Infected PC, $recycle.bin and $recyclebin
Solved
yac85
-
yac85 -
yac85 -
Hello,
Following the use of a USB key, my PC has been infected. Two shortcuts to nowhere have appeared on the desktop, in the D partition, and on each of my external drives... At first, every time I deleted these shortcuts, they came back; I couldn’t get rid of them. Then, two days ago, I tried to delete them at the same time as folders $RECYCLE.BIN and $RECYCLEBIN that also appear on all disks. The shortcuts disappeared, but the $RECYCLE.BIN and $RECYCLEBIN folders always reappear, and I now have another problem: upon starting Windows, two error messages display and tell me:
1/unable to find the script file D:\$RECYCLEBIN\Vlc.rar
2/unable to find the script file D:\$RECYCLEBIN\Adobe.rar
I really don’t know what to do. I would be very grateful if you could help me. I followed your advice regarding a similar problem, and here are the links to the three reports:
FRST: http://pjjoint.malekal.com/files.php?id=20150708_f11y8o11u10y5
Shortcut: http://pjjoint.malekal.com/files.php?id=20150708_i9u1015p8c12
Addition: http://pjjoint.malekal.com/files.php?id=20150708_v15x7b10o9k11
Thank you in advance,
Yac.
Configuration: Windows 7 / Firefox 39.0
Following the use of a USB key, my PC has been infected. Two shortcuts to nowhere have appeared on the desktop, in the D partition, and on each of my external drives... At first, every time I deleted these shortcuts, they came back; I couldn’t get rid of them. Then, two days ago, I tried to delete them at the same time as folders $RECYCLE.BIN and $RECYCLEBIN that also appear on all disks. The shortcuts disappeared, but the $RECYCLE.BIN and $RECYCLEBIN folders always reappear, and I now have another problem: upon starting Windows, two error messages display and tell me:
1/unable to find the script file D:\$RECYCLEBIN\Vlc.rar
2/unable to find the script file D:\$RECYCLEBIN\Adobe.rar
I really don’t know what to do. I would be very grateful if you could help me. I followed your advice regarding a similar problem, and here are the links to the three reports:
FRST: http://pjjoint.malekal.com/files.php?id=20150708_f11y8o11u10y5
Shortcut: http://pjjoint.malekal.com/files.php?id=20150708_i9u1015p8c12
Addition: http://pjjoint.malekal.com/files.php?id=20150708_v15x7b10o9k11
Thank you in advance,
Yac.
Configuration: Windows 7 / Firefox 39.0
6 réponses
hello, run usbfix and post the report, thanks
--
Personally, I may not know much, but if the little I know
can help, I'm happy to share it with you!!
- Download UsbFix (created by El Desaparecido C_XX) to your Desktop: http://services.service-webmaster.fr/cpt-clics/clics-30453-6505.html If your antivirus displays an alert, ignore it and temporarily disable the antivirus.
- Connect all your external data sources to your PC (USB key, external hard drive, etc...) without opening them
- Double click on the UsbFix shortcut on your Desktop, the installation will proceed automatically.
- Click on "Cleaning".
- Let the tool work.
- At the end of the scan, a report will be displayed: post it in your next response on the forum (it is also saved at the root of the hard drive).
--
Personally, I may not know much, but if the little I know
can help, I'm happy to share it with you!!
Hello,
Thank you very much for your reply. Here is the link to the UsbFix report after the cleanup (but I didn't have enough space to plug in all my infected USB drives, should I redo the operation for these other drives and post the new report?) :
Direct link: http://www.usbfix.net/rapport/?id=report/7.989/7d4e82a0e77b51f423cc0e9d0c1304ab3931fab4.txt&nomfichier=7d4e82a0e77b51f423cc0e9d0c1304ab3931fab4
Thank you very much for your reply. Here is the link to the UsbFix report after the cleanup (but I didn't have enough space to plug in all my infected USB drives, should I redo the operation for these other drives and post the new report?) :
Direct link: http://www.usbfix.net/rapport/?id=report/7.989/7d4e82a0e77b51f423cc0e9d0c1304ab3931fab4.txt&nomfichier=7d4e82a0e77b51f423cc0e9d0c1304ab3931fab4
Hello, yes redo the cleanup with usbfix by connecting the other drives, there's no need to post the report!!
--
Personally, I may not know much, but if what little I know can help, then I'm happy to share it with you!!
--
Personally, I may not know much, but if what little I know can help, then I'm happy to share it with you!!
Hello,
At startup, the error messages no longer appear, thank you very much. However, I don't know if it's normal, there is the $RECYCLE.BIN folder that still appears on some disks and now there is also Autorun.inf that appears on all disks.
At work, I also have another old computer with Windows XP, where I used these same infected USB drives, should I just follow the same steps?
Thank you very much.
At startup, the error messages no longer appear, thank you very much. However, I don't know if it's normal, there is the $RECYCLE.BIN folder that still appears on some disks and now there is also Autorun.inf that appears on all disks.
At work, I also have another old computer with Windows XP, where I used these same infected USB drives, should I just follow the same steps?
Thank you very much.
Hello, for the work PC yes you can also run it
$RECYCLE.BIN is the normal recycle bin, so it's normal to see it but it's not normal that you see it, it's usually a hidden file, check to reset it to default
for Autorun.inf it's the USBfix vaccination, it should also be hidden!!
Open Explorer (to do this, open a folder or Computer, for example).
Go to the "Organize" menu and choose "Folder and Search Options":
Choose the "View" tab.
Click on default settings then apply and OK
--
Personally, I may not know much, but if what I do know
can help, then I'm happy to share it with you!!
$RECYCLE.BIN is the normal recycle bin, so it's normal to see it but it's not normal that you see it, it's usually a hidden file, check to reset it to default
for Autorun.inf it's the USBfix vaccination, it should also be hidden!!
Open Explorer (to do this, open a folder or Computer, for example).
Go to the "Organize" menu and choose "Folder and Search Options":
Choose the "View" tab.
Click on default settings then apply and OK
--
Personally, I may not know much, but if what I do know
can help, then I'm happy to share it with you!!
User: My Documents (Administrator) # MYDOCUMENTS-PC
Updated on 07/11/2015 by El Desaparecido - SosVirus
Launched at 03:57:55 | 07/12/2015
Website: [url=http://www.usbfix.net/]http://www.usbfix.net/[/url]
Changelog: [url=http://www.usbfix.net/maj/]http://www.usbfix.net/maj/[/url]
Support: [url=http://www.sosvirus.net/forum-virus-securite.html]http://www.sosvirus.net/forum-virus-securite.html[/url]
Live Detection: [url=http://comment-supprimer.fr/]http://comment-supprimer.fr/[/url]
Contact: [url=http://www.usbfix.net/contact/]http://www.usbfix.net/contact/[/url]
[b]################## | System information |[/b]
MB: Gigabyte Technology Co., Ltd. (H61M-DS2 4.0)
CPU: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
RAM -> [Total: 4060 MB | Free: 2233 MB]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft(TM) Windows 7 Ultimate (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer: 8.00.7600.16385
WB: Google Chrome: 43.0.2357.132
WB: Safari: 534.57.2
WB: Opera: 30.0.1835.88
[b]################## | Security Information |[/b]
AV: Kaspersky Internet Security [Active | Up-to-date]
AS: Kaspersky Internet Security [Active | Up-to-date]
AS: Windows Defender [[b](!) Disabled[/b] | Up-to-date]
FW: Kaspersky Internet Security [Active]
FW: Windows Firewall [Active]
SC: Security Center [Active]
WU: Windows Update [Active]
[b]################## | Disk Information |[/b]
C:\ (%SystemDrive%) -> Fixed disk # 244 GB (17 GB free - 7%) [] # NTFS
D:\ -> Fixed disk # 222 GB (16 GB free - 7%) [] # NTFS
F:\ -> Fixed disk # 98 GB (20 GB free - 21%) [] # NTFS
G:\ -> Fixed disk # 200 GB (55 GB free - 28%) [] # NTFS
[b]################## | Generic Search |[/b]
Deleted! D:\Folder.lnk
Deleted! D:\New Folder.lnk
Deleted! F:\Folder.lnk
Deleted! F:\New Folder.lnk
Deleted! G:\Folder.lnk
Deleted! G:\New Folder.lnk
Deleted! C:\$RECYCLEBIN\06