Many people will recognise this "issue" in XP after being infected with latest Vundo/Virtumonde variant.
This one decides to change the Local Disk icon into a red cross - the "Windows delete icon".
What happened here is, an extra key "DriveIcons" was created under the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer key in the registry. The DriveIcons key is not a default key in Windows XP. This one is only created if you want to change your Drive Icons.
An export of the key shows this:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c\DefaultIcon]
@="%SystemRoot%\\system32\\shell32.dll,131"
In this case, it was set to the "Windows delete icon" (IconFile=shell32.dll,131)
To fix it, all you have to do is to delete the DriveIcons key in the registry.
To do this with a regfix:
Open notepad and copy and paste next in it:
(don't forget to copy and paste REGEDIT4)
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons]
Save this as fixicon.reg Choose to save as *all files and place it on your desktop.
It should look like this:
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
