CraigSNYC
asked on
Malware file hiding in the recycle.bin that can't be deleted
I have a system that AVG realtime monitor keeps finding infected files on. However, when I try to delete them I get, Access Denied.
The files are located in the recycle.bin folder and I'm using an admin account to delete them. No matter what i do I can't get rid of them; I always get the error: Access Denied.
Also, AVG is the only program that finds them.
Now that I think about it -- should I try deleting them via the command prompt?
Thanks
The files are located in the recycle.bin folder and I'm using an admin account to delete them. No matter what i do I can't get rid of them; I always get the error: Access Denied.
Also, AVG is the only program that finds them.
Now that I think about it -- should I try deleting them via the command prompt?
Thanks
Try to run a AV scan in Safe mode.
also try to scan the disk when OS is not running (booted up) - e.g. Kaspersky Rescue Disk, or remove HDD and plug it into another machine as second disk
also try to scan the disk when OS is not running (booted up) - e.g. Kaspersky Rescue Disk, or remove HDD and plug it into another machine as second disk
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks!
Hadn't run AVG in SM, so I will try that.
Sorry, but I always leave out important bits of info (duh!): Malwarebytes doesn't find the files that I need to delete. Also, the system was infected enough that I decided it was best to pull the drive from the client's system and clean it that way. This is when the ownership issue first popped up. I tried to change ownership of the files then but for whatever reason I couldn't. I figured once the drive was reinstalled on the system I'd delete the files with no problem. I was wrong about being able to do that.
I'll run AVG in SM and see what happens.
I'll update tomorrow, once I've been able to do this.
Thanks!
Hadn't run AVG in SM, so I will try that.
Sorry, but I always leave out important bits of info (duh!): Malwarebytes doesn't find the files that I need to delete. Also, the system was infected enough that I decided it was best to pull the drive from the client's system and clean it that way. This is when the ownership issue first popped up. I tried to change ownership of the files then but for whatever reason I couldn't. I figured once the drive was reinstalled on the system I'd delete the files with no problem. I was wrong about being able to do that.
I'll run AVG in SM and see what happens.
I'll update tomorrow, once I've been able to do this.
Thanks!
ASKER
One more interesting thing: I ran CCleaner, emptied the recycle bin and turned off system restore but the files are still there. Shouldn't have doing those things have deleted all files in the Recycle.bin folders?
It appears there is a permissions issue (for files in recycle bin); thus the non-deletion.
get the application called FileAssassin to gain access to the file, then you can delete it.
http://download.cnet.com/FileAssassin/3000-2094_4-10639988.html
When you delete the file use the shift key while pressing the delete key, this will bypass the trash can an permanently delete the file.
http://download.cnet.com/FileAssassin/3000-2094_4-10639988.html
When you delete the file use the shift key while pressing the delete key, this will bypass the trash can an permanently delete the file.
Some malware didn't let MalwareBytes to scan them in realtime, so we would need to run software like RKill, or RogueKiller to kill those malware processes and then run MalwareBytes.
I would recommend to scan the system with the tools mentioned below and in the sequence they are mentioned and post the logs
Make sure you DO NOT REBOOT the system after running tools in point 1 & 2.
1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKIller
I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference
Basic Malware Troubleshooting
https://www.experts-exchange.com/A_1940.html
Rogue-Killer-What-a-great- name
https://www.experts-exchange.com/A_4922.html
Stop-the-Bleeding-First-Ai d-for-Malw are
https://www.experts-exchange.com/A_5124.html
Run MalwareBytes in Quick Mode and if that required reboot, then reboot the system and run tools mentioned in point 1 and 2 but this time run MalwareBytes in Full Systen Scan.
So in your next reply post the RogueKiller logs, MBAM logs and TDSSKIller Logs
Sudeep
I would recommend to scan the system with the tools mentioned below and in the sequence they are mentioned and post the logs
Make sure you DO NOT REBOOT the system after running tools in point 1 & 2.
1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKIller
I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference
Basic Malware Troubleshooting
https://www.experts-exchange.com/A_1940.html
Rogue-Killer-What-a-great-
https://www.experts-exchange.com/A_4922.html
Stop-the-Bleeding-First-Ai
https://www.experts-exchange.com/A_5124.html
Run MalwareBytes in Quick Mode and if that required reboot, then reboot the system and run tools mentioned in point 1 and 2 but this time run MalwareBytes in Full Systen Scan.
So in your next reply post the RogueKiller logs, MBAM logs and TDSSKIller Logs
Sudeep
ASKER
**Thanks for the input. I'm trying FileAssasin when I get my hands on the system this weekend and report back.
I've requested that this question be deleted for the following reason:
Not enough information to confirm an answer.
Not enough information to confirm an answer.
@CraigSNYC - You never did follow up as you committed to do.
.... Thinkpads_User
.... Thinkpads_User
ASKER
I'm sorry! I posted a response -- I don't know what happened to it.
I ran AVG in SM. Rebooted normally and ran it again. Ran clean. Also ran Malwarebytes in SM.
The client reports no more real-time popups from AVG reporting the files in the recycle bin.
Thanks!
I ran AVG in SM. Rebooted normally and ran it again. Ran clean. Also ran Malwarebytes in SM.
The client reports no more real-time popups from AVG reporting the files in the recycle bin.
Thanks!
You might also try setting up a new, different admin account to see if a different account can delete the files.
.... Thinkpads_User