs there or not. I’m afraid to delete anything legit because I’m not 100% sure what’s truly “random” or not. (ex. wcvscv…what is that??? lol) A virus can hide under any name. Thanks!! You all are great!
lauar
Apr 21, 2011 @ 19:52:26
Hi,
I got this virus, I don’t get anything coming up anymore and there’s nothing in task manager and all my documents are back.
My only problem is that I don’t have any of the problem items in my registry so I can’t edit them…can anyone tell me what I can do?
Sergio
Apr 25, 2011 @ 14:55:44
I have cleaned 5 of this on the last week (IT Support). Most of them got into machines that had their anti0virus expired. MalwareBytes anti-malware does clean this out, but as stated leaves the hidden files. So, on infected laptops, I do
- Boot : let the boxes come up. Stop and cancel the scan that “Windows Restore” is running. Ignore all furthere boxes about issues. DO NOT CLOSE THEM or click on them, just leave them be.
- Download an install MBAM. You can get it from CNET, they keep clean files there. Once the cleanup is done, reboot. The virus won’t run anymore.
- Now, on the windows explorer, set the option to see hidden files. I then right clck, properties, and remove the hidden check. I asked the change to be recursive, and all your icons and favorites come back.
Now, make sure your anti virus is good and updated. I also install Spybot Search and Destroy, and a second measure of defense. Between MBAM and Spybot, very little gets through. :)
Windows 7 users : There is an option on Control Panel to see the hidden folders. Look for folder options or something like that.
Stephen Whaley
Apr 26, 2011 @ 04:17:23
Thanks for everyone’s help in resolving this issue. Once (hopefully) last question. Othere than the registry entries listed in the initial post. Are there other deletions that people are finding?
Emma Glover
May 01, 2011 @ 21:21:32
Thank you all for all the info above. I have successfully removed this virus from my sons computer. My only problem now is that I cannot connect to the internet through internet explorer. The computer says it is connected to the home network but is unable to show the page. Also I cannot get most of the icons under the all programs section.
jon
May 02, 2011 @ 19:18:52
Ok thank you so much. #14 john k clifton That fixed everything I was about to spen a lot of money to get my pc fixed until i found this sight. i was confused on everything was said from 1-14 but i followed the step by step instructions on #14 and everything worked.
death
May 15, 2011 @ 17:29:45
Who created this monster?
Is there a way to track them down and beat the living crap out of them?
They have stolen at least 24 hours of my life trying to repair this and I may just have to reformat and purchase another hard drive to get it back to the way it was before.
If anyone knows how to track down the programer who created this let us know.
mary
May 15, 2011 @ 19:29:48
i would like to know how do the unhiding files and the registry im a novice on computers and i saw these things on my task manager that are weird everytime i stop their processes they come back after 5 seconds how do i permanently delete them
Andrea
May 26, 2011 @ 23:11:13
Today is May 26th and this virus is driving me nuts.
It has been removed by Combofix and Malwarebytes. I ran rkill to terminate processes before I tried to use both those tools.
I ran UNHIDE to recover the data on this machine.
I ran TDSSKILLER for any potential redirects.
I removed AVG, which was no easy feat even with their removal tool.
Then I used combofix… and malwarebytes.
Fine. All the items are back. But guess what?
They are back, but if I look in my start to program files list, ALL the items point to C:\Documentsandsettings\owner.. ect ect, instead of to C:\programfiles. ect ect.
In addition there is no place for me to change the path. Now what? Combofix was able to fix this on one computer, but not the one on my desktop today.
Help! How do I get my program files from start to point back to where they should be?
David
May 28, 2011 @ 18:02:55
I got this virus this morning (May 26th). No idea how, was browsing NCAA baseball page in sports.yahoo when the error boxes started popping up. Anyways, I used spybot – search and destroy to get rid of both this and fraud.defensecenter – I am guessing they are related viruses. The spybot tool is free and got rid of it quickly. I scanned with Zonealarm, before trying spybot, and no viruses showed up. I scanned with spybot and both showed up and were removed – not sure why that was. Anyways, I am now spending my Saturday trying to restore my quicklaunch toolbar, start menu items (all folders say empty) my desktop icons, recycle bin icon, etc. Are there any other items which need to be cleaned up from this?
David
May 28, 2011 @ 18:42:18
I mean May 28th
David
May 28, 2011 @ 18:56:12
Question: are the system restore files deleted or just hidden? I would love to find and restore to an earlier date. I am using Vista 64bit.
soma
Jun 01, 2011 @ 17:57:18
Hi, all my applications (in the start button) show as empty. And how do I get my accessories back? I might be the only person in the world that actually uses my Paint application on a regular basis. Please help!
Dexter
Jun 07, 2011 @ 14:00:30
I wish I found this site earlier!
I got this trojan virus from a email spam that pretends to be coming from DHL. I was stupid enough to open the .exe file and this adware got stuck on my screen because I always deal with shipping companies and the moment I click on it I knew that I am going to in deep trouble. My task manager was disabled, desktop feature disable + hidden, all program links deleted. Thank god no important files are deleted.
In a nutshell, this trojan has to be the most hard-core bastard I have ever seen. It replaces my Windows restore points and disable many administrative programs.
Elyse
Jun 07, 2011 @ 21:05:12
Just got this virus! Thank you so much for all this information! It was soooo useful! My startup menu was empty, my desk was empty, I thought I lost everything. But now, I gor almost everything back!
Thanks thanks thanks!
Santhana
Jun 08, 2011 @ 21:47:18
Got affected by the virus, able to clean successfully, but my all program was showing empty list, after long hours of analysis found the solution to bring back the program in start menu
Try navigating to the following path: (make sure you have the hidden files and folders visible)
C:\Documents and Settings\your user name goes here \Local Settings\Temp\smtmp
Inside the smtmp folder you will see three folders named 1, 2, 4
1 = Start Menu Program shortcuts
2 = Current User Quick Start shortcuts
4 = All Users Desktop folders and shortcuts
Simply copy the shortcuts back to the original path.
Hope this helps!
dan
Jun 08, 2011 @ 22:23:20
Solution to hidden files:
When you choose “Show hidden files” in the folder options, it simply shows them but they are still hidden. That’s why they are semi-transparent.
Un-hiding by right-clicking and unchecking the checkbox can take forever.
Thankfully there’s an old DOS utility called attrib.exe. I noticed this pop up in task manager while troubleshooting.
to view your files again, open a dos prompt (Start->Run->cmd)att, navigate back to the c:\ root and type in:
Attrib /? <– this will show the usage of the utility.
the command you want to run is:
attrib -H /S /D
the "-H" will remove the hidden attribute for all files except for system files, which is the way it should be, so you may see some errors trying to un-hide content. It took about 2-3 min to run on my notebook.
bubba
Jun 10, 2011 @ 22:34:43
after getting rid of the virus i now have a windows xp restore file under programs. It is hidden like everything else, should I erase this? is it part of the virus? or is it something that has always been there?
Rich Tucker
Jun 11, 2011 @ 03:52:12
This post and comments was crucial in getting my computer up and running a gain. Thank you!!
John
Jun 14, 2011 @ 12:57:36
Why when i unhide a windows 7 restore icon showed up after i used avg to delete the program do i manually need to remove it?
John
Jun 14, 2011 @ 12:59:43
And how do i get my system icons back that are not on my bottom taskbar going blind reading all of the comments, sorry for the repetative question..
matt
Jun 15, 2011 @ 01:57:07
dan @ 102 ……thanks for the knowledge. recovery for files was spot on. Ran Malware removal program to stop the bleeding and the Solution to hidden files:
When you choose “Show hidden files” in the folder options, it simply shows them but they are still hidden. That’s why they are semi-transparent.
Un-hiding by right-clicking and unchecking the checkbox can take forever.
Thankfully there’s an old DOS utility called attrib.exe. I noticed this pop up in task manager while troubleshooting.
to view your files again, open a dos prompt (Start->Run->cmd)att, navigate back to the c:\ root and type in:
Attrib /? <– this will show the usage of the utility.
the command you want to run is:
attrib -H /S /D
the "-H" will remove the hidden attribute for all files except for system files, which is the way it should be, so you may see some errors trying to un-hide content. It took about 2-3 min to run on my notebook.
Janet
Jul 09, 2011 @ 03:11:57
My system got infected by window 7 repair – Thanks to all the above posting, managed to clean system and restore desktop and icons. Still having trouble with programs – on start menu, all programs – I do see the programs name but when clicked on – it show empty. Hve read all the blogs but there does not seem to have an answer to that. Hope someone can help retrieve or unhide the program.
Thanks
Denise
Aug 27, 2011 @ 14:00:50
Thank you for the help in unhiding my files! After my antivirus program got rid of the HDD trojan, I followed your steps and unhid my programs and files – but the trojan had also hidden my Desktop Icons and diabled my ability to change my Desktop Background. This is how I got them back:
To Recover Windows XP Desktop Icons:
Click Start, Run then type regedit in dialog box then click OK.
On the left side of page:
Click HKey_Current_User
then scroll down and click Software
then scroll down and click Microsoft
then scroll down and click Windows
then scroll down and click CurrentVersion
then scroll down and click Policies
then scroll down and click Explorer
On the right side of page:
Click NoActiveDesktopChanges and set it to 0
Close Registry.
To Recover Windows XP Desktop Background:
Click Start, Run, then type regedit in dialog box then click OK.
On the left side of page:
Click HKey_Current_User
then scroll down and click Software
then scroll down and click Microsoft
then scroll down and click Windows
then scroll down and click CurrentVersion
then scroll down and click Policies
then scroll down and click ActiveDesktop
On the right side of page:
Right-click on NoChangingWallPaper and select Modify.
Change the value to 0.
Close Registry
Hope this helps others with same problems!
Flo
Oct 13, 2011 @ 02:24:15
I’m confused. I’m scanning my computer now with STOPzilla and Malwarebytes’ and want to continue on to delete any of the files on my own but I cannot find the Star Menu folder under Users. In fact, it said to find , does that mean the User account your on (like for mine I have two separate accounts-one administrator [which is the one I'm on now] and the normal user)?
ben2021
Oct 13, 2011 @ 08:19:26
Flo, Malwarebytes will remove that folder automatically. However, the folder you are looking is at this location:
C:\Users\(username)\AppData\Roaming\Microsoft\Windows\Start Menu\
The folder is hidden so you must unhide it. Using Windows Explorer, go to top menu > Organize. Select ‘Search and folder options’. On Folder Options, select the View tab. Then select ‘Show hidden files, folder and drives. Click OK and that’s it.
Puntontoy
Nov 09, 2011 @ 10:12:52
Just removed system restore on my laptop 2 days ago. My problem now is that there are somewhat radio and commercial that suddenly plays on the background eventhough I don’t have any search engine or program that is open.Aside from that my IE and Firefox just stops working. Hopefully somebody can help me. Thank you.
Planas84
Nov 09, 2011 @ 12:18:23
Puntotoy, have you tried updating MalwareBytes and run another scan? I pretty sure it is not part of System Restore virus. It could be another infection from a Trojan.
Jim
Nov 09, 2011 @ 13:54:16
Try this to make your files visible again. It has already worked multiple times for us since this virus somehow got into our entire network. The entire process works perfectly but if you just need to restore your files. Go to line 17 and download the unhide.exe file. It will restore everything to normal once the virus is removed.
http:// www. bleepingcomputer. com/virus-removal/remove-windows-recovery
Good Luck
Shanzul
Dec 18, 2011 @ 07:18:04
Also i noticed it hasn’t been mentioned yet or it has but really not brought up how to fix. During this whole process of killing the Virus and unhide your folders and Task Managing finding those suspicious EXE’s which shows above other comments that can help with those. No one has really clarified how to Bring back all your Favorites Online some one had the idea of just typing it in the search on your browser then u see favorites and I’m guessing u just click on each one and bookmark it on EACH EVERY TIME u type it in to find it. But I’m hoping there is an easier way to restore all those sites you bookmarked.
——————————————————————–
OK so i had this problem like everyone else apparently but like other and some other I’m not very compute savvy. I managed to get rid of the virus using Malware and Essentials Malware picked up 5 Virus’s after using Essential which only spotted 1 Once doing Malware finding the 5 everything really fell into place. Now i figured i got everything until i realized i had to then unhide “EXAMPLES ABOVE THIS COMMENT WILL HELP YOU WITH RESTORING UR DESKTOP FOLDERS AND SO ON” i could or well which was important to me.
Moving on to People issues about restoring access to desktop background. Here is one way i seen——————————– “Went to this folder in the registry BTW Run is in your start menu on your bottom right on desktop (run > regedit):
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
The virus had put an entry there called Blockdesktopbackground or something like that. Deleted that and it was back to normal.
——————————————————————-
^ Unfortunately for me even though i cant setup desktop backgrounds
because i get a box saying access denied online “find something online oh hey a skyrim picture that would look cool on my desktop! “Access denied” the problem is that when i follow those steps i cant find the Blockdesktopbackground its not there, theirs only (default). Oh Yeah i forgot BTW this problem occurs when u noticed that your background is BLACK it maybe be different for other people
——————————————————————-
Apparently their are other files as well that can be infected or would seem strange and unfamiliar exe’s as people said which ones to delete above i since I’m not comp savvy i don’t really know which ones are suspicious :)
sard
Dec 26, 2011 @ 20:25:49
I lost my recent file and program history that was previously visible in the “Start Menu”.
To get it back, I did the following (XP):
1. Select Task bar and Start Menu Properties
Below “Privacy”, select the required settings
2. Select “Start Menu” option and Click on “Customize” button (top right)
Below “Start Menu Size” (just a little more than half way down), select the number of recent menu items to display
Babar
Jan 31, 2012 @ 12:13:09
Had this virus a few days ago. A pop up message displayed and all my items hid. I run the Microsoft Security Scanner and the virus is gone. However my desktop is a blank grey screen, I can’t right or left click on it. Plus, once I unhid all my drives, the Start menu is showing the program,s but the folders are empty, also I can’t see the run exe on the start menu.
accel
Feb 01, 2012 @ 16:18:59
Babar, have you tried to browser using Explorer and set “Show hidden files and folder” and see if the files are really there? Sub folders may still be hidden.
Babar
Feb 02, 2012 @ 09:35:45
I can see the files on the Desktop folder in My Documents in my computer, but my original desktop is grey.