Hi all,

here's a nice one: I removed a trojan (forgot the name, didn't look interesting at the time) from 2 machines from the same customer.

I had to unhide desktop icons, program folders & documents, etc...

Now the desktop icons still won't show. Checked the usual registry places, ACL, ownership etc...
Also, the desktop context menu won't show at all.

Now, here's the kicker:
other accounts on the same machine do NOT have this problem... is there some kind of diff application for the registry, so I can easily compare different user sections?

IMO, my best option is to create a new user profile and copy their stuff across from their corrupted/messed-up profile.

It's simple really: run unhide.exe from within the user account again,
and now everything does come back as normal. Go figure.

Machine was tested clean with HitmanPro and TDSSkiller

http://download.bleepingcomputer.com/grinler/unhide.exe

Here's a fix I think it should work:

Login to a user account where everything works well.

Export the following registry keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\HideDesktopIcons

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced

HKEY_CURRENT_USER\Control Panel\Desktop

Log off, and login to the damaged account, import the registry scripts, and run the following command as admin:

regsvr32.exe shell32.dll

Reboot.

Hope it helps.

Excellent idea Eureka, almost as good as a diff :-)

I've dealt with that same virus. The problem with unhide.exe is that it affects all files. What I found is that you can run system restore after the infection is gone. This sometimes work.

Take a look at this:

http://www.technibble.com/forums/showthread.php?t=28661

It's a registry entry that's been deleted. Context menu is disabled and "Show Icons on Desktop" is also disabled.

Obviously you're not to know this as the context menu isn't available.

I fixed it after a good think and came up with the above conclusion. To fix do the following:

Go to the following in REGEDIT:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer

The key "NoViewContextMenu" shouldn't be there if you have the same strain as me. I had to add a new DWORD value, create it and set it to "0".

When I restarted everything was back to normal.

I find it disappointing good old google did not show me anything like the "NoViewContextMenu" key. At least we can still use google to replace this forums search function :o

Thanks all for your contributions, much obliged!