Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden recycle bin folders in other partitions after virus attack. Help?


  • Please log in to reply
5 replies to this topic

#1 JDDannita

JDDannita

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 03 November 2013 - 03:28 PM

A virus got into my computer via infected usb around two weeks ago. I don't remember the name of the virus cause a lot happened in those two weeks and I haven't even turned the comp on all this time. At the time I did manage to get rid of the virus after installing avast and using the scan-before-the-os-starts option. Now I'm using the pc again I'm noticing some kind of ghost recycle bin folders in my other D and E partitions that weren't there before.

 

The problem is this: whenever i erase a document or a folder it gets sent to the recycle bin as usual, but a duplicate of the erased data appears in the hidden recycle bin folders in D and E. This means, for example that if the document or file deleted where of 1 gb, this triplicates and now I have 3 gb  less of available disk space, one from each partition. If I empty the recycle bin in C the data gets erased also from the other ghost folders. I would like those folders gone, please. Of course I can't erase them even going into safe mode, and also I can't erase the contents inside except by emptying the recycle bin in C. Is there a way to get rid of those folders without a complete reinstall of xp?


Edited by hamluis, 07 November 2013 - 06:30 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:11 AM

Posted 04 November 2013 - 09:39 AM

Hello JDDannita, welcome to Bleeping Computer.

 

Please download Malwarebytes Anti-Malware.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  When the installation has finished, make sure you leave both of these checked:
 
    Update Malwarebytes' Anti-Malware
 
    Launch Malwarebytes' Anti-Malware
 
Then click on Finish.
 
3)  MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. 
 
4)  Click on perform Quick Scan, then click on the Scan button.
 
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
 
5)  The scan will now begin, this may take some time to complete so please be patient.
 
6)  When the scan is finished click on Show Results to display all objects found.
 
7)  Click OK to close the message box and continue with the removal process.
 
8)  Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
 
Make sure that every item shown in the results has a check mark in the box next to it, then click on Remove Selected.
 
9)  When removal is completed, a log will open in Notepad.
 
This log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of the log in your next post, then exit MBAM.
 
Important:  If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
 
Please copy the Malwarebytes log and paste it in your next post.
 
To locate this file right click on the Start orb and choose Open Windows Explorer, then click on C: drive.
 
When the C: drive opens click on the following:  ProgramData, Malwarebytes, Malwarebytes' Anti-Malware, Logs.  
 
If there is more than one log, choose the log with the date that you ran scan that I requested.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 JDDannita

JDDannita
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 06 November 2013 - 07:24 PM

Um, hello. Thanks for your previous reply. I'm very, very sorry for my delayed unswer but I forgot to mention I don't have internet access at home and so couldn't just download the program as I was told. Still, a million thanks for answering. Hopefully you'll still be able to help me after all this time.

 

What I have done is the following:

1. I had to clean up a usb drive. At the time I remember most of the ones I had had gotten infected, and after cleaning it up the autorun got corrupted. So I had to go trough all the content and make a backup of my files and then reformat my drives. Those were several gigas of information and that took a while. (Sorry!!)

 

2. I downloaded the malware software and the offline updater as well as the offline updater of avast.

 

3. Once more I run avast in "before start up mode" and then the malware program. Avast had nothing to report but the malware program had a couple things that I'll show below, but nothing serious apparently.

 

There's one detail I forgot to think about and that is that me being a Spanish speaker living in a Spanish speaking country the log came off in Spanish. The important bits  (the names of the infected registries) were in English anyway but I'm translating everything to avoid trouble. 

 

 

This is the Malwarebyte log I got:

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version:  v2013.08.26.03
 
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrador :: EQUIPO [administrador] 
 
06/11/2013 17:19:07
mbam-log-2013-11-06 (17-19-07).txt
 
Scan type: Quick Scan
Activated scan options: Memory | Start Up | Registry | System Archive Data | Heuristic/Extra | Heuristic/Shuriken | PUP | PUM
Not activated scan options: P2P
Objects scanned:  250072
Time elapsed: 5 minuto(s), 9 segundo(s)
 
 
Memory Processes Infected: 0
(No malicious items detected)
 
Memory Modules Infected: 0
(No malicious items detected)
 
Registry Keys Infected: 0
(No malicious items detected)
 
Registry Values Infected: 0
(No malicious items detected)
 
Registry Data Items Infected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
 
 
Folders Infected: 0
(No malicious items detected)
 
Files Infected: 0
(No malicious items detected)
 
 
end)

 

 

4. The software didn't prompt for a reboot but after doing it anyway the ghost recycle bin folders were still there with all their troubles. 

 

So, that is it. Please forgive once more for replying after so long.


Edited by JDDannita, 06 November 2013 - 08:10 PM.


#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:11 AM

Posted 07 November 2013 - 01:21 PM

 

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET Online Scan in a new window.
    ESET OnlineScan

  • Click the esetonlinebtn.png button.

  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.

       

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.

       

  • Check "YES, I accept the Terms of Use."

  • Click the Start button.

  • Accept any security warnings from your browser.

  • Under scan settings, check "Scan Archives"and "Remove found threats"

  • Click Advanced settings and select the following:

     

    • Scan potentially unwanted applications

    • Scan for potentially unsafe applications

    • Enable Anti-Stealth technology

       

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  • When the scan completes, click List Threats

  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

  • Click the Back button.

  • Click the Finish button.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 JDDannita

JDDannita
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 07 November 2013 - 09:03 PM

Thanks for the will to help, but as I said before I have no internet access at home. Have no way to connect the problem computer to internet in fact. As the ESET online scanner is obviously not something that can be used offline there's no option for me. Will try with a nod32 trial version though. Thanks anyway.



#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:11 AM

Posted 08 November 2013 - 09:55 AM

I just noticed that this topic has been moved to the Am I Infected forum.  This is where it should be.


Edited by dc3, 08 November 2013 - 10:02 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users