Control Panel not showing

August 22, 2008 at 10:02:25
Specs: Windows XP SP2, Core2Duo 2.0/1024
The control panel is not showing in the Start menu or in My PC. Also the C: drive doesn't show in My PC. I can access it if I type C: in the address bar, but I'd like to have it back in My PC. So goes for Control Panel. I can log on as administrator in safe mode and they appear there, but they don't on my personal account.

See More: Control Panel not showing

Report •

August 22, 2008 at 10:27:28
Are you by any chance getting any of these symptoms too?.....
- Run has disappeared from the Start menu too?
- pop up messages about there being malware on your computer, that are not generated by software you installed yourself?
- you see new shortcut icons on your desktop for anti-malware software that were not placed there by software you installed, and, possibly, those icons cannot be deleted (access denied)?
- the Home page in IE has been changed to go to some anti-malware site?
- task manager cannot be used (just doesn't work, or access denied)?
- regedit cannot be used (access denied)?
- msconfig cannot be used (access denied)?

(some of these may not appear until after you Restart Windows or reboot the computer)

Report •

August 22, 2008 at 11:14:43
Yes, I had all of them
Though not any more. I used HijackThis to remove the trojan. it did, but didn't restore everything to how it previously was. The regedit, msconfig and run, all appear, I restored my start page, the desktop is now normal, and the anoying icons are gone. But so are the shortcuts to drive C: and Control Panel.

Report •

August 22, 2008 at 12:22:35
HJT! is a useful tool, but you have to know what you are doing when you select a line for it to fix (delete the registry entry for). It finds lines that are changed from what is normally found, but most of those lines have nothing to do with malware and are harmless.
It is best used along with other things or other information, or better still you can upload your HJT! log to a web site that specializes in telling you which lines you need to select (that does NOT include this site) that are associated with malware.
Even if you choose the right lines to delete, that may not get your computer completely back to the way it was before. The malware may very well be gone, or at least disabled, but some of the changes it made may still be there.

There is a lot of this type of malware these days, much of it coming from Russian sources. The problem is no one anti-malware program detects or removes all of them.
In my friend's case he had AVG 8.x and AdAware 2008 and neither found the malware he had when he did a full scan.

Did you make any notes about which highjacking malware you had, such as the sites the icons were directed to, or the site the broswer home page went to?
If you did, you can use the name of the site without the com or whatever to find complete removal instructions on the web, and sometimes, programs that will restore everything back to the way it was.

E.g. I cleaned out one of these hijacker anti-malware thingys a friend had on his computer, about a week ago.
Urls have:

If those do not sound familiar to you, you may need to search using info you have specific to your case
If those DO sound familiar to you....or in any case.....

I found by searching with those names on the web for removal instructions the free version of Malwarebytes removes everything to do with that malware (it found much more that just the lines in HJT!), and using SmitFraudFix after that fixes all the changes it made - if there is more than one User on your computer, all, or only one, or not all, may need to have SmitFraudFix run on their User.

Download them and select your desktop as the location to download to, so that you can execute them easily despite the fact you may not be able to see the contents of C.
Instructions I found said to boot your computer into Safe mode before running either program, so that's what I did.
I was also able to disable the Resident Shield in AVG 8 before running them because it's shortcut icon was on the desktop.
Both make a shortcut icon or folder on your desktop screen once installed.
You must update Malwarebytes before you run it.

I found some info about lines associated with this malware seen in HJT! logs, but it was already out of date, and they were different - they are apparently somewhat randomly generated. I searched with some of the odd file names in lines in my own HJT! log similar to those in the HJT! log they mentioned, and found other info in several places that said Malwarebytes finds both older and newer versions of this malware, and SmitFraudFix fixes the changes it makes.
I selected only two obvious lines for HJT! to fix - one for the homepage highjack that included one of the urls, the other an entry that disabled regedit from being used by the user.
After I ran Malwarebtyes I ran HJT! again - there were four (or more) lines that were there before that were gone, two of which I had no found no info about being associated with the malware, and two that I suspected were but was not sure about.

The free version of Malwarebytes has to be updated manually before you use it - use the full scan. (It doesn't search for tracking cookies - I like that feature.)
In this case, all of the malware components were on C, but if you have more than one hard drive partition, scan all of them.

SmitFraudFix is constantly being updated - make sure you get the latest version.
SmitFraudFix fixes the changes made by many of these things. The above names were not listed, but it fixed the changes it made anyway.
It changes the Home page to the default one for IE for the IE version you have, but that can be easily changed.

Be aware that some anti-malware programs such as AdAware 2008 flag SmitFraudFix.exe (the self extracting download) or SmitFraudFix.exe (the executable made when you extract the download, in a folder it makes) as malware, despite the fact it is not, and they will quarantine and/or delete those it you let it them. If you don't want them to do that, add those files or the folder they are in to an exclude or ignore list for the program.

Report •

Related Solutions

Ask Question