$RECYCLE.BIN folder?

sharpnova · May 4, 2015

Yesterday I got a nasty malware infection.

I followed all the instructions and thought everything was clean and back to normal.

But then I noticed something.

Some of my drives have a folder called $RECYCLE.BIN in them.

The folder is empty.

Toggling whether hidden files/folders are shown and toggline whether protected operating system files are hidden has no effect.

The folder is just there. A regular folder.

Is my windows broken? Or do I have some other infection?

DavidE · May 4, 2015

I have a $RECYCLE.BIN folder on every partition (NTFS).

If I uncheck Hide protected operating system files, i do see these folders listed in Windows (file) Explorer.
If I check Hide protected operating system files, i don't see these folders listed in Windows (file) Explorer.

To me it sounds like you still have some issues.

Callender · May 4, 2015

Try right clicking on your "Recycle Bin" desktop icon and you should see something like this:

Open an Elevated Command Prompt

Type:

RD /S /Q C:\$Recycle.bin

Note

Replace "C:" in the above line with the drive letter shown on your machine and repeat the command for each drive letter.

So for my machine that would mean three commands for three drives.

Press Enter

Then right click desktop and choose "Refresh"

That should delete any legitimate recycle bins and recreate fresh ones but you might need to reboot for it to take effect.

After a reboot - set folder options to uhide protected operating system files and check again for these folders. Note the dates. You should be able to tell from the dates if any are not genuine.

sharpnova · May 4, 2015

Yep this worked.

From what I read, one of the malware removers I used has this residual $RECYCLE.BIN effect.

Callender · May 4, 2015

Okay so if you now only have one newly created recycle bin per drive then it would be best to get help with cleaning up malware remnants in the System Security section.

sharpnova · May 4, 2015

All cleaned up. Thanks

Had to pay to get the cryptolocker removed but at least they did it.

For those wondering, they accepted bitcoins and I paid 3.5 btc for the unlocker.

Callender · May 4, 2015

Possible suggestion - don't know if it will work.

Boot into Safe Mode with Command Prompt. See tutorial here:

http://www.sevenforums.com/tutorials/69585-safe-mode.html

Try Option One then choose "Safe Mode with Command Prompt" in Advanced Boot Options.

If it works and the command prompt window opens type:

cd restore

Press Enter.

type rstrui.exe

Click "Next" and choose an available restore point.

Note: Using this method means that your computer may take some time to boot on the next boot and could take a long time before the restore operation either suceeds or fails. On my machine it has sometimes taken almost one hour!

$RECYCLE.BIN folder?

sharpnova

New member

My Computer

DavidE

____________

My Computer

Callender

New member

My Computer

sharpnova

New member

My Computer

Callender

New member

My Computer

sharpnova

New member

My Computer

Callender

New member

My Computer

Similar threads