fake AV and deleting temp folder
As many of you have noticed, there has been a big jump in the number of fake antivirus infections lately.
Some have a nasty habit of hiding files (particularly my documents, pictures, music, etc).
But unhide.exe (from bleepingcomputer.com) easily fixes that.
But there is another one that makes this that little big more dangerous:
It moves the desktop, and start menu to subdirectories within the windows TEMP folder… its amazing how many people will use their desktop as a form of “My Documents”!
Most techs will try to fix things by booting a CD/USB image of UBCD4WIN or a linux equivalent, and it doesn’t take long, before the temp folders are emptied in order to make a scan run a bit faster (fewer files to scan).
Once that happens, it can be difficult to remember which start menu items to recreate… Unless you find you can do a system restore!
So now, you can’t just delete the temp folders of an infected PC anymore, at least not without first taking a good peek at whats in there.
I agree this is a right pain, especially the program shortcuts in the start menu – yet another step needed in virus repairs 🙁
Often the user has already cleaned out the temp folders but a system restore should sort out the start menu – you may have to remove (or at least RKill) the virus first to be able to run system restore though.
You can also download zip files (Google ‘restore missing default shortcuts’) for Vista or W7 start menu if you need them.
some fake AV installations can be a nightmare to get rid of! I have removed many in the past and in one instance it would have been better wiping the computer and starting again, most can be removed with the generic free tools on the market like SPYBot
I agree this is a nightmare for most people to use and remove the free tools and sometimes they come back! making sure they are removed before bootup and then after with a full scan