|
#1
07-04-2011, 08:15 AM
|
||||
|
||||
restore desktop context menu & show icons
Hi all,
here's a nice one: I removed a trojan (forgot the name, didn't look interesting at the time) from 2 machines from the same customer. I had to unhide desktop icons, program folders & documents, etc... Now the desktop icons still won't show. Checked the usual registry places, ACL, ownership etc... Also, the desktop context menu won't show at all. Now, here's the kicker: other accounts on the same machine do NOT have this problem... is there some kind of diff application for the registry, so I can easily compare different user sections? IMO, my best option is to create a new user profile and copy their stuff across from their corrupted/messed-up profile.
__________________
-- With Friendly Regards, Wim Wauters - Unisoft Design Managed ICT Service Provider for professionals and small to medium size businesses Data Recovery and Password Recovery in Rushden, NN10 Last edited by wimwauters; 07-04-2011 at 08:22 AM. 
|
|
#2
07-04-2011, 10:09 AM
|
||||
|
||||
|
It's simple really: run unhide.exe from within the user account again,
and now everything does come back as normal. Go figure. Machine was tested clean with HitmanPro and TDSSkiller http://download.bleepingcomputer.com/grinler/unhide.exe
__________________
-- With Friendly Regards, Wim Wauters - Unisoft Design Managed ICT Service Provider for professionals and small to medium size businesses Data Recovery and Password Recovery in Rushden, NN10
|
|
#3
07-04-2011, 11:53 AM
|
||||
|
||||
|
Here's a fix I think it should work:
Login to a user account where everything works well. Export the following registry keys: HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\HideDesktopIcons HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced HKEY_CURRENT_USER\Control Panel\Desktop Log off, and login to the damaged account, import the registry scripts, and run the following command as admin: regsvr32.exe shell32.dll Reboot. Hope it helps.
|
|
#4
07-04-2011, 04:06 PM
|
||||
|
||||
|
Excellent idea Eureka, almost as good as a diff :-)
__________________
-- With Friendly Regards, Wim Wauters - Unisoft Design Managed ICT Service Provider for professionals and small to medium size businesses Data Recovery and Password Recovery in Rushden, NN10
|
|
#5
07-04-2011, 04:18 PM
|
||||
|
||||
|
I've dealt with that same virus. The problem with unhide.exe is that it affects all files. What I found is that you can run system restore after the infection is gone. This sometimes work.
|
|
#6
07-04-2011, 05:10 PM
|
||||
|
||||
|
Take a look at this:
http://www.technibble.com/forums/showthread.php?t=28661 It's a registry entry that's been deleted. Context menu is disabled and "Show Icons on Desktop" is also disabled. Obviously you're not to know this as the context menu isn't available. I fixed it after a good think and came up with the above conclusion. To fix do the following: Go to the following in REGEDIT: HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer The key "NoViewContextMenu" shouldn't be there if you have the same strain as me. I had to add a new DWORD value, create it and set it to "0". When I restarted everything was back to normal.
__________________
http://www.adeptpcrepair.co.uk - Laptop Repair Cardiff Last edited by Adept PC Repair; 07-04-2011 at 05:13 PM.
|
|
#7
07-05-2011, 01:21 AM
|
||||
|
||||
|
I find it disappointing good old google did not show me anything like the "NoViewContextMenu" key. At least we can still use google to replace this forums search function
 Thanks all for your contributions, much obliged!
__________________
-- With Friendly Regards, Wim Wauters - Unisoft Design Managed ICT Service Provider for professionals and small to medium size businesses Data Recovery and Password Recovery in Rushden, NN10
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
