Spyware, Viruses, & Security forum

General discussion

file with virus in recycle bin

by inactivity / February 23, 2009 12:10 PM PST

I'm running windows vista with norton antivirus. Norton ran a scan and found Trojan.Brisv.A in a file in my recycle bin. I followed the steps to remove it (downloaded and ran the removal tool from the symantec website). When the tool finishes its process, it says that the virus was not found. However, when the antivirus scan runs again it finds the virus again!

I'm wondering if that has something to do with it in the recycle bin. Would it be okay to empty the bin? I'm not really sure what to do since the removal tool doesn't seem to catch and remove it.

Any suggestions are appreciated.
susan

Post a reply
Discussion is locked
You are posting a reply to: file with virus in recycle bin
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: file with virus in recycle bin
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Susan, you can to empty
by Donna Buenaventura / February 23, 2009 12:22 PM PST
Collapse -
Symantec Removal Tool for Trojan.Brisv.A!inf
by Michael_York / February 24, 2009 5:26 AM PST

Hi inactivity,

This is Mike from the Norton Authorized Support Team.

In your original post you mention that you are infected with a Trojan and ran a removal tool from Symantec. Can you please let me know the exact name of the infection found and also which tool you used?

If you were infected with the Exact infection named "Trojan.Brisv.A!inf, then please try the steps outlined in the link below.

Symantec removal instructions for Trojan.Brisv.A!inf

If there was a variant of the above named infection that was found, please let me know the exact name.

Also, what Norton product and version are you using?

Thank you,
Mike

Michael York
Norton Authorized Support Team
Symantec Corporation

Collapse -
now the virus is gone?
by inactivity / February 24, 2009 11:56 PM PST

I ran a quick scan this morning to find the virus again so I could get the name and it didn't find it. I hadn't done anything since I posted here, so I'm not sure what happened. I'll try it again later today to see if it changes.

Is there a place I can look for the virus it found previously. I tried looking in the history, but all it had was that there was a virus, but it didn't name it. I just purchased norton this weekend when my trial subscription ran out, so i'm not sure which version. I was so flabbergasted that the virus was gone that I forgot to check lol.

Collapse -
Recycler Virus, autorun and runauto~1 viruses
by dbrendo / February 25, 2009 11:13 AM PST

hi canyou guys help with this stupid virus. I just found that a folder named recycler keeps appearing and the system files get uninstalled.. with new keys addaed to the registry.. plus it uses xcopy to replace system files, writes to the restore, creates .txt and desktop.ini files everywhere.. slows the system by 50 to 75%. I cant find the source.. formated the pen drive but it still is infected.. tested with new pc and infected the new pc.. showed all hidden files and attributes to -r -s -h -a and well didnt see any files on the formated pen drive.. uses autorun i think...and generates .txt, .ini,.db,.nls,.dll,and all sorts of stuff. Most anti virus programs cannot detect it and remove it..

This virus disables registry, CMD,you delete recycle bin and it bounces right back to yr face. the source keeps writing it back and keeps uninstalling system files.. creates a dllcache folder and turns all system files to blue.. very nice.. i think i formated my pc 20 times already. im thinking of heating it up in the oven... drives me cracy.. but i keep going.. formating wont remove it..partioning wont..but it will if u power off, or do a cold boot,

I can send you a copy for analysis.. I've caught them and zipped the bloody hounds and they in my flash drive..

Thanks!

Dee

Collapse -
Try a common stopgap measure.
by R. Proffitt Forum moderator / February 25, 2009 11:20 AM PST
Collapse -
reycler and autorun virus
by dbrendo / February 25, 2009 12:34 PM PST

thankyou for the link to downloads autorun eater, I already have it installed in one of my 5 pc's and it does a great job of catching this little beggers.. however if i may ask, if theres a removal tool for the recycler virus.. I want to remove and restore the system like what anti virus programs do. Autorun eater does a good job of stopping the scripts b4 they cross to the puter.. but what about a pc which is already infected by recycler, or w32.sonard or new folder.exe.. any help im already exhausted and my brain cells gone and i can feel the skull ver clearly.. lost please show directions..

dee..

Collapse -
REcycler Virus, Autorun etc...
by dbrendo / February 26, 2009 2:38 PM PST

Hellow i need to talk to Mick York from symantec or another symantec personnel who specialises in Malware and Trojans or whatever, So mike could you cantack me I need your help to develop a removal tool for this recycler virus.. I think i now now where its comming from and why most ant virus giants cannot remove it. I have found the actual nesting place where it sources itself from.

Mike you need to reply my e-mail is dbrendo@gmail.com My knowledge on computers is limited but i do know my way around a bit. I need to talk to a qualified personnel. Anyone know any programmers who can help me? Please contact me.

You format you pc it dosent go away I think i kow why but i need a qualified personell to talk with. please assist..

Dereck

Collapse -
Symantec Escalations
by Michael_York / March 2, 2009 2:44 AM PST

Hi Dereck,

I would like to escalate your case to our escalations team. I have sent you an email with instructions, and as soon as I receive the requested information, I will forward it on the escalations team and someone will contact you.

Thank you,
Mike

Michael York
Norton Authorized Support Team
Symantec Corporation
http://service.symantec.com/priority

Collapse -
Removal Tool ineffective on Trojan.Brisv.A!inf
by ccthatgirl / March 12, 2009 12:22 AM PDT

I inadvertently downloaded the virus onto my computer and as Norton Internet Security did it's Quick Scans it did not detect it for a week until I did a Full System Scan. At that point the virus/worm was detected and under the Action label was the message "Get Help" and stated it had to be manually resolved by using the Removal Tool for which I was taken to the Symantic website and ran the tool.

Unfortunately, after running the tool I receive a message stating the virus was not detected when clearly it still existed in my music folder. So I deleted the file myself and it was in the recycle bin. I emptied the recycle bin and the file appears to be gone.

However when I run Norton Internet Security 2009 with definitions updated 14 minutes ago, the virus is found with Affected Areas reported as '1 File & 1 Browser Cache' and the Details of where the virus is found is 'C:\recycle.bin\s-1-5-21-4221182752-1523537148-2203155865-1000\$rupnmod.mp3.

System Specs: Windows Vista Home Premium SP1, IE7, HP Pavilion dv4

Can I get rid of this thing with Norton or will I need to visit the GeekSquad?

Collapse -
recycler virus in bin
by dbrendo / March 12, 2009 1:04 PM PDT

ccatthatgirl..

download norton 360v3 and nod32 anti virus you should be able to remove the virus.. Then run malware bytes. This how i removed mine. had the same problem but also had help from norton personnel.

dbrendo

Collapse -
No, installing 2 antivirus is not recommended
by Donna Buenaventura / March 13, 2009 3:13 AM PDT
In reply to: recycler virus in bin

Use Malwarebytes Anti-malware or another anti-malware instead.

Collapse -
file or virus file in recycle bin
by dbrendo / March 16, 2009 10:31 AM PDT

donna...

i am sorry i recommended two anti virus application for the removal of a virus in the recycle.bin, but i think its necessary in this case, however maybe we can run it one at a time, it may couse conflict but then its necessary to remove it and stick to one anti virus software. Malware bytes cannot remove this particular virus only n360v3 and avg can detect some parts of it..

dbrendo

Collapse -
Trojan.Brisv.A Removal
by Michael_York / March 13, 2009 8:13 AM PDT

Hi ccthatgirl,

If the removal tool did not remove all of the infected files, please follow the instructions in the document below to manually remove the infected files.

Manually remove Trojan Brisv A!inf

This particular infection usually comes from the use of file sharing and peer to peer applications like LimeWire, etc. Please read the following document for more information.

Information about Trojan.Brisv.A

Thanks,
Mike

Michael York
Norton Authorized Support Team
Symantec Corporation
http://service.symantec.com/priority

Collapse -
File emptied from recycle bin
by ccthatgirl / March 14, 2009 2:34 AM PDT
In reply to: Trojan.Brisv.A Removal

Unfortunately, the manual removal will not work for me because there is a step that requires me to locate the file and delete it. This file is being found by Norton but it has already been emptied from the Recycle Bin. When I copy the file location into windows explorer the properties box opens and gives me to option to "Restore" the deleted file but when I select it, it still does not reappear in the Recycle Bin.

Collapse -
Please scan in Safe Mode and then remove the infected files
by Michael_York / March 16, 2009 7:59 AM PDT

Hi ccthatgirl,

The manual removal instructions will allow you to delete the infected files, as long as you run the scan in Windows Safe Mode. First, manually run LiveUpdate to ensure you have the latest updates applied, then restart your computer into Windows Safe Mode, launch Norton, and then run a "Full System Scan." When Norton notifies you of the infected files, select each one individually and choose to remove them.

Please try this method and let me know if you still are unable to remove the infected files.

Thank you,
Mike

Michael York
Norton Authorized Support Team
Symantec Corporation
http://service.symantec.com/priority

Collapse -
message to Michael York
by shaboo07 / March 16, 2009 5:49 AM PDT
In reply to: Trojan.Brisv.A Removal

I noticed you were helping someone out with the recycler virus. I have the same thing. Exactly what he is mentioning. Would you beable to help me as well Sad where ever you directed him could you direct me there as well..i would greatly appreciate it

Collapse -
There's another way to remove files from Recycler folder
by darkdestiny7 / March 16, 2009 12:24 PM PDT

Just a note before I begin: the Recycler folder is a system-protected folder that contains all (or at least most) of your file that have been emptied from the Recycle Bin.

There's also been indications that infected files deleted by any anti-virus programs end up there (that is why the original starter of this thread could not remove it). I have experienced it before with my BitDefender AV 2009, which have detected one particular file in that folder over & over again in real-time & on-demand scans.

Anyways, to remove files from this Recycler folder:

First go to Start > Run... (for Windows XP & earlier), then type in "cmd.exe". Then type in the following code:"rd /s /q c:\recycler".

Note that if this can also work if you have files deleted from any removable storage like thumb drives & portable hard drives, you can also empty the Recycler folders in them. Just change the drive name in the code above

E.g.

If drive is E:\, type in "rd /s /q e:\recycler"

Yes, I have test run this method, & it works in removing files I have deleted over the past year.

Hope this helps!

Collapse -
file in the recycle bin
by dbrendo / March 16, 2009 12:52 PM PDT

mike thanks for yr help.. i just want to add on so you can come up with something better.. when the virus hits you it suddenly changes yr system attributes to unhide and we have to hide them again. after you've hide all yr system files the file recycler and system volume information is still visible to an extent. It uses linkers pointing to its own process that it created. So its a bit hard to kill when all these processes are complete almost it does a recycle.. please look into this issue.. I have to try yr advice Thanks once again.

dbrendo

Collapse -
Is a virus's deleted dll still a threat from Recycle Bin?
by jkcooper / October 11, 2009 5:16 AM PDT

I'm working on removing a virus from an older Dell PC, running XP. It was infected with a new version of the Total Security Anti-Virus Trojan
I booted it up in Safe Mode, ran the scan, and deleted the files it found (a couple of registry entries, an exe, and a dll). After running the virus scan again, the virus detection that was there has disappeared, but a new one popped up in the location:
C:\RECYCLER\S-1-5-21-3334764220-1305196271-4071926818-500\Dc138.dll
It shows up as the same kind of Trojan that the first virus was.

Is this the same dll (from the virus) that I deleted? If so, is it still a threat? If so, how do I get rid of it once and for all?

Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

Smartphone tip

Hoarding photos on your phone?

Those picture are hogging memory and could be slowing down your phone.