Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RECYCLER Folder UnHidden after using ComboFix


  • Please log in to reply
3 replies to this topic

#1 Black_Internetz

Black_Internetz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 PM

Posted 28 February 2011 - 06:29 AM

Hi, first of all sorry for my english and if this does not comes here forgive me.

The thing is i was infected with the BootKit Whistler/Black Internet and then i posted about this problem in an Experts forum, the expert told me to use MalawareBytes and ComboFix to remove the infection, after using ComboFix an Internet Explorer icon appeared in my Deskopt (at this point i didnīt notice the RECYCLER folders unhidden, only the Internet Explorer icon) and i told him about this icon, he didnīt answer my question and directly told me to use a program called "FixMbr" and befoure using it untick all the "hidden" options in folder view and boot in safe mode, after using it the problem with the Whister Bootkit was fixed and i checked again the unhide options, the expert told me to unistall ComboFix and after that i noticed the folders unhidden even with the options already checked. the RECYCLER folder from C: is hidden but the ones from G: and H: are unhidden, and in the properties of the folders the atribute "Hidden" is uncheked, i think this can be hixed easy as checking again this option but i want to know if the folders are unhidden cause ComboFix or what happened.
Im sure the folders was hidden before using ComboFix, but what i donīt know if the folders are now unhidden of ComboFix or the FixMBR or another reason.

And is safe to delete these fodlers?

I have a backup of the log and the quarentine folder created by ComboFix if neccesary.

Thank You.

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,259 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:57 PM

Posted 28 February 2011 - 08:07 AM

Worth reading, IMO, http://techsalsa.com/what-is-recycler-folder-and-how-to-remove-it/ .

There is no reason at all...for a user to want to hide system files or folders. In fact, there are good reasons for unchecking that hidden files option, since it allows a user to see all files on the system. But, if you want to do such, restore the check mark in the folder options.

Since these files are system files (part of Windows), you should not attempt to ever delete any of them.

Louis

I suspect that all system files are made visible by ComboFix...because it is the only way to correctly identify what files might be missing, damaged, or infected. This is logical, IMO :).

Edited by hamluis, 28 February 2011 - 08:12 AM.


#3 Black_Internetz

Black_Internetz
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 PM

Posted 28 February 2011 - 08:51 AM

Thank you for the answer.

Thank you for that link it was very helpfull to let me understand that folders.

Yeah normally i have all the files and folders visible with the right options selected in my main pc, as you say the are good reasons to do so, is just that right now im in a secondary temp pc and when i saw these hidden folders unhidden even with the "Show all hidden files and folders" and "hide operation system files" correctly configurated to hide all it scared me a bit thinking that maybe ComboFix or another thing desconfigured the system.

But the thing is not about the options on "Tools -> Folder Options -> View tab", the thing is that even with those options checked to not show anything the RECYCLER folders (except the one in drive C:) are not hidden, and i think is because in the properties of that folders the attribute "Hidden" is unchecked and maybe ComboFix unchecked it.

My english is not good so maybe im not explaning this very well so these are images of what im triyng to say.

RECYCLER FOLDER of C: (appear as hidden "look at the transparency" and the HIDDE attribute is selected and not selectable"
http://img822.imageshack.us/img822/2051/hidden1.jpg

RECYCLER FOLDER of G: and H: (appear as not hidden "not transparency" and the HIDDE attribute is not selected)
http://img707.imageshack.us/img707/8126/hidden2.jpg

(The image is from G: but its the same on H:)

That´s why i think is not right and i dont know if i need to check that attribute to solve the "problem" because i checked it and yes the folders goes back to a hidden status "transparency and all that" but the option doesn´t turn grey "not selectable" like the folder of C:.
http://img708.imageshack.us/img708/8199/hidden3i.jpg

Edited by Black_Internetz, 28 February 2011 - 10:31 AM.


#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,259 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:57 PM

Posted 28 February 2011 - 10:39 AM

Anytime there is a problem with Windows not functioning as user has chosen...I suggest running the chkdsk /r command.

Start/Run...type chkdsk /r and hit Enter. Type Y in new screen and hit Enter. Reboot. The command should execute and then boot into XP on completion.

It's possible that system files are damaged and therefore unable to function properly...in that case either a repair install of XP or running the sfc /scannow command is what I suggest.

How To Use Sfc.exe To Repair System Files - http://www.bleepingcomputer.com/forums/topic43051.html

How to Perform a Windows XP Repair Install - http://www.michaelstevenstech.com/XPrepairinstall.htm

I am not at all familiar with ComboFix and how it works...I know that it's a malware tool and users are urged to only use it under the supervision of BC MRT personnel when advised to do so by MRT personnel. This is an O/S forum and we try field O/S questions that are within our knowledge level and experiences.

ComboFix usage, Questions, Help - Look here - http://www.bleepingcomputer.com/forums/topic273628.html

Louis

Edited by hamluis, 28 February 2011 - 10:39 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users