Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Malware file hiding in the recycle.bin that can't be deleted

Posted on 2013-06-02
13
Medium Priority
?
498 Views
Last Modified: 2013-11-22
I have a system that AVG realtime monitor keeps finding infected files on.  However, when I try to delete them I get, Access Denied.  

The files are located in the recycle.bin folder and I'm using an admin account to delete them.  No matter what i do I can't get rid of them; I always get the error:  Access Denied.  

Also, AVG is the only program that finds them.  

Now that I think about it -- should I try deleting them via the command prompt?  

Thanks
0
Comment
Question by:CraigSNYC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +4
13 Comments
 
LVL 97

Expert Comment

by:John Hurst
ID: 39214298
Try online Malwarebytes. AVG is not the best AV in the world and I have had to remove it from client machines and replace it with commercial AV.

You might also try setting up a new, different admin account to see if a different account can delete the files.

.... Thinkpads_User
0
 
LVL 19

Expert Comment

by:helpfinder
ID: 39214327
Try to run a AV scan in Safe mode.
also try to scan the disk when OS is not running (booted up) - e.g. Kaspersky Rescue Disk, or remove HDD and plug it into another machine as second disk
0
 
LVL 24

Accepted Solution

by:
aadih earned 2000 total points
ID: 39214364
As Thinkpads_User said, "AVG is not the best AV".

Try using bitdefender free:  < http://www.bitdefender.com/solutions/free.html >.

For now, try scanning and cleaning with Malwarebytes Antimalware (free) in safe mode (or even from command prompt in safe mode); then, again from the normal Windows mode.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:CraigSNYC
ID: 39214390
Thanks!  

Hadn't run AVG in SM, so I will try that.  

Sorry, but I always leave out important bits of info (duh!): Malwarebytes doesn't find the files that I need to delete.  Also, the system was infected enough that I decided it was best to pull the drive from the client's system and clean it that way.  This is when the ownership issue first popped up.  I tried to change ownership of the files then but for whatever reason I couldn't.  I figured once the drive was reinstalled on the system I'd delete the files with no problem.  I was wrong about being able to do that.  

I'll run AVG in SM and see what happens.  

I'll update tomorrow, once I've been able to do this.  

Thanks!
0
 

Author Comment

by:CraigSNYC
ID: 39214396
One more interesting thing:  I ran CCleaner, emptied the recycle bin and turned off system restore but the files are still there.  Shouldn't have doing those things have deleted all files in the Recycle.bin folders?
0
 
LVL 24

Expert Comment

by:aadih
ID: 39214405
It appears there is a permissions issue (for files in recycle bin); thus the non-deletion.
0
 
LVL 18

Expert Comment

by:web_tracker
ID: 39214472
get the application called FileAssassin  to gain access to the file, then you can delete it.
http://download.cnet.com/FileAssassin/3000-2094_4-10639988.html
When you delete the file use the shift key while pressing the delete key, this will bypass the trash can an permanently delete the file.
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 39220209
Some malware didn't let MalwareBytes to scan them in realtime, so we would need to run software like RKill, or RogueKiller to kill those malware processes and then run MalwareBytes.

I would recommend to scan the system with the tools mentioned below and in the sequence they are mentioned and post the logs

Make sure you DO NOT REBOOT the system after running tools in point 1 & 2.

1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKIller

I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference

Basic Malware Troubleshooting
http://www.experts-exchange.com/A_1940.html

Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_4922.html

Stop-the-Bleeding-First-Aid-for-Malware
http://www.experts-exchange.com/A_5124.html

Run MalwareBytes in Quick Mode and if that required reboot, then reboot the system and run tools mentioned in point 1 and 2 but this time run MalwareBytes in Full Systen Scan.

So in your next reply post the RogueKiller logs, MBAM logs and TDSSKIller Logs

Sudeep
0
 

Author Comment

by:CraigSNYC
ID: 39237760
**Thanks for the input.  I'm trying FileAssasin when I get my hands on the system this weekend and report back.
0
 
LVL 38

Expert Comment

by:younghv
ID: 39338779
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0
 
LVL 97

Expert Comment

by:John Hurst
ID: 39329650
@CraigSNYC - You never did follow up as you committed to do.

.... Thinkpads_User
0
 

Author Comment

by:CraigSNYC
ID: 39338777
I'm sorry!  I posted a response -- I don't know what happened to it.  

I ran AVG in SM.  Rebooted normally and ran it again.  Ran clean.  Also ran Malwarebytes in SM.  

The client reports no more real-time popups from AVG reporting the files in the recycle bin.

Thanks!
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question