As many of you have noticed, there has been a big jump in the number of fake antivirus infections lately.
Some have a nasty habit of hiding files (particularly my documents, pictures, music, etc).
But unhide.exe (from bleepingcomputer.com) easily fixes that.
But there is another one that makes this that little big more dangerous:
It moves the desktop, and start menu to subdirectories within the windows TEMP folder… its amazing how many people will use their desktop as a form of “My Documents”!
Most techs will try to fix things by booting a CD/USB image of UBCD4WIN or a linux equivalent, and it doesn’t take long, before the temp folders are emptied in order to make a scan run a bit faster (fewer files to scan).
Once that happens, it can be difficult to remember which start menu items to recreate… Unless you find you can do a system restore!
So now, you can’t just delete the temp folders of an infected PC anymore, at least not without first taking a good peek at whats in there.