Are you saying Zone Alarm detected malware but was unable to remove it?
The Recycle Bin
is a feature which provides a safety net when deleting files or folders in Windows. When you delete a file it immediately appears in the Recycle Bin and remains there until you empty it or restore the file. The Recycler folder
is used only on NTFS partitions and it contains a Recycle Bin for each user that logs on to the computer, sorted by their security identifier (SID). Each drive has a Recycled folder where deleted files are moved to. Double-clicking the Recycle Bin icon displays the folder listing of deleted files available for restoration. For more information, please refer to:
The actual location of the Recycle Bin varies depending on the operating system and file system used. On NTFS
file systems (Windows 2000, XP, NT), RECYCLER
is the name of the Recycle Bin Folder which can be found in each partition
on your hard drive. On Windows Vista and Windows 7 it is called the RECYCLE.BIN
. On older FAT
file systems, the folder is named RECYCLED
The RECYCLED or RECYCLER folder contains a hidden master database file
which stores information related to the deleted file that will be used when Windows tries to restore it. That information includes:
- The file's original full path name.
- The file's size.
- The date and time when the file was moved into the recycle bin.
- The file's unique ID number within the Recycle Bin.
When deleting a file, Windows will rename it to DC1. As more file are deleted, the number of the file will be increased by one (i.e. DC2). The number is an indexing number for the file which will read by INFO2. When the recycle bin is emptied, the INFO2 file will also be deleted and Windows will create a nwe INFO2 file which will reset the number counter into 0. This process works differently in Vista/Windows 7 where the operating system creates a separate record file for each file that is deleted. For more specific details as to how this works in Vista, please refer to:
The RECYCLER folder contains a Recycle Bin directory for each registered user
on the computer, sorted by their security identifier (SID)
. Inside this folder you will find an image of the recycle bin with a name that includes a long number with dashes (S-1-5-21-1417001333-920026266-725345543-1003) used to identify the user that deleted the files.
- S - The string is a SID.
- 1 - The revision level.
- 5 - The identifier authority value.
- 21-1417001333-920026266-725345543 - Domain or local computer identifier.
- 1003 A Relative ID (RID). This number, starting from 1000, increments by 1 for each user that's added by the Administrator. 1003 means the 3rd user profile that was created.
For more specific informaton about SIDS, please refer to:
Once the Recycle bins are empty, the legitimate directories should be empty as well. However, even after emptying the Recycler bin, the RECYCLER folder will still contain a "Recycle Bin" for each user
that logs on to the computer, sorted by their security SID. If you delete the C:\RECYCLER folder, Windows will automatically recreate it on next reboot.
If you have never seen the RECYCLER folders on your hard drive and partitions before, you should not be alarmed. The Recycler folder is hidden by default
unless you reconfigured Windows to show hidden files and folders by unchecking "Hide protected operating system files
" in Tools > Folder Options > View.
Keep in mind that although the RECYCLER folder contains legitimate files, it is also a known hiding place for some types of malware
since that folder is hidden by default
. However, if your computer is infected with malware, there most likely will be other obvious indications (signs of infection
) that something is wrong. Are you having any other issues?