Malware file hiding in the recycle.bin that can't be deleted

Posted on 2013-06-02
Last Modified: 2013-11-22
I have a system that AVG realtime monitor keeps finding infected files on.  However, when I try to delete them I get, Access Denied.  

The files are located in the recycle.bin folder and I'm using an admin account to delete them.  No matter what i do I can't get rid of them; I always get the error:  Access Denied.  

Also, AVG is the only program that finds them.  

Now that I think about it -- should I try deleting them via the command prompt?  

Question by:CraigSNYC
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +4
LVL 96

Expert Comment

by:Experienced Member
ID: 39214298
Try online Malwarebytes. AVG is not the best AV in the world and I have had to remove it from client machines and replace it with commercial AV.

You might also try setting up a new, different admin account to see if a different account can delete the files.

.... Thinkpads_User
LVL 19

Expert Comment

ID: 39214327
Try to run a AV scan in Safe mode.
also try to scan the disk when OS is not running (booted up) - e.g. Kaspersky Rescue Disk, or remove HDD and plug it into another machine as second disk
LVL 24

Accepted Solution

aadih earned 500 total points
ID: 39214364
As Thinkpads_User said, "AVG is not the best AV".

Try using bitdefender free:  < >.

For now, try scanning and cleaning with Malwarebytes Antimalware (free) in safe mode (or even from command prompt in safe mode); then, again from the normal Windows mode.
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.


Author Comment

ID: 39214390

Hadn't run AVG in SM, so I will try that.  

Sorry, but I always leave out important bits of info (duh!): Malwarebytes doesn't find the files that I need to delete.  Also, the system was infected enough that I decided it was best to pull the drive from the client's system and clean it that way.  This is when the ownership issue first popped up.  I tried to change ownership of the files then but for whatever reason I couldn't.  I figured once the drive was reinstalled on the system I'd delete the files with no problem.  I was wrong about being able to do that.  

I'll run AVG in SM and see what happens.  

I'll update tomorrow, once I've been able to do this.  


Author Comment

ID: 39214396
One more interesting thing:  I ran CCleaner, emptied the recycle bin and turned off system restore but the files are still there.  Shouldn't have doing those things have deleted all files in the Recycle.bin folders?
LVL 24

Expert Comment

ID: 39214405
It appears there is a permissions issue (for files in recycle bin); thus the non-deletion.
LVL 18

Expert Comment

ID: 39214472
get the application called FileAssassin  to gain access to the file, then you can delete it.
When you delete the file use the shift key while pressing the delete key, this will bypass the trash can an permanently delete the file.
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 39220209
Some malware didn't let MalwareBytes to scan them in realtime, so we would need to run software like RKill, or RogueKiller to kill those malware processes and then run MalwareBytes.

I would recommend to scan the system with the tools mentioned below and in the sequence they are mentioned and post the logs

Make sure you DO NOT REBOOT the system after running tools in point 1 & 2.

1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKIller

I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference

Basic Malware Troubleshooting



Run MalwareBytes in Quick Mode and if that required reboot, then reboot the system and run tools mentioned in point 1 and 2 but this time run MalwareBytes in Full Systen Scan.

So in your next reply post the RogueKiller logs, MBAM logs and TDSSKIller Logs


Author Comment

ID: 39237760
**Thanks for the input.  I'm trying FileAssasin when I get my hands on the system this weekend and report back.
LVL 38

Expert Comment

ID: 39338779
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
LVL 96

Expert Comment

by:Experienced Member
ID: 39329650
@CraigSNYC - You never did follow up as you committed to do.

.... Thinkpads_User

Author Comment

ID: 39338777
I'm sorry!  I posted a response -- I don't know what happened to it.  

I ran AVG in SM.  Rebooted normally and ran it again.  Ran clean.  Also ran Malwarebytes in SM.  

The client reports no more real-time popups from AVG reporting the files in the recycle bin.


Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Change your it now!. Probably the easiest point of access to your account is through guessing your password. If your password is guessable, do change it now. If not for your sake but for everyone else in your friends list. Remember …
PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question