0

I accidentally installed a software but it contains trojan. However, i have KIS 2009 which detected but was unable to remove it.

Also it seems that the RECYCLER folder is created in each disk partition and whenever i delete it, the folder still exists as it is regenerated. Any solution to this????and it's making my computer run sluggish.

I think Kaspersky Internet Security is a good antivirus software but is there any other thing that i could detect it and remove the trojan program???

2
Contributors
8
Replies
9
Views
8 Years
Discussion Span
Last Post by gerbil
0

RECYCLER is your recycle bin... there is a bin for each partition. May I suggest that you go into explorer, tools, folder options, view, and Hide Protected OpSys files?
Next:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you... do not click the Save Logfile button.
When it completes examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Post the Notepad log [it is also saved under Logs tab in MBAM].

0

I understand what you're saying......but this is different from the RECYCLE bin thing. Obviously, my anti-virus software detected while installing the software but remained inactive while scanning the RECYCLER folder.
Here are the details of the folder:

Size: 18.0 KB
Size on Disk: 20.0 KB

But the folder is empty???

Certainly seems to be a malware,
also there seems that MalwareBytes' update failed although i have internet connection. I then found that the update can be directly installed (mbam-rules.exe) and installed it.
I've run throughout the computer but did not find any malware.

Any other options???

0

The recycle bin is a strange place, and emptying it does not always work. Ask Bill Gates. It [they] may show in explorer as having 0 bytes, and in properties as anything up to many MBs... even after you just emptied the bin, or used tools to do it. Unhide Protected opSys files, open Recycle Bin, delete any S-1-.... folders. The RECYCLERs [each one] should come down to about 85 bytes if you check properties.
And if I am on the wrong track still, let me know?

0

The recycle bin is a strange place, and emptying it does not always work. Ask Bill Gates. It [they] may show in explorer as having 0 bytes, and in properties as anything up to many MBs... even after you just emptied the bin, or used tools to do it. Unhide Protected opSys files, open Recycle Bin, delete any S-1-.... folders. The RECYCLERs [each one] should come down to about 85 bytes if you check properties.
And if I am on the wrong track still, let me know?

I got it.........and here it goes:

Actually there must be recycle bin in each of the disk partions named as $RECYCLE.BIN. This RECYCLER thing shows up something is there and I did what you've said(showing OS files) and here is the file name:
S-0-0-75-100020897-100014327-100022846-4120.com
this is what the actual file/malware is. Many of the anti-malware/anti-virus software didn't seem to detect it.
I'm not sure whether this is a malware or not since it is found in all the disk partitions similar to that of recycle bin. Also I haven't found it since the installation of that software.
What else do I have to tell you???You're right at this moment.

0

S-0-0-75-100020897-100014327-100022846-4120.com
.COM??!! Yep, you found a pest, there should be no .com on the end of that S- folder name. :)
Trust me, the Recycle Bin shows as RECYCLER in explorer partitions, one per partition [and if your sys is set to show it, Recycle Bin at the bottom of your folder view tree].
RECYCLERs contain maybe more than one S- folder, and the folder names are just S- numbers, but should NOT contain any VISIBLE files. So open all your RECYCLERs and delete any folders that you can [you cannot delete the one from the current day], but you can empty it. Rid your sys of those S-....com folders. Update and retry MBAM.
Nice work.
When you do a normal deletion the file is left on disk where it was and renamed, its position on disk marked as available; the new coded name plus old name are put into a RECYCLER folder; windows can then find it to restore it. But you cannot see it in that RECYCLER, normal third party software cannot either. eg photoshop, or a music player.... However the RECYCLER is just another folder, albeit a bit special. Nothing to stop you dragging files into it, and you can see those. And it is a place that can be used by malware for just that reason. Cos funnily enough, emptying the bin will not remove files you dragged into it, and looking in the Recycle Bin will not show them. But they can be accessed lilke any other file in another folder. Again, ask Bill Gates.

0

The Recycle Bin is a composite of all RECYCLERs, and shows all the deleted files' names. But only if they are in those S- folders. You will not see any file that you dragged into a RECYCLER, you must look in that RECYCLER. Try it... drag in a text file, and then browse to it and open it with Word, or Open Office....

0

Finally
Here's the solution to my problem:

$RECYCLE.BIN is just recycle bin which is used to keep files when deleted.

RECYCLER is a folder which is much advanced than the recycling concept. It usually contains the details of the files which are permanently deleted so that the user can restore them later using cheap recovery softwares such as FileRecovery, PCRecover etc.
These softwares usually work on the folder Recycler that most users are unaware of.

So, my problem was made this simple:
the file with .COM extension is the actual malware and it was not detected even with MalwareBytes!!!(believe it or not).So, I gotta resolve to Bill Gate's Microsoft (OneCare Safety Scanner) which took almost 5 hours to complete the scan and it found the threats as shown in the attachment.

This .COM file is the trojan named Trojan Win32 Alureon.BK
I've read in the Internet that Alureon.BK is used in stealing passwords, credit card numbers by using DNS number (Internet Connection). So, I have to reconfigure it again since it is been known.
http://onecare.live.com/site/en-us/virusenc/VirusEncInfo.htm?VirusName=Trojan:Win32/Alureon.BK

So, Gerbil I asked Bill Gates and he didn't disappoint me!!!:P

Attachments preview.JPG 71.13 KB
1

Good-oh, glad you are clean. But believe me on the RECYCLER/Recycle Bin thing... they are parts of the whole. You could have deleted those S-...com files manually from RECYCLERs, and run CCleaner to clear the temp files. And it appears that I have told you how to hide files and make em undeletable by normal methods. The end of that secret.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.