RE: Unhappy face icon on NT 4 workstation

From: Thomas Cameron (ThomasC@mip.com)
Date: 02/18/03

  • Next message: Henry Sieff: "RE: Ye Olde OWA Topic (Was RE: Website inside or outside domain)" 
    From: Thomas Cameron <ThomasC@mip.com>
To: focus-ms@lists.securityfocus.com
Date: Tue, 18 Feb 2003 13:29:56 -0600

    To restore the icons, delete the c:\winnt\ShellIconCache file and reboot.

    Regards,
    Thomas Cameron, RHCE, CNE, MCSE, MCT
    Micro Information Products - Best Software
    (512) 454-1844 x 307

    -----Original Message-----
    From: Bill Martin [mailto:martin.b@attbi.com]
    Sent: Saturday, February 15, 2003 1:39 AM
    To: Sopatyk, Donna; focus-ms@lists.securityfocus.com
    Subject: RE: Unhappy face icon on NT 4 workstation

    Donna,

    As for the unhappy face you speak of is nothing more than a mapping do an
    ICON (icon) either as a stand alone or to a area within a DLL. In the
    registry, if you do a search for "My Computer", you will be taken to an area
    that that references a GUID. In the values on the right pane, you will see
    something similar to:

    (Default) = REG_SZ My Computer
    InfoTip = Displays the files and folders on your computer LocalizedString =
    @D:\WINNT\system32\shell32.dll,-9216@1033,My Computer

    Under the LocalizedString, you will notice is points to a dll, and within
    that DLL are ICON type images. It is possible, someone who had admin rights
    changed this to point to another DLL which contained the "unhappy face". It
    might even be within that DLL, I have not bothered to check.

    That aside, it is also possible for the desktop to get "whacked" (yes I said
    whacked cause I have no other name for it) and as a result, Icons in general
    get shuffled over. In other words, where you might see a FOLDER icon, you
    will see a NOTEPAD icon, etc. Where there any other problems with ICONS? If
    not, I'd venture to say it was my first suggestions. None the less, the ICON
    in of itself would not bother be, but that someone had admin level rights to
    change this, would.

    I would suggest rebuilding that system, unless you can find how someone got
    in, and ensure that nothing was planted (i.e. back-doored). Good Luck
    -bill-

    -----Original Message-----
    From: Sopatyk, Donna [mailto:donna.sopatyk@eds.com]
    Sent: Thursday, February 13, 2003 1:24 PM
    To: 'focus-ms@lists.securityfocus.com'
    Subject: Unhappy face icon on NT 4 workstation

    Hi all,
    I've had some unexplained things happen on my NT 4.0 workstation. I was
    having some problems with blue screening before because my palm pilot cradle
    was not set up right with the baud rate. I also noticed that someone had
    mapped a drive to another server with the Administrator account. I know I
    don't know the password for that account, and that concerns me. When I was
    checking things out, I noticed that "my computer" icon was like a yellow
    unhappy face. I've never seen that before. When I placed my cursor over it,
    it changed to a different icon...but no the hardware drive that it usually
    looks like. After I rebooted, it went back to normal. Hasn't happened since.
    I've disconnected my PC anywhere, ran a virus scan on my machine and changed
    my password. Has anyone ever heard of a unhappyface icon on NT? Virus or
    otherwise? Thanks Donna

    Donna Sopatyk
    MCSE+I CNA
    Information Security Analyst
    EDS
    Phone: (403)205-2893
    Pager: (403)205-2136

    For the protection of our internal systems and those of our customers, Best
    Software, Inc., blocks most email attachments. Please use plain text when
    corresponding via email with Best Software.

    Relevant Pages

    • RE: Unhappy face icon on NT 4 workstation
      ... ICON either as a stand alone or to a area within a DLL. ... changed this to point to another DLL which contained the "unhappy face". ... ran a virus scan on my ...
      (Focus-Microsoft)
    • RE: Unhappy face icon on NT 4 workstation
      ... In other words, where you might see a FOLDER icon, you ... Unhappy face icon on NT 4 workstation ... mapped a drive to another server with the Administrator account. ... ran a virus scan on my ...
      (Focus-Microsoft)
    • Re: Missing Volume Icon
      ... I had the same problem and tried Peter's suggested fix, ... but for me also when I rebooted the icon would be gone. ... On the next reboot the icon is gone again. ... >> Go to control Panel and click the Sound and Audio ...
      (microsoft.public.windowsxp.hardware)
    • Re: Missing dll problem KB920872 + Creative Audio HQ
      ... The icon came back, as expected. ... It started to download, then ended, and the icon went away, and MS ... indicated as already downloaded and ready to install. ... A hard boot as opposed to a soft reboot cured the problem. ...
      (microsoft.public.windowsupdate)
    • Re: No icons in System tray
      ... yahoo messenger and Memeo. ... same problem after reboot. ... Also when I plug my iPod, I don't see the icon to eject devices. ...
      (microsoft.public.windowsxp.general)