[hunk714]

Hi all,

although I'm another victim of FakeAlert!fakealert-REP (Windows XP SP3), I have (verifiably) cleaned the PC of the virus itself (using a combination of standard methods, some of which where mentioned in other threads on this board, i.e. safemode then HijackThis + MBAM (Updated) + Stinger + SuperAntiSpyware + TDSSKiller + UnHide). So the PC _is_ clean, as reported by all tools. There I was thinking that it's all over, but the aftermath of it, even with a machine totally cleaned of the virus itself, is awful, and _this_ is the part I'm asking for help with:

As mentioned by several people in threads dealing with FakeAlert (on this and other boards), the "hiding" isn't the whole story or the whole problem. In fact, even after unhiding all, and once your PC is totally clean, you discover that the start-menu shortcuts have actually been _deleted_. Unfortunately, what I thought was going to be a "minor" detail compared to the painful virus removal itself, is turning into the same sort of nightmare scenario.

I'm really desperate at this point (as I have a LOT of shortcuts, and it would be hugely wasteful of time to go through and recreate all manually), so I really hope someone here has a great suggestion or simple utility program (e.g. like http://windowsxp.mvp...Accessories.htm, but sadly this only takes care of System Accessories as opposed to all the Start Menu Shortcuts!), to do something which should in theory be simple: "repopulate an empty set of Start Menu Folders with their shortcuts to the programs which are all still happily on the machine, and registered in the registry". It's annoying to have all the folders there (in Start Menu), and all the EXE programs there in C:\Program Files, and no way to automatically recreate the shortcuts...

And when I say desperate, it's because I have tried, and failed, with a number of diverse avenues and expert suggestions:

* System Restore: the virus blew this away, so no restore points.

* Acronis TrueImage/Norton Ghost: if I had an image, I could mount and simply copy/paste the Start Menu & Shortcuts structure, but alas I don't (not for this particular machine).

* FileRecovery: (or utilities like it). Unfortunately, I cannot locate the deleted Start Menu shortcuts. I think I can however see the odds and ends of the deleted System Restore Point, but I'm not allowed to access "System Volume Information" in order to "insert stuff back in there". Plus I'm guessing that would introduce system instability which I don't need, after so many hours spent in actually cleaning out and properly recovering from FakeAlert.

* Manual "Repair" via Add/Remove Programs, in order to reinstall the shortcuts from the Installation package(s): This is at the discretion of the App developer, and only a few have got the "Repair" option in there (I've gone through and checked more than half of them, and only say 10% have this). Plus it would be horrendously painful to manually go through and do each one of hundreds.

So as you can see, I'm all out of options, and it is incredibly frustrating. Grrrrr. Please help someone!! :-( Thanking you all in advance, with the repeated caveat that my actual virus itself is removed and clean (this was dealt with in a separate forum & thread), and _this_ topic, albeit related, is solely focused on efficiently restoring the shortcuts to my Start Menu, as described above.

Cheers,
MilHouse

[Advertisements]

This is an update to those who might be interested. Based on help from the McAfee forums, I've restored all my shortcuts and links, just like they were - countless hours saved (https://community.mc...e/188808#188808). The sneaky trojan isn't imaginative enough to use different temp folder names, so sure enough, there it was in "smtmp" in just the location described in the thread.

Before totally closing off, over the last 24 hours of "normal use" of the PC, I have noticed that in addition to those missing shortcuts, there's one other "curious" little side-effect which seems to remain even after the virus has been cleaned out. So far it hasn't been a major drama, but I thought I'd post on the off chance you, or other Fakealert "survivors", may know a thing or two about it. It seems to have somehow affected the "File Open/Save" dialog boxes when dealing with JPGs/BMPs (maybe other picture types too), regardless of the application being used. By affected I mean that it hangs when you try the said operation. The specific apps where I have noticed this are:

(1) Windows Desktop Wallpaper menu: choosing from the dropdown list of defaults in ..\Web\Wallpaper directory is fine, but trying to choose a BMP or JPG using "Browse" from elsewhere just hangs. Simple workaround is to move your pic into the said DIR and have it appear in the dropdown list of defaults. However, given the modus operandi of this virus (i.e. to mess with blacking out the wallpaper, prevent access to things like Programs/TaskMan), I wouldn't be surprised if it didn't also "tweak" some registry setting controlling the choice of pictures in this way, and this setting has stayed even after the virus is gone (and possibly is the same cause for the other effects in (2) and (3) below). But what is the setting and how to find it..?

(2) DeepBurner File Open menu: when selecting a Folder to add to the project of files to burn, no problems. When selecting an individual JPG or BMP file, it hangs. You can see the similarity to (1) above. Again simple workaround is to just wrap the file in a folder and att that way. But still annoying. Grr.

(3) Microsoft Paint File Save menu: when opening a blank Paint workspace, and doing a Ctrl-V of some clipboard image, it hangs when you try to save the resulting BMP or JPG. Simple workaround (weird!) is to just open an existing file with Paint, and then there's no hanging issues with any file type. Still annoying though. Grrrrr.

So.. yes, simple workarounds exist, but I was still curious whether any other FakeAlert survivor recognises these behaviours, and whether there's some fix as simple as that lovely shortcuts solution above (e.g. registry switch for Windows Explorer context menus, pertaining to a particular "Folder Type" or Icons?).

Cheers,
MilHouse

[hunk714]

This is an update to those who might be interested. Based on help from the McAfee forums, I've restored all my shortcuts and links, just like they were - countless hours saved (https://community.mc...e/188808#188808). The sneaky trojan isn't imaginative enough to use different temp folder names, so sure enough, there it was in "smtmp" in just the location described in the thread.

Before totally closing off, over the last 24 hours of "normal use" of the PC, I have noticed that in addition to those missing shortcuts, there's one other "curious" little side-effect which seems to remain even after the virus has been cleaned out. So far it hasn't been a major drama, but I thought I'd post on the off chance you, or other Fakealert "survivors", may know a thing or two about it. It seems to have somehow affected the "File Open/Save" dialog boxes when dealing with JPGs/BMPs (maybe other picture types too), regardless of the application being used. By affected I mean that it hangs when you try the said operation. The specific apps where I have noticed this are:

(1) Windows Desktop Wallpaper menu: choosing from the dropdown list of defaults in ..\Web\Wallpaper directory is fine, but trying to choose a BMP or JPG using "Browse" from elsewhere just hangs. Simple workaround is to move your pic into the said DIR and have it appear in the dropdown list of defaults. However, given the modus operandi of this virus (i.e. to mess with blacking out the wallpaper, prevent access to things like Programs/TaskMan), I wouldn't be surprised if it didn't also "tweak" some registry setting controlling the choice of pictures in this way, and this setting has stayed even after the virus is gone (and possibly is the same cause for the other effects in (2) and (3) below). But what is the setting and how to find it..?

(2) DeepBurner File Open menu: when selecting a Folder to add to the project of files to burn, no problems. When selecting an individual JPG or BMP file, it hangs. You can see the similarity to (1) above. Again simple workaround is to just wrap the file in a folder and att that way. But still annoying. Grr.

(3) Microsoft Paint File Save menu: when opening a blank Paint workspace, and doing a Ctrl-V of some clipboard image, it hangs when you try to save the resulting BMP or JPG. Simple workaround (weird!) is to just open an existing file with Paint, and then there's no hanging issues with any file type. Still annoying though. Grrrrr.

So.. yes, simple workarounds exist, but I was still curious whether any other FakeAlert survivor recognises these behaviours, and whether there's some fix as simple as that lovely shortcuts solution above (e.g. registry switch for Windows Explorer context menus, pertaining to a particular "Folder Type" or Icons?).

Cheers,
MilHouse