Windows XP restore Virus/Malware Start menu shortcuts

Recently we have been getting a few copy’s of the “Windows XP Restore” virus going around.  This one is a nasty bit of kit.  It changes all your files on C:\ to hidden and throws in a bunch of popup crap.  I have been using malwarebytes anti-malware to get rid of the bugger but this virus leaves a parting gift of a hours worth of cleanup for the user profile.  So far my process has been to rename the users profile folder under c:\documents and settings.  I just rename the user folder to user.old.  Then I log in as the user which creates a new profile.  I then migrate the data back over manually.

Another pain in the ass with this virus is start menu shortcuts.  Even after un-hiding the “All Users” start menu and the profile start menu all the shortcuts were still missing,  So I went on the hunt and found that the virus moves them to C:\Documents and Settings\user\Local Settings\Temp\smtmp\1.  It also seems to have moved quick launch to C:\Documents and Settings\user\Local Settings\Temp\smtmp\2.

NOTE: Recover these files before you run your AV software as they have started removing the files as part of the virus.

Hope this little bit of info helps!