How to restore missing desktop icons and start menu items after malware/virus infection

A common sympton of a malware infection is that all of your desktop icons are missing, and sometimes even the start menu items show "empty", instead of the shortcuts to the applications.

The first part to remedy this is to clear the computer of the infection. This is not a tutorial on how to remove malware as there are plenty of tutorials on YouTube and other places. However, this tutorial will show you how to recover your desktop icons and your start menu items.

First, after your computer is cleaned of any infections, run unhide.exe. This program will change the attributes on every file on your hard drive to make them visible again.

Note: Some anti-virus programs may flag this file as suspicious. If that is the case, temporarily disable your anti-virus program and download unhide.exe again.

Sometimes, even after running unhide.exe, your start menu items are still missing. To fix this, you must locate a temporary directory called SMTMP and copy/paste the shortcuts into your user accounts start menu folder.

For Vista and Windows 7 machines, browse to:
C:\Users\%username%\AppData\Local\Temp\SMTMP

For XP machines, browse to:
C:\Documents and Settings\%username%\Local settings\Temp\SMTMP

Inside the SMTMP folder, you should see three folders, 1, 2, and 4.

Folder 1 contains your start menu icons. Folder 2 contains your Quick Launch items and folder 4 contains your desktop icons.

To restore your start menu items, browse into folder 1 and then into the Programs folder. Select all of the folders by using CTRL+A or Edit-->Select All, then right click and "Copy" or click Edit-->Copy.

This will copy the program folders and shortcuts to the clipboard. Next, you want to Paste those items into your start menu.

With Windows 7, the location of the start menu items changed. I find the easiest way to restore the shortcuts it to go to:

C:\Program Data\Microsoft\Windows\Start Menu

If the Program Data folder is not visible, you will need to change your Folder View Options and enable the display of hidden and system files. You can find these options by going to Control Panel --> Folder Options.

Once you can see the Program Data folder, go inside the Programs folder and right click and Paste, or click Edit-->Paste.

This should restore your start menu items.

Note: Some disk cleanup utilities such as CCleaner may delete the SMTMP folder. Make sure to not run CCleaner until after you have recovered your desktop icons and start menu icons.

Please feel free to leave a comment!

About the Author

chris's picture
Chris Kirby - Owner, The Computer Group
Chris Kirby is the owner of The Computer Group and regular contributor to the blog. Chris is 31 years old and has been working with computers since the age of 6.
Wed, 03/21/2012 - 12:15pm
Average: 4 (16 votes)

Add comment

Comments

I have ran into this issue several times and I have never been able to resolve it on the machines at my location. The folders in temp that supposedly contain the needed files are always empty (no they are not hidden). Always have to format when users catch these infections. Frustrating.

Matt, I have never had the issue your described. I always look in the temp folders after I run unhide.exe which can be downloaded here: http://www.bleepingcomputer.com/download/unhide/

One of the steps I usually do is clean out all my temporary files using TFC.exe by Oldtimer. But this just messes up the recovery of those files.

I did a check and the smtmp isn't detected. What do I do?

How do you run unhide if you do not have any icons? no start button, no start programs, no my computer, etc....

Try it in safe mode, or CTRL+ALT+DELETE to open task manager and then File-->Run from a Flash Drive.