Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
2 replies to this topic

#1 peterlomo


  • Members
  • 48 posts
  • Local time:01:10 PM

Posted 28 May 2014 - 02:19 AM



I have recently restored my computer to factory default on 18 May  using the recovery partition because I suspect that I was infected previously.. I have transferred some of the old files back with a Hard Disk on 21 May.


Today, when I browse my files system with Google Chrome, I discovered that the following directory is modified on 21 May




Under this directory, there are two folders 





Upon checking, the web suggests that I got infected. What should I do?

Edited by peterlomo, 28 May 2014 - 02:23 AM.

BC AdBot (Login to Remove)


#2 RevGAM


  • Members
  • 723 posts
  • Gender:Male
  • Location:Milwaukee, Wisconsin, USA
  • Local time:07:10 AM

Posted 28 May 2014 - 02:31 AM

I beg your pardon, but where did you check (what website - provide a link if possible)?  What was identified as infected? Have you tried emptying the recycle bin to see if that helps?  The recycle bin is supposed to be in that location, and subfolders should look like that....

Namaste, Peace & Love,

If I have frustrated you, then I must be a student. If I've imparted information or a skill to you, then I must be a teacher. If I've helped you, then I must be a volunteer. If I've touched your life, then I must be happy!
If you had to choose between saving just your family, or saving 10,000 GOOD people (but not your family), what would you choose?

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,953 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:10 AM

Posted 28 May 2014 - 06:55 AM

The Recycle Bin is a feature which provides a safety net when deleting files or folders in Windows. When you delete a file it immediately appears in the Recycle Bin and remains there until you empty it or restore the file. The Recycler folder is used only on NTFS partitions and it contains a Recycle Bin for each user that logs on to the computer, sorted by their security identifier (SID). Each drive has a Recycled folder where deleted files are moved to. Double-clicking the Recycle Bin icon displays the folder listing of deleted files available for restoration. For more information, please refer to:The actual location of the Recycle Bin varies depending on the operating system and file system used. On NTFS file systems (Windows 2000, XP, NT), RECYCLER is the name of the Recycle Bin Folder which can be found in each partition on your hard drive. On Windows Vista and Windows 7 it is called the RECYCLE.BIN. On older FAT file systems, the folder is named RECYCLED.The RECYCLED or RECYCLER folder contains a hidden master database file called INFO2 which stores information related to the deleted file that will be used when Windows tries to restore it. That information includes:
  • The file's original full path name.
  • The file's size.
  • The date and time when the file was moved into the recycle bin.
  • The file's unique ID number within the Recycle Bin.
When deleting a file, Windows will rename it to DC1. As more file are deleted, the number of the file will be increased by one (i.e. DC2). The number is an indexing number for the file which will read by INFO2. When the recycle bin is emptied, the INFO2 file will also be deleted and Windows will create a nwe INFO2 file which will reset the number counter into 0. This process works differently in Vista/Windows 7 where the operating system creates a separate record file for each file that is deleted. For more specific details as to how this works in Vista, please refer to:The RECYCLER folder contains a Recycle Bin directory for each registered user on the computer, sorted by their security identifier (SID). Inside this folder you will find an image of the recycle bin with a name that includes a long number with dashes (S-1-5-21-1417001333-920026266-725345543-1003) used to identify the user that deleted the files.
  • S - The string is a SID.
  • 1 - The revision level.
  • 5 - The identifier authority value.
  • 21-1417001333-920026266-725345543 - Domain or local computer identifier.
  • 1003 A Relative ID (RID). This number, starting from 1000, increments by 1 for each user that's added by the Administrator. 1003 means the 3rd user profile that was created.
For more specific informaton about SIDS, please refer to:Once the Recycle bins are empty, the legitimate directories should be empty as well. However, even after emptying the Recycler bin, the RECYCLER folder will still contain a "Recycle Bin" for each user that logs on to the computer, sorted by their security SID. If you delete the C:\RECYCLER folder, Windows will automatically recreate it on next reboot.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users