Unsolved
This post is more than 5 years old
2 Intern
•
133 Posts
0
16868
December 13th, 2003 22:00
C:\recycle folder: cannot find or delete and contains adware
When I scan with NAV 2004 it detects files DC1.exe to DC6.exe in a folder named C:\recycler\ This folder has an alphnumeric name that is too long to type [S-1-5-21-269993982....]. These are identified as associated with Keen val and Help Express. These files date back to 11/21/03, and refernces to them are otherwise not apparent on the computer.
I tried deleting all my restore points [Win xp SP1] to no avail. If I unmask hidden files, the folder does not appear. I tried searching for it with the SEARCH feature and it is not found. If go to a command prompt I can switch to that directory however, so it is there.
Interestingly when I do a Drive Image 7 back up and look at it, the folder is easily found. It contains a subfolder NPROTECT and three other subfolders with alphanumeric names that include desktop ini and the folder that contains the DC.exe files is clearly visible.
How can I delete this bad folder and its contents?
If I have to go to a command prompt I do not remember what to type to locate and delelet a specific sunfolder.
Does anyone know if this is a normal windows folder [presumably relating to recyle bin- but totally empyting the recycle bin [Norton] does not eliminate these folders.]?
Thanks
I tried deleting all my restore points [Win xp SP1] to no avail. If I unmask hidden files, the folder does not appear. I tried searching for it with the SEARCH feature and it is not found. If go to a command prompt I can switch to that directory however, so it is there.
Interestingly when I do a Drive Image 7 back up and look at it, the folder is easily found. It contains a subfolder NPROTECT and three other subfolders with alphanumeric names that include desktop ini and the folder that contains the DC.exe files is clearly visible.
How can I delete this bad folder and its contents?
If I have to go to a command prompt I do not remember what to type to locate and delelet a specific sunfolder.
Does anyone know if this is a normal windows folder [presumably relating to recyle bin- but totally empyting the recycle bin [Norton] does not eliminate these folders.]?
Thanks
No Events found!
jakeleg
360 Posts
0
December 13th, 2003 22:00
BaldEaglePride
30 Posts
0
December 13th, 2003 22:00
Hello greg100 -
The folder C:\Recycler\[S-1-5...] is indeed associated with the Recycle Bin. The [S-1-5...] is the Security Identifier for one of the user accounts created on your machine. There will be at least one [S-...] folder within the C:\Recycler folder for each user account that is created on your machine. Unfortunately, I do not know, when a user account is deleted, if the associated Recycle bin folder for said user account is also deleted.
It is possible that the folder with the bad files is associated with another user account (perhaps the original local administrator account?), which is why you do not see anything to delete in the Recycle Bin while logged in with your normal user account.
Here is a link to an article on how to manually delete files in the C:\Recycler folder. Unfortunately, it will require you to write down the appropriate SID so that you can change to that directory in order to delete the files.
http://support.microsoft.com/default.aspx?scid=kb;en-us;229041
JRosenfeld
2 Intern
•
4.4K Posts
0
December 13th, 2003 22:00
An interesting footnote; apparently the recycler folder only appears on NTFS partition (WNT, but I expect it's the same for XP);
http://support.microsoft.com/default.aspx?scid=kb;EN-US;171694
JRosenfeld
2 Intern
•
4.4K Posts
0
December 13th, 2003 22:00
If I use Windows Explorer, with show hidden files and folders checked and hide protected operating system files unchecked, in C:\Recycler, I have two subfolders (S-1-5-21-3090935711-3204504469-1825801191-1007 and S-1-5-18). They have the recycle bin icon. Right clicking on those, Explore, shows the contents. In my case they are the same as the recycle bin.
From looking through the registry (HKEY_USERS), I think that the one with the long numeric corresponds to my user account. S-1-15-18 is linked to network service account.
I don't think that system restore would affect recycle bin(s).
Message Edited by JRosenfeld on 12-14-2003 12:32 AM
JRosenfeld
2 Intern
•
4.4K Posts
0
December 14th, 2003 15:00
Yellowhammer
725 Posts
0
December 14th, 2003 15:00
Greg100
2 Intern
•
133 Posts
0
December 15th, 2003 03:00
Thanks everyone for your help. But this gets stranger. I can now view the files using the file setting mentioned by JRosenfeld. The recylder subfolder in question is visible, along with a couple of others, and all appear empty when the recycle bin view is looked at, but the usbfolder of interest contains 1MB of files when I click the properties button. When I go into a command prompt , switch to C:\recycler, and then type dir, it says no files found. Hence I cannot delete the subfolder ot its files that way, although the knowledge base article229041 "Files are not deleted from the Recycler Folder".suggests this should work.
I have not tried ot delete the subfodler from Windows Explorer. Does anyone think that just dleeteing either c:\recycler from command prompt [not sure how do do that [go to c:\recycler and enter del *.* ?] or from the Windows exploer would be safe? maybe I should try his in Safe Mode?
Greg
JRosenfeld
2 Intern
•
4.4K Posts
0
December 15th, 2003 15:00
Greg100,
Another thought.
I don't have NAV 2004, but maybe this is the same as in NAV 2003: click reports, quarantined items, see if anything is in quarantine or backup, delete anything you find there.
Greg100
2 Intern
•
133 Posts
0
December 20th, 2003 15:00
I discovered that if I remove protection from the Norton Recyle bin as per the instructions on their website, and then boot into safe mode all the files in question then became visible, and could be easily deleted from the recycle bin. Now the files are gone. This was easier then deleting the folders at the command prompt which I could not deo.
Thanks for all the help on this topic.