Solved

Malware file hiding in the recycle.bin that can't be deleted

Posted on 2013-06-02
13
485 Views
Last Modified: 2013-11-22
I have a system that AVG realtime monitor keeps finding infected files on.  However, when I try to delete them I get, Access Denied.  

The files are located in the recycle.bin folder and I'm using an admin account to delete them.  No matter what i do I can't get rid of them; I always get the error:  Access Denied.  

Also, AVG is the only program that finds them.  

Now that I think about it -- should I try deleting them via the command prompt?  

Thanks
0
Comment
Question by:CraigSNYC
  • 4
  • 2
  • 2
  • +4
13 Comments
 
LVL 94

Expert Comment

by:John Hurst
ID: 39214298
Try online Malwarebytes. AVG is not the best AV in the world and I have had to remove it from client machines and replace it with commercial AV.

You might also try setting up a new, different admin account to see if a different account can delete the files.

.... Thinkpads_User
0
 
LVL 19

Expert Comment

by:helpfinder
ID: 39214327
Try to run a AV scan in Safe mode.
also try to scan the disk when OS is not running (booted up) - e.g. Kaspersky Rescue Disk, or remove HDD and plug it into another machine as second disk
0
 
LVL 24

Accepted Solution

by:
aadih earned 500 total points
ID: 39214364
As Thinkpads_User said, "AVG is not the best AV".

Try using bitdefender free:  < http://www.bitdefender.com/solutions/free.html >.

For now, try scanning and cleaning with Malwarebytes Antimalware (free) in safe mode (or even from command prompt in safe mode); then, again from the normal Windows mode.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:CraigSNYC
ID: 39214390
Thanks!  

Hadn't run AVG in SM, so I will try that.  

Sorry, but I always leave out important bits of info (duh!): Malwarebytes doesn't find the files that I need to delete.  Also, the system was infected enough that I decided it was best to pull the drive from the client's system and clean it that way.  This is when the ownership issue first popped up.  I tried to change ownership of the files then but for whatever reason I couldn't.  I figured once the drive was reinstalled on the system I'd delete the files with no problem.  I was wrong about being able to do that.  

I'll run AVG in SM and see what happens.  

I'll update tomorrow, once I've been able to do this.  

Thanks!
0
 

Author Comment

by:CraigSNYC
ID: 39214396
One more interesting thing:  I ran CCleaner, emptied the recycle bin and turned off system restore but the files are still there.  Shouldn't have doing those things have deleted all files in the Recycle.bin folders?
0
 
LVL 24

Expert Comment

by:aadih
ID: 39214405
It appears there is a permissions issue (for files in recycle bin); thus the non-deletion.
0
 
LVL 18

Expert Comment

by:web_tracker
ID: 39214472
get the application called FileAssassin  to gain access to the file, then you can delete it.
http://download.cnet.com/FileAssassin/3000-2094_4-10639988.html
When you delete the file use the shift key while pressing the delete key, this will bypass the trash can an permanently delete the file.
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 39220209
Some malware didn't let MalwareBytes to scan them in realtime, so we would need to run software like RKill, or RogueKiller to kill those malware processes and then run MalwareBytes.

I would recommend to scan the system with the tools mentioned below and in the sequence they are mentioned and post the logs

Make sure you DO NOT REBOOT the system after running tools in point 1 & 2.

1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKIller

I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference

Basic Malware Troubleshooting
http://www.experts-exchange.com/A_1940.html

Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_4922.html

Stop-the-Bleeding-First-Aid-for-Malware
http://www.experts-exchange.com/A_5124.html

Run MalwareBytes in Quick Mode and if that required reboot, then reboot the system and run tools mentioned in point 1 and 2 but this time run MalwareBytes in Full Systen Scan.

So in your next reply post the RogueKiller logs, MBAM logs and TDSSKIller Logs

Sudeep
0
 

Author Comment

by:CraigSNYC
ID: 39237760
**Thanks for the input.  I'm trying FileAssasin when I get my hands on the system this weekend and report back.
0
 
LVL 38

Expert Comment

by:younghv
ID: 39338779
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 39329650
@CraigSNYC - You never did follow up as you committed to do.

.... Thinkpads_User
0
 

Author Comment

by:CraigSNYC
ID: 39338777
I'm sorry!  I posted a response -- I don't know what happened to it.  

I ran AVG in SM.  Rebooted normally and ran it again.  Ran clean.  Also ran Malwarebytes in SM.  

The client reports no more real-time popups from AVG reporting the files in the recycle bin.

Thanks!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ransomware and redirected folders 9 105
Yet another Ransome ware 13 198
Web Browsers Start Page Hijacker 14 220
Total AV worth it? 4 342
12 Steps to a more secure Internet experience (http://tekblog.teksquisite.com/) Everyone who is a licensed driver initially had to pass a driving test that consisted of taking:    1. a written test    2. a road test    3. a vision test Le…
So you got the Conficker. You could go to each machine and run the eye chart test (http://www.confickerworkinggroup.org/infection_test/cfeyechart.html), but in a bigger environment, or if you prefer to work smarter and not harder, you need some …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question