Continuing cleanup - can't delete a file in c:\RECYCLER

After successfully removing a lot of malware there are several items that seem to return after rebooting the system.

A full system scan by Norton Antivirus detects a number of adware threats, security risks and spyware threats. The files it identifies with these are listed as being contents of a RECYCLER file [S-....1003]. I have tried to delete the file in Windows Explorer in Normal and Safe Mode and get the message "can't delete; in use by another program". The file system is NTFS.

Is there a way to remove this?

Thank you for your help.

crmurr

 

Hi crmurr,

If you know which user-account it is, it would be easiest to empty the Recycle Bin in that account.

Regards,

Pieter

 

When I empty the Recycle Bin I still find the file listed in the c:\Recycler folder.

crmurr

 

Like I said, you will have to find the correct user account.
Or remove the file from the Recovery Console if you have a Windows CD.

Do you also have Nortons Protected Files in use?

Regards,

Pieter

 

Yes, Norton Protected Files is in use.

These are the accounts and status
Owner available
Guest turned off
ASP.NET Machine A... not accessible

I turned on and logged on to Guest and had same result trying to delete the problem file. The problem file was only visible in c:\RECYCLER.

crmurr

 

You could try this:

First disable the Norton protected Recycle bin. Do that using the Norton Utilities Options, then rightclick your Recycle Bin, and make sure the "Norton protected recycle bin" features are now disabled.


Now open a Command Prompt window (Start > Run > Cmd) and leave it open. Close all open programs.

Click Start, Run, enter taskmgr and press OK in order to bring up Task Manager.
Go to the Processes tab and End Process on Explorer.exe.

Leave Task Manager open. Go back to the Command Prompt window , and type: rd /s c:\recycler in order to delete your Recycle Bin.
Answer Yes when prompted to confirm deletion.

NOTE: that command reads "rd (space)/s (space) c:\recycler"

Go back to Task Manager, click File > New Task and enter EXPLORER.EXE to restart the GUI shell. Close Task Manager.

Restart your computer. A new Recycle Bin will automatically be created.

Now this works for the Recycled folder on Fat32 systems, maybe also for you, unless this is indeed another of these baddies from hell !

Good luck,

 

Tony,

Thank you for recommending the Recycle Bin deletion procedure.

I have run the procedure on a WinXP test machine with NTFS filesystem and it works nicely.

On the PC with the c:\Recycler file that seems immune to deletion also cannot be opened to see what is contained in it. I have seen one case in which a person claimed that deleting the Recycle Bin caused all data on the PC to be deleted.

Do you think malicious code in a Recycle Bin file could cause that kind of response in Recycle Bin deletion?

I have a backup of the user data on the problem PC, but cannot afford to lose the system itself. So I wanting to approach this very cautiously.

Thank you for your help.

crmurr

 

No, that's utter nonsense; C:\Recycler is just the Recycle Bin folder; deleting it is incapable of causing any harm to any other folders, files, or data

Did you indeed make sure Norton Protection was removed? For that will prevent you from deleting the bin.

And have you already tried Recovery Console like Pieter suggested?

 

Tony,

Thank you for your further help with this.

Recovery Console produced an 'access denied' error when I tried to delete the file.

When I turned off Norton protected file feature I was able to delete the file from Win Explorer. I erred earlier in disabling auto-protect rather than disabling protection in the Norton recycle bin.

I appreciate your help and Pieter's. This has been a useful learning for me.

crmurr

 

You're welcome; glad we were able to help.