Change a user folder location inside Documents and Settings

[liu]

I got a fake virus checker that changed a lot of my system settings. First I saw a lot of messages prompting that my HD is not readable and then a program pops up checking the disk. I stopped it in the middle then the messagestated that hardware failure, I can choose cancel or restart. I restarted and the system becomes unrecognizable. Eventually I safe booted the system and deleted the applications. The aftermath are:
1. many of my folders and files disappeared. It still shows the size when getting the properties of the folders. I eventually got most of them back byunlocking the folders and linked to the files in the folders from the shortcuts I had before. It turns out that the program set the files invisible if I go to the folders from shortcut, I can select them and make them not hide again.
2. The desktop, default folder location was changed to TEMP inside Documents and Settings. Instead of moving files around, I'd like to move the default folder location to my original one.

How can I do that?

Thanks for the help,

 

[David H. Lipman]

I got a fake virus checker that changed a lot of my system settings. First I saw a lot
of
messages prompting that my HD is not readable and then a program pops up checking the
disk. I stopped it in the middle then the message stated that hardware failure, I can
choose cancel or restart. I restarted and the system becomes unrecognizable. Eventually
I
safe booted the system and deleted the applications. The aftermath are: 1. many of my
folders
and files disappeared. It still shows the size when getting the properties of the
folders.
I eventually got most of them back by unlocking the folders and linked to the files in
the
folders from the shortcuts I had before. It turns out that the program set the files
invisible if I go to the folders from shortcut, I can select them and make them not hide
again. 2. The desktop, default folder location was changed to TEMP inside Documents and
Settings. Instead of moving files around, I'd like to move the default folder location
to
my original one.

How can I do that?

Thanks for the help,

I suggest creating an account and getting assistance at the Malwarebytes' forum.
http://forums.malwarebytes.org

You may still be infected by a protective TDSS rootkit and the side effects need to be
negated. A forum assistant will be able to guide you on a 1-to-1 bassis to get
resolution.

 

[MowGreen]

A forum assistant will be able to guide you on a 1-to-1 bassis to get
resolution.

The assistant might be a guitarist, for that matter. <w>


MowGreen
================
*-343-* FDNY
Never Forgotten
================

"Security updates should *never* have *non-security content* prechecked

 

[Paul]

I got a fake virus checker that changed a lot of my system settings.
First I saw a lot of messages prompting that my HD is not readable
and then a program pops up checking the disk. I stopped it in the
middle then the message stated that hardware failure, I can choose
cancel or restart. I restarted and the system becomes unrecognizable.
Eventually I safe booted the system and deleted the applications.
The aftermath are:

1. many of my folders and files disappeared. It still shows the size
when getting the properties of the folders. I eventually got most of
them back by unlocking the folders and linked to the files in the
folders from the shortcuts I had before. It turns out that the program
set the files invisible if I go to the folders from shortcut, I can
select them and make them not hide again.

2. The desktop, default folder location was changed to TEMP inside
Documents and Settings. Instead of moving files around, I'd like to
move the default folder location to my original one.

How can I do that?

Thanks for the help,

There is a program called "unhide.exe", and perhaps David
would comment on when it should be used.

Apparently, what that program does, is do a mass-change to bring
back invisible files. This is from the last time I looked for it.
These are my links.

*******
A program called "unhide.exe" was specifically created for this situation.

http://www.bleepingcomputer.com/forums/topic391939.html

Step 17 here has the download.

http://www.bleepingcomputer.com/virus-removal/remove-smart-defragmenter

( http://download.bleepingcomputer.com/grinler/unhide.exe )
*******

Your first priority, should be to clean up the computer, because
if some malware is still present, it can pretty much do that
again if it wants. Once the computer is clean, then you can
work on the cosmetic issues like "unhide".

It could be, that some registry entry controls "default folder".
Just a guess.

Paul

 

[David H. Lipman]

There is a program called "unhide.exe", and perhaps David
would comment on when it should be used.

Apparently, what that program does, is do a mass-change to bring
back invisible files. This is from the last time I looked for it.
These are my links.

*******
A program called "unhide.exe" was specifically created for this situation.

http://www.bleepingcomputer.com/forums/topic391939.html

Step 17 here has the download.

http://www.bleepingcomputer.com/virus-removal/remove-smart-defragmenter

( http://download.bleepingcomputer.com/grinler/unhide.exe )
*******

Your first priority, should be to clean up the computer, because
if some malware is still present, it can pretty much do that
again if it wants. Once the computer is clean, then you can
work on the cosmetic issues like "unhide".

It could be, that some registry entry controls "default folder".
Just a guess.

Paul

Unhide is by Grinler (L. Abrams, founder of BleepingComputer) and is used to recursively
change the attributes of targeted files that have had the file attributes changed to
Hidden and System as well as move files back into their, original, respective locations.

If there are remnants of the malware still installed the rogue anti malware (a trojan) can
get reinstalled and/or the file problems and registry modification may revert back to
their modified condition even after correction.

 

[Mint]

I got a fake virus checker that changed a lot of my system settings. First I saw a lot of messages prompting that my HD is not readable and then a program pops up checking the disk. I stopped it in the middle then the message stated that hardware failure, I can choose cancel or restart. I restarted and the system becomes unrecognizable. Eventually I safe booted the system and deleted the applications. The aftermath are:
1. many of my folders and files disappeared. It still shows the size whengetting the properties of the folders. I eventually got most of them back by unlocking the folders and linked to the files in the folders from the shortcuts I had before. It turns out that the program set the files invisibleif I go to the folders from shortcut, I can select them and make them not hide again.
2. The desktop, default folder location was changed to TEMP inside Documents and Settings. Instead of moving files around, I'd like to move the default folder location to my original one.

How can I do that?

Thanks for the help,

You can recover easily if you use a Disk Image program.

You can just restore a disk image of when your system was running O.K.

Macrium Reflect has a free version.
Keep 3 days worth of images.

Andy

 

[David H. Lipman]

You can recover easily if you use a Disk Image program.

You can just restore a disk image of when your system was running O.K.

Macrium Reflect has a free version.
Keep 3 days worth of images.

Andy

And portentially lose data between the time the system was imaged and the time it was
restored.

 

[James D Andrews]

liu snuck on to your hard drive to scribble:

I got a fake virus checker that changed a lot of my system settings. First I
saw a lot of messages prompting that my HD is not readable and then a program
pops up checking the disk. I stopped it in the middle then the message stated
that hardware failure, I can choose cancel or restart. I restarted and the
system becomes unrecognizable. Eventually I safe booted the system and
deleted the applications. The aftermath are: 1. many of my folders and files
disappeared. It still shows the size when getting the properties of the
folders. I eventually got most of them back by unlocking the folders and
linked to the files in the folders from the shortcuts I had before. It turns
out that the program set the files invisible if I go to the folders from
shortcut, I can select them and make them not hide again. 2. The desktop,
default folder location was changed to TEMP inside Documents and Settings.
Instead of moving files around, I'd like to move the default folder location
to my original one.

How can I do that?

Thanks for the help,

Have you determined the specific malware and ensured it is fully
removed?

There are several programs designed specifically to target these fake
antivirus products such as Malwarebytes Rogue Remover and McAfee's Fake
AV Stinger. You might want to download one (or more) of these and run
before you do anything further or the problem may just return.

--
-There are some who call me...
Jim


"Do, or do not. There is no 'try'."
- Yoda ('The Empire Strikes Back')

 

[David H. Lipman]

liu snuck on to your hard drive to scribble:

Have you determined the specific malware and ensured it is fully removed?

There are several programs designed specifically to target these fake antivirus products
such as Malwarebytes Rogue Remover and McAfee's Fake AV Stinger. You might want to
download one (or more) of these and run before you do anything further or the problem
may just return.

It's called Malwarebytes's Anti Malware (aka; MBAM) not Malwarebytes Rogue Remover.

 

[James D Andrews]

David H. Lipman was thinking very hard and all he could come up with
was:

It's called Malwarebytes's Anti Malware (aka; MBAM) not Malwarebytes Rogue
Remover.

Malwarebytes AntiMalware is the main antimalware program provided by
http://www.malwarebytes.org/products

I use it religiously - you know, worship and all that. I recommend it
to everyone and install it on all my systems.

Rogue Remover was a product put out by Malwarebytes that specifically
targeted rogue or fake antivirus products. However, in follow-up, I
have learned that this is an outdated product that is no longer
directly supported by Malwarebytes, but is still available for download
through

http://www.freewarefiles.com/RogueRemover-Free_program_24739.html

Thank you for bringing this to my attention.

The point remains, as I'm sure you'll agree, ensure the rogue software
is fully removed from the system before proceeding.

--
-There are some who call me...
Jim


"Facts are the enemy of truth."
- Don Quixote - "Man of La Mancha"

 

[David H. Lipman]

David H. Lipman was thinking very hard and all he could come up with was:

Malwarebytes AntiMalware is the main antimalware program provided by
http://www.malwarebytes.org/products

I use it religiously - you know, worship and all that. I recommend it to everyone and
install it on all my systems.

Rogue Remover was a product put out by Malwarebytes that specifically targeted rogue or
fake antivirus products. However, in follow-up, I have learned that this is an outdated
product that is no longer directly supported by Malwarebytes, but is still available for
download through

http://www.freewarefiles.com/RogueRemover-Free_program_24739.html

Thank you for bringing this to my attention.

The point remains, as I'm sure you'll agree, ensure the rogue software is fully removed
from the system before proceeding.

I hope you realize that I am a former employee of Malwarebytes. ;-)

Marcin's Rogue Remover has long since been superceded by MBAM.

 

[liu]

Thank you all for the help. I've run the malware applications you suggested and it appears to be fine. I probably will reinstall my Windows XP again in the near future.

 

[James D Andrews]

David H. Lipman embroidered on the monitor :

I hope you realize that I am a former employee of Malwarebytes. ;-)

Marcin's Rogue Remover has long since been superceded by MBAM.

Didn't know that. I swear by MBAM as a major part of my security
procedures.

I see that RogueRemover was a 2008 product. I've sent freewarefiles a
msg asking why they still carry it. I doubt I'll hear back before
Monday, though. Has me curious if they just don't bother to remove
anything at all.

Well, I know from past experience they'll remove a program for carrying
anything it labels malware, but other than that, I don't know.

--
-There are some who call me...
Jim


"Do, or do not. There is no 'try'."
- Yoda ('The Empire Strikes Back')

 

[James D Andrews]

James D Andrews banged his head on his keyboard to write :

David H. Lipman embroidered on the monitor :

Didn't know that. I swear by MBAM as a major part of my security procedures.

I see that RogueRemover was a 2008 product. I've sent freewarefiles a msg
asking why they still carry it. I doubt I'll hear back before Monday,
though. Has me curious if they just don't bother to remove anything at all.

Well, I know from past experience they'll remove a program for carrying
anything it labels malware, but other than that, I don't know.

FreewareFiles got back to me overnight.
They've removed Rogue Remover.

Just thought I'd pass that on.
So, what other software specifically targeting rogue antivirus programs
remain? Anyone?

--
-There are some who call me...
Jim


"Make everything as simple as possible, but not simpler."
- Albert Einstein (1879-1955)

 

[David H. Lipman]

James D Andrews banged his head on his keyboard to write :

FreewareFiles got back to me overnight.
They've removed Rogue Remover.

Just thought I'd pass that on.
So, what other software specifically targeting rogue antivirus programs remain? Anyone?

You mean like SuperAntiSpyWare (SAS) ?

 

[James D Andrews]

David H. Lipman embroidered on the monitor :

You mean like SuperAntiSpyWare (SAS) ?

Well, I was thinking more along the lines of the McAfee Fake AV
Stinger.

Yeah, I have SuperAntiSpyware, too. I used Spybot years ago, but it
became too bloated and clunky for my personal taste.

--
-There are some who call me...
Jim


"What do you mean?" he said. "Do you wish me a good morning, or mean
that it is a good morning whether I want it or not; or that you feel
good this morning; or that it is a morning to be good on?"
-Gandalf, after Bilbo Baggins says "Good Morning"