Malwarebytes found a PUP in $Recycle.Bin

D

DSD

New member
Local time
4:11 AM
Messages
13
I ran Malwarebytes last night (its been a couple of months or so since last run) and it found these two files.

-----------
PUP.Optional.InstallCore, C:\$Recycle.Bin\S-1-5-21-860478646-3864081590-2235541041-1001\$RW8RJTC.exe

PUP.Optional.InstallCore, C:\Users\Me\AppData\Local\Temp\ICReinstall_FileZilla_3.8.0_win32-setup.exe
------------

I am assuming they are the same file since some of my research last night says that what is in your Recycle Bin is also found in your $Recycle.Bin. There were mixed results though some places said there is such a thing as a $Recycle.Bin Virus.

Can anyone confirm this? Or have any ideas if what is being found in my $Recycle.Bin is in fact a dangerous file?

Thank you in advance!

PS -I wish Malwarebytes still gave a date of the file like it used to. That was much more helpful in determining if a file was really a virus/malware, or a PUP.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell XPS8700
OS
Windows 7 Home Premium 64bit
CPU
Intel Core i7 3.40 GHz
Memory
8 GB
Hard Drives
Main Hard Drive
2 Additional Western Digital Hard Drives
Antivirus
McAfee
Browser
Firefox
Hi,
Filezilla well that is probably a piggyback PUP from som other download,
Use this,
Review Jacee’s instructions to run Adwcleaner here post #7,
Ignore the title of the thread,
http://www.sevenforums.com/system-security/316404-instant-savings-app.html
On the BleepingComputer site use the button that looks like this,
adwcleaner-button.JPG

http://www.microsoft.com/security/scanner/en-us/default.aspx
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom assembled by me :}
OS
Win-7-Pro64bit 7-H-Prem-64bit
CPU
i7-5930K 2nd i9-9940x both water blocked VRM's too
Motherboard
ASUS SABERTOOTH X99 2nd ASUS x299 Apex
Memory
Trident-z 3200C14 2nd Trident-z 3600C16
Graphics Card(s)
EVGA 1080ti ftw3 2nd Titan Xp both water blocked
Sound Card
Built-in Realtek
Monitor(s) Displays
1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24" 144Hz
Screen Resolution
1920 x 1080 144Hz
Hard Drives
2-Samsung M.2 Evo & Evo Plus
2-Samsung 850 EVO 500GB SSD's/ 3-2.5 W.D. Black 1tb-&3-1tb/3-3.5 WD Black 1tb hdd's
PSU
EVGA SuperNOVA 1000-P2 2nd 1200-P2
Case
2-Corsair Obsidian Series 450D Black ATX Mid Tower
Cooling
Custom water loops
Keyboard
Logitech G710+/ 2nd Logitech G910
Mouse
2-RedDragon M901 Perdition 16400 dpi Gaming mouse = wired
Internet Speed
Comcast Ping 19ms 89.31mbps download speed 6.12mbps upload
Antivirus
Malwarebytes Pro/ Superantispyware Pro
Browser
FireFox & Pale moon
Other Info
2nd ASUS X299 Apex/Intel i9-9940x with Custom water loop/7H-Prem-x64/Corsair 450D case/Ram Trident-z 3600C16 4x8gb / Samsung970Evo plus 500gb SSD/Dual ssd EZ swap evo/PSU EVGA SuperNova 1200w-P2 80+Platinum/GPU Titan Xp /8-ML-140 on push-pull on 2-280GTX rads
Filezilla is a legitimate program I use and have installed on my computer.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell XPS8700
OS
Windows 7 Home Premium 64bit
CPU
Intel Core i7 3.40 GHz
Memory
8 GB
Hard Drives
Main Hard Drive
2 Additional Western Digital Hard Drives
Antivirus
McAfee
Browser
Firefox
Yep people love them PUP's they are so pretty :)
Post Adwcleaner's scan results and see what it finds ;)
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom assembled by me :}
OS
Win-7-Pro64bit 7-H-Prem-64bit
CPU
i7-5930K 2nd i9-9940x both water blocked VRM's too
Motherboard
ASUS SABERTOOTH X99 2nd ASUS x299 Apex
Memory
Trident-z 3200C14 2nd Trident-z 3600C16
Graphics Card(s)
EVGA 1080ti ftw3 2nd Titan Xp both water blocked
Sound Card
Built-in Realtek
Monitor(s) Displays
1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24" 144Hz
Screen Resolution
1920 x 1080 144Hz
Hard Drives
2-Samsung M.2 Evo & Evo Plus
2-Samsung 850 EVO 500GB SSD's/ 3-2.5 W.D. Black 1tb-&3-1tb/3-3.5 WD Black 1tb hdd's
PSU
EVGA SuperNOVA 1000-P2 2nd 1200-P2
Case
2-Corsair Obsidian Series 450D Black ATX Mid Tower
Cooling
Custom water loops
Keyboard
Logitech G710+/ 2nd Logitech G910
Mouse
2-RedDragon M901 Perdition 16400 dpi Gaming mouse = wired
Internet Speed
Comcast Ping 19ms 89.31mbps download speed 6.12mbps upload
Antivirus
Malwarebytes Pro/ Superantispyware Pro
Browser
FireFox & Pale moon
Other Info
2nd ASUS X299 Apex/Intel i9-9940x with Custom water loop/7H-Prem-x64/Corsair 450D case/Ram Trident-z 3600C16 4x8gb / Samsung970Evo plus 500gb SSD/Dual ssd EZ swap evo/PSU EVGA SuperNova 1200w-P2 80+Platinum/GPU Titan Xp /8-ML-140 on push-pull on 2-280GTX rads
Wondering why I need to install Adwcleaner when I use SUPERAntiSpyware. It looks to me like
SUPERAntiSpyware does more than Adwcleaner does. I regularly run
SUPERAntiSpyware on my computer.

All I want to know is if that is even possible to have a virus in that location on my computer, in the $Recycle.Bin?
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell XPS8700
OS
Windows 7 Home Premium 64bit
CPU
Intel Core i7 3.40 GHz
Memory
8 GB
Hard Drives
Main Hard Drive
2 Additional Western Digital Hard Drives
Antivirus
McAfee
Browser
Firefox
DSD said:
All I want to know is if that is even possible to have a virus in that location on my computer, in the $Recycle.Bin?
Click to expand...
Yes.
 

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
Employer provided Dell Latitude
OS
W7 Pro SP1 64bit
CPU
i7
Memory
8GB
Graphics Card(s)
Intel HD Graphics
Hard Drives
crappy SSD
Antivirus
Employer mandated Symantec Endpoint Protection
Browser
Pale Moon 64bit, IE11 64bit & Chrome 64bit
Can someone tell me how the Recycle Bin and $Recycle.Bin work?

I would like to know if these two files are or could be the same file, and if the $Recycle.Bin renames the files randomly.

When I search the internet for this file "$RW8RJTC.exe" nothing comes up.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell XPS8700
OS
Windows 7 Home Premium 64bit
CPU
Intel Core i7 3.40 GHz
Memory
8 GB
Hard Drives
Main Hard Drive
2 Additional Western Digital Hard Drives
Antivirus
McAfee
Browser
Firefox
$Recycle.Bin is a folder that Windows does not show to the user by default.

Under that folder is a folder named Recycle Bin.

That Recycle Bin folder is an alias.

The real folder is named after your SID.

rb.PNG


I don't know if the two files mentioned in the OP are the same.

Why not just empty your Recycle Bin and be done with it?
 

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
Employer provided Dell Latitude
OS
W7 Pro SP1 64bit
CPU
i7
Memory
8GB
Graphics Card(s)
Intel HD Graphics
Hard Drives
crappy SSD
Antivirus
Employer mandated Symantec Endpoint Protection
Browser
Pale Moon 64bit, IE11 64bit & Chrome 64bit
The first thing you have to realize is what a PUP is, it stands for Potentially Unwanted Program - these programs are often just programs that work in a way that they could be used to damage the operating system - I often have Malwarebytes Pro flag parts of my toolkit as PUP's I simply add them to the exclusions list, (these are small tools that I have been using for many years and am secure about the source).

It is quite possible that you may recognize the program and want to keep it - If you are not sure I suggest you select the " quarantine " or similar option so you can recover the file later if you realise you did need it after all

Recycle Bin is the user facing title for $Recycle.Bin which is the system name of the special folder that works as the bin
 

My Computers

System One System Two

  • Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    ChillBlast - Custom to my design
    OS
    Windows 11 Pro x64 [Latest Release and Release Preview]
    CPU
    Ryzen 9 5950X, 3.8 - 5.2 MHz
    Motherboard
    Asus Prime X570-Pro
    Memory
    64GB [2 x 32GB] DDR4 3200MHz
    Graphics Card(s)
    4GB NVIDIA GEFORCE GTX 1650 Ti
    Sound Card
    On-board SPDIF to 5.1 System + HDMI [5.1 system]
    Monitor(s) Displays
    32" UHD 32 Bit HDR Monitor + 43" UHD 4K 32Bit HDR TV
    Screen Resolution
    2 x 3840 x 2160 @60Hz
    Hard Drives
    1TB M2 SSD OS, 500GB Fast Access SSD, 2 x 8TB Data + Various Externals from 1TB to 4TB, 10TB NAS
    PSU
    NZXT C750 80 PLUS Gold 750W Modular PSU
    Case
    Workstation Case [Matt Black]
    Cooling
    NZXT Kraken X63 280mm CPU Cooler +2x Quiet Case fans
    Keyboard
    Logitech Wireless MX Keys & K400 + others
    Mouse
    Logitech Wireless MX Master 3S
    Internet Speed
    920 MB Down 50 MB Up
    Antivirus
    BitDefender Total Security Pro
    Browser
    Chrome (always run latest Non-Beta)
    Other Info
    Also run ...
    Laptop - Quad 8GB - Windows 10 Pro x64
    Nexus 7 Android tablet x2
    Samsung 10.2" tablet
    Blackview TAB 8 4G Android Tablet c/w Keyboard
    Wacom Intuos Pro Medium Pen Pad
    Wacom Intuos Pro Small Pen Pad
    Wacom Expresskeys Remote
    Loopdeck+ Graphics Controller
    Shuttle Pro v2 Control
  • Computer type
    Laptop
    System Manufacturer/Model Number
    Dell XPS 17 10750H
    OS
    Windows 11 Pro x64 Latest RP
    CPU
    Intel I7 10750H 5.0GHz
    Motherboard
    Dell XPS
    Memory
    32GB [2x16GB] DDR4 2933 MHz
    Graphics Card(s)
    nVidia GTX1650Ti 4 GB GDDR6
    Sound Card
    Stock [Realtek] 4 Speaker
    Monitor(s) Displays
    17" IPS UHD+ Infinity Edge Touchscreen
    Screen Resolution
    3840 x 2400
    Hard Drives
    2TB M2 NVMe, 4TB External + various 500GB & 1TB External NVMe (also have access to spinner HDD from
    PSU
    Stock
    Case
    Stock XPS Aluminium & Carbon Fibre
    Cooling
    Stock - Active Fan Control
    Keyboard
    Backlit + Various Logitech
    Mouse
    Stock Track Pad + Logitech MX Trackball
    Internet Speed
    72 MB Down 18MB Up
    Browser
    Chrome
    Other Info
    Also run ...
    Laptop - Quad 8GB - Windows 10 Pro x64
    Nexus 7 Android tablet x2
    10.2" tablet
    Sony Z3 Android Smartphone
    Wacom Intuos Pro Medium Pen Pad
    Wacom Intuos Pro Small Pen Pad
    Wacom Expresskeys Remote
    Loopdeck+ Graphics Controller
    Shuttle Pro v2 Control Pad
    10TB NAS
Barman58 said:
~~~
Recycle Bin is the user facing title for $Recycle.Bin which is the system name of the special folder that works as the bin
Click to expand...
I thought that $Recycle.Bin was a real folder and the SID folders were the ones given the Recycle Bin alias.

rb.PNG


Also, Malwarebytes does not flag the normal installer for FileZilla 3.8.0 or the app itself. The OP might have gotten an installer than had PUPs packed in. Either way, both files mentioned in the OP should be deleted.


edit: this is the VirusTotal results for version 3.8.0:


fz.PNG

Version 3.14 is out.
 

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
Employer provided Dell Latitude
OS
W7 Pro SP1 64bit
CPU
i7
Memory
8GB
Graphics Card(s)
Intel HD Graphics
Hard Drives
crappy SSD
Antivirus
Employer mandated Symantec Endpoint Protection
Browser
Pale Moon 64bit, IE11 64bit & Chrome 64bit

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
DSD said:
Wondering why I need to install Adwcleaner when I use SUPERAntiSpyware.
Click to expand...

SAS is actually a laughable comparison to Adwcleaner :)
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom assembled by me :}
OS
Win-7-Pro64bit 7-H-Prem-64bit
CPU
i7-5930K 2nd i9-9940x both water blocked VRM's too
Motherboard
ASUS SABERTOOTH X99 2nd ASUS x299 Apex
Memory
Trident-z 3200C14 2nd Trident-z 3600C16
Graphics Card(s)
EVGA 1080ti ftw3 2nd Titan Xp both water blocked
Sound Card
Built-in Realtek
Monitor(s) Displays
1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24" 144Hz
Screen Resolution
1920 x 1080 144Hz
Hard Drives
2-Samsung M.2 Evo & Evo Plus
2-Samsung 850 EVO 500GB SSD's/ 3-2.5 W.D. Black 1tb-&3-1tb/3-3.5 WD Black 1tb hdd's
PSU
EVGA SuperNOVA 1000-P2 2nd 1200-P2
Case
2-Corsair Obsidian Series 450D Black ATX Mid Tower
Cooling
Custom water loops
Keyboard
Logitech G710+/ 2nd Logitech G910
Mouse
2-RedDragon M901 Perdition 16400 dpi Gaming mouse = wired
Internet Speed
Comcast Ping 19ms 89.31mbps download speed 6.12mbps upload
Antivirus
Malwarebytes Pro/ Superantispyware Pro
Browser
FireFox & Pale moon
Other Info
2nd ASUS X299 Apex/Intel i9-9940x with Custom water loop/7H-Prem-x64/Corsair 450D case/Ram Trident-z 3600C16 4x8gb / Samsung970Evo plus 500gb SSD/Dual ssd EZ swap evo/PSU EVGA SuperNova 1200w-P2 80+Platinum/GPU Titan Xp /8-ML-140 on push-pull on 2-280GTX rads
SAS has it's merits ... ;)
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
I like and use AdwCleaner and Super Anti Spyware but one does not replace the other. They do different things is different ways.

Of course this is my uneducated opinion.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Home made Desktop
OS
Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
CPU
Intel i7-6800K @ 4.3
Motherboard
ASUS X-99 Deluxe II
Memory
Corsair Platinum 16 gig @2400
Graphics Card(s)
EVGA GTX 1070 OC
Monitor(s) Displays
Asus 27" LED LCD/VE278Q
Screen Resolution
1920-1080 or 1280-720 HDMI
Hard Drives
INTEL SSD 730-240 Gb Sata 3.0/
PSU
EVGA Platium 1200W
Case
Phanteks Luxe Tempered Glass 8 fans/ one radiator
Cooling
XSPC/ Water Cooled CPU
Keyboard
Das 4 Professional
Mouse
Logitech M705/MX Anywhere 2-S
Internet Speed
100 mbits
Antivirus
Microsoft Security Essentials/ Malwarebytes Premium 3.0/ SAS
Browser
I.E. 11 default/Firefox/ ISP Time Warner Cable/Spectrum
Other Info
LG BluRay Burner/
Sound system-KLipsch-THX/
Icy Dock ssd Hot Swap bays.
You must log in or register to reply here.

Similar threads

F
Creating a 'macro' ( or .exe file? ) in Windows 7 Ultimate
Replies
4
Views
32K
file3456
F
jraju
the email from a particular website is being received in gmail Bin tab
Replies
2
Views
1K
samuria
samuria
I
Installing Win 7 Pro SP1 on a UEFI Class 3 Gen 10 Laptop
Replies
1
Views
7K
ian50
I
G
Infected Temp Files - keeps getting detected
Replies
5
Views
7K
wither 2
W
M
Strange IP belonging to DoD Network Info Center found in 'arp -a' cmd
Replies
2
Views
3K
matrixshaman
M
Back
Top