Strange 'malware' found in Recycler

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by bobgure, May 7, 2006.

  1. bobgure

    bobgure Private E-2

    Hello,
    I already ran and completed the 'Run & Read Me First' protocol.

    windows xp home sp2
    Pent 4 3.0
    IE 6.0.3900
    512 RAM
    80 GB HD

    Panda Activescan alerted me to some 'spyware' :

    C:\Doc & Settings\Recycler - S-1-5-21-4031732021-1400388921-360

    It appears in the 'Recycler' folder in Windows Explorer with the recycle bin icon.
    It can't be deleted. Any info? :confused:
    Sorry I don't have actual report from Panda.

    Bob
     
    bobgure, May 7, 2006
    #1
  2. bobgure

    bobgure Private E-2

    I'm doing another PandaActivescan right now.

    --B
     
    bobgure, May 7, 2006
    #2
  3. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    you may need to go into Safe Mode to delete the recycler file,

    open My Computer, goto Tools > Folder Options > View and tick Show Hidden Files and untick Hide Protected Operating System Files > Apply

    Then open C: drive, can you see a Recycler folder here, open it, it should contain some hidden Recycle Bins, delete them.

    plus I would as you have gone through the guide, post the requested logs, just as a double check as the Malware experts here are superb, not saying that as I know them but from the vast amount of users that they help remove malware without the need for re-install of the OS.
     
    DavidGP, May 7, 2006
    #3
  4. bobgure

    bobgure Private E-2

    Hi,
    The file won't allow itself to be deleted in safe mode or otherwise.
    Message window says "it's being used by another program".
    hmm.
    My new Panda Scan didn't show it this time, yet it's still there.

    - Bob

    Anyone up for a hijackthis log?
     
    bobgure, May 7, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Complete ALL steps in the READ & RUN ME and attach the Bitdefender and PandaActiveScan log first BEFORE a HijackThis log is attach.

    What you post in your first message
    does not look correct. It look more like you are referring to a registry key than something in a Recycle Bin folder. That is not even a valid location for a Recycle Bin.
     
    chaslang, May 7, 2006
    #5
  6. bobgure

    bobgure Private E-2

    Hi,
    I've completed 'Run & Read Me' steps and have enclosed a new ActiveScan txt.
    Bitdefender showed nothing (0 objects) for malware or suspicious objects.

    Two days ago I ran the Panda Scan and it showed 4 found objects: 3 cookies which I deleted manually and one 'spyware', whose location was C\recycler
    The file name Panda gave me was S-1-5-21-4031732021-1400388921-360
    and indeed in that C\recycler folder was that file (with a recycle bin icon next to it.
    When I tried to delete it, a " Cannot delete, being used by another person or program" window comes up.
    It remains there now. Even though the new Activescan doesn't pick up on it.

    Unfortunatly I did not save a report from the scan two days ago...a bad choice.
    Btw it also reported spyware in a IE favorites folder which was empty and I've subsequently deleted.

    Weird. :confused:

    thanks
    Bob
     

    Attached Files:

    bobgure, May 8, 2006
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    As I thought, it was not in C:\Documents and Settings! It is in your Recycle Bin.

    You do not need to delete anything from the Recycle Bin manually. All you need to do is Empty the Recycle Bin by right clicking on the Recycle Bin icon and select Empty Recycle Bin

    The folder you are referring too is just part of the Recycle Bin structure which you will see if you look into the Recycler folder with Windows Explorer.
     
    chaslang, May 8, 2006
    #7
  8. bobgure

    bobgure Private E-2

    Hi Chas,
    Thanks for clearing that up for me.
    It was strange that Panda picked it up as a piece of malware.
    Ok....so be it.

    Thanks once more,

    Bob
     
    bobgure, May 8, 2006
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It probably was not complaining about the folder but rather something that was in the folder at the time. But after you run the READ & RUN ME, the Recycle Bin will have been cleaned. Thus, nothing is left if the folder. This is why it is important to attach all logs in their complete format and to not try to put things into your own words. If we see the actual log, we know exactly what is going on.
     
    chaslang, May 8, 2006
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds