Virus erased all my start menu and programs how can I restore it?
The malware does not delete the shortcuts, instead it hides all the icons and moves the icons into a temp folder under the user that got the virus. You can repair the virus issue by unhiding the files and restoring the shortcuts and icons to the correct location followed by running malware scanner (virus and spyware scanner) to remove the virus.
Before you start removing this virus, you should kill any possible background process by downloading and running rkill. Rkill will look like a command prompt box, allow it to kill all background processes before proceeding with unhiding and virus removals.
You can unhide your files by downloading and running unhider by Bleeping Computer. Unhiding the files may take a few moments please allow up to 10 minutes for unhider to unhide all of your files
After you have cleared all background processes and unhidden your files please proceed to restoring your shortcuts from the locations below to the respected locations.
The location of lost shortcuts / icons are:
Windows XP – “C:/Documents and Settings/%username%/Local Settings/Temp/SMTMP”
Windows Vista/7 – “C:/Users/%username%/AppData/Local/Temp/SMTMP”
Inside that folder there are 3 folders named 1, 2 and 4.
Folder “1″ has all the Program icons.
Folder “2″ has all the Quick Launch Icons.
Folder “4″ has all the Desktop icons.
Restore the content in folder 1 to:
Windows XP: C:/Documents and Settings/All Users/Start Menu
Windows Vista and Windows 7: C:/ProgramData/Microsoft/Windows/Start Menu
Restore the content in folder 2 to:
Windows XP: C:/Documents and Settings/Application Data/Microsoft/Internet Explorer/Quick Launch
Windows Vista and Windows 7: C:/Users/AppData/Roaming/Microsoft/Internet Explorer/Quick Launch
Restore the content of folder 4 to:
Windows XP: C:/Documents and Settings/All Users/Desktop
Windows Vista and Windows 7: C:/Users/Public/Desktop
When restoring Program Icons try and restore them to “C:Documents and SettingsAll UsersStart MenuPrograms” so it can repair the start menu for all users
Please note that ComboFix, Disk Cleanup, CCleaner, or any application that deletes temporary files will delete the SMTMP folder and you will be stuck manually rebuilding the start menu. So please try this method first and it will save you A LOT of time
After restoring all icons and shortcuts, you may now proceed with running a malware scanner and registry cleaners such as TDSSKiller, Malwarebytes, Combofix, Spybot and CCleaner. Please ensure you download these scanners from a reputable sourced, preferably the developer’s websites.
If this answer helped please vote and comment.