Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

A possible locked cloaked file that will not delete from the recycle bin

(New)
(!)

john2004's Avatar
john2004 john2004 is offline
Member with 147 posts.
THREAD STARTER
 
Join Date: May 2004
Experience: Intermediate
13-Dec-2005, 04:31 PM #1
Question A possible locked cloaked file that will not delete from the recycle bin
Hello everyone,

I am not 100% sure that this is spyware related or not, but have a feeling it might be. Some time ago I found a file on my computer that appeared to be a junk file. I forgot the name, but when I sent it to the recycle bin and tried to delete it, I got the following error message...

"Cannot delete ·LOC_: cannot find specified file".

The file would not delete after several attempts, and I just got the error message and the file remained. I just left the file in the recycle bin, and over time the file seemed to have just "disappeared" but the error message remains whenever I empty the recycle bin. The recycle bin appears empty, but if I send a file to the recycle bin, then select "empty recycle bin" I get the error message.

If I go to recycle bin and "select all" then press delete on my keyboard, everything seems to delete and I get no error message. However, if I select "empty recycle bin" from the menu, I always get the error message. If I click on "OK" in the error message window, text files then disappear, but folders remain. I have to select folders and press delete on my keyboard to delete them.

This problem does not "seem" to be interfering with my computer operation, But I want to get to the bottom of it and fix it if possible. I have run A full AVG and AntiVir anti-virus scan, along with the online Bit-defender scan. I also ran Lavasoft adaware, spybot search and destroy, A-Squared, and Trojan-Remover, but they say there are no problems. Webroot Spysweeper (Scanner only) said that "PCwatch" was on my system. However, when I went to a site that showed how to manually remove "Pcwatch", everything the site said to look for was not on my hard drive or in the registry.

I "may" have had the "Lockx.exe" trojan at one time, but I used "AIMFix98" and it seems to be gone now. I don't know if that could be related or not. I had a reference to Lockx.exe in my registry at one time, but I never did find anything via a complete hard drive search. The registry entry could have just been related to a search I did on Lockx.exe.

I tried running windows disk cleanup, and the freeware program "crap cleaner" but they did not help.

It seems there is "something" in the recycle bin that I cannot see and that won't delete. I tried going to the "view folder options" and checked the box to "show all files" even hidden ones, but nothing shows up in the recycle bin.

My AntiVir anti-virus program report said the following ...

AntiVir®/9x PersonalEdition Classic
Build 1114 of 04.11.2005
Mainprogram 6.32.00.51 of 03.11.2005
VDF file 6.32.18.84 (0) of 05.12.2005

C:\RECYCLED\DC36
·LOC__.COM
Access denied! Error during file opening!
Error code: 0x0002
WARNING! Access error/file locked!
·MREAD__.COM
Access denied! Error during file opening!
Error code: 0x0002
WARNING! Access error/file locked!

I tried using the secure erase utility "eraser" and it said the following...

"Information:
Statistics:

Erased area = 0 bytes
Cluster tips = 0 bytes
Data written = 0 bytes
Write time = 0.00 s

Failures:
Failed: C:\RECYCLED\DC36\·LOC__.COM (The system cannot find the file specified.)
Failed: C:\RECYCLED\DC36\·MREAD__.COM (The system cannot find the file specified.)"

I tried using "Killbox" but it just said file "does not appear to exist".

Is there some way I can delete the entire recycle bin, and re-create a new one ? Does this sound like a trojan or spyware problem ?

I would appreciate any help or comments regarding this strange problem.

Thank you.
John
ekim68's Avatar
ekim68   (Mike) ekim68 is online now
Member with 45,312 posts.
 
Join Date: Jul 2003
Location: Eugene, Oregon
14-Dec-2005, 12:25 AM #2
bump
john2004's Avatar
john2004 john2004 is offline
Member with 147 posts.
THREAD STARTER
 
Join Date: May 2004
Experience: Intermediate
15-Dec-2005, 04:37 PM #3
What does the reply "Bump" mean ?

Thank you.
John
ekim68's Avatar
ekim68   (Mike) ekim68 is online now
Member with 45,312 posts.
 
Join Date: Jul 2003
Location: Eugene, Oregon
16-Dec-2005, 01:10 AM #4
bump; Just keeps your inquiry at or near the top of the forum so someone with the where-with-all can take a look at it...
And, you might want to submit a Hijackthis log so that we can look at it.
http://www.spywareinfo.com/~merijn/files/HijackThis.exe
john2004's Avatar
john2004 john2004 is offline
Member with 147 posts.
THREAD STARTER
 
Join Date: May 2004
Experience: Intermediate
17-Dec-2005, 02:43 PM #5
Hi Everyone,

I was able to find a way to eliminate the error message, I am posting the method that fixed the problem, in case it can help anyone else. I would still want to get your thoughts as to whether there is a security or privacy issue, and whether it warrants considering reformating.

I went to this link http://www.geekgirls.com/windows_recycle_bin.htm and I followed the instructions to delete the entire recycle bin contents from the ms-dos prompt. I then re-started my computer, but still had the same problem.

I tried to follow the instructions on the site to delete the entire recycle bin from the Windows ms-dos prompt, but it just said "file not found -recycled".

However, I then restarted the computer in actual MS-DOS mode, and typed "deltree C:recycled" at the command prompt. I let the directory delete and then typed exit. After the computer booted back up on windows, Windows seemed to have created a new recycle bin. I tested the recycle bin and there are no more errors now.

However, I had previously tried to use a program called killbox http://www.majorgeeks.com/Pocket_KillBox_d4709.html to remove the files from the recycle bin before. I found I had a Killbox folder and files at the following locations...

C:\!KillBox\RECYCLED\DC36\·LOC__.COM

C:\!KillBox\RECYCLED\DC36\·MREAD__.COM

I did not want to send the files to the recycle bin, (and get the same problem) so I used the secure wiping utility "eraser" and it would not delete them, it said the following...

Failures:
Failed: C:\!KillBox\RECYCLED\DC36\·LOC__.COM (The system cannot find the file specified.)
Failed: C:\!KillBox\RECYCLED\DC36\·MREAD__.COM (The system cannot find the file specified.)

It is interesting that when searching my entire hard drive for ·LOC__.COM or ·MREAD__.COM , if I do not put that little dot that is right to the left, and in the middle of the "L" and the "M", nothing will be found. However, when I copy and past the name "with the dot" in the search field, then it finds the files.

I restarted in ms-dos and deleted the killbox folder off the C drive. I searched my entire hard drive and the registry for "·LOC" and for "·MREAD", which seemed to be the ms-dos name of the files. There appears to be no trace of the files now, and I searched with all files, including hidden one's showing.

I was able to simulate something similar to this problem. I created a test folder on my desktop and named it "test". Then, I put a text file in the folder and also named it "test". Then I went to "find files and folders" and searched my desktop for "test". It showed the folder first, then underneath the folder it showed the file. I selected both the folder and the file underneath, and deleted both at the same time, with the secure file wiping utility "eraser". Then I got the exact same type of message as given above, it said (The system cannot find the file specified).

I think what happened is that it deleted both the folder and text file together, first, since the folder was listed first in the "find files and folders" search results, then when it went to delete the text file listed by itself underneath the folder, there was nothing there, because it has already been deleted with the folder.

However, In another test, just deleting normally with windows, and sending the files to the recycle bin, there was no such error message. How this type of error message got involved with the recycle bin is beyond me at the moment.

Now the big question is, is this a security problem I should worry about, or was it just some type of fluke ? Above, I explained a scenario that created a similar circumstance, but that does not explain how this happened with the recycle bin.

What concerns me are the strange names of these files, and the fact the I find nothing at all on the Internet about them. Also, the way the files are punctuated is very strange, i.e., a dot in the middle of letters as in "·LOC" and the long underscored line as in "·MREAD__.COM".

Also, the names just sound like spyware, not to mention it seems to be a ".com" address affiliated with some website (but that could also be a DOS or low level program). All I remember about the original files are that they looked suspicious, so I deleted them, and they would not delete properly. Then they seemed to disappear from the recycle bin, but the error message remained whenever I emptied the recycle bin.

I may well have tried to delete the files off the hard drive with the secure file wiping utility "eraser". However, that does not explain how they got to the recycle bin, unless I somehow put some type of leftover traces of the files in the recycle bin, that eraser could not delete. If I did, I can't remember how I got them there :-) If eraser would not delete them, I don't see how I got them to the recycle bin. Possibly, I sent the files to the recycle bin, and then when they would not delete from the recycle bin normally, I tried to use eraser on them, I am not sure. I should have wrote everythng down as I was doing it, for reference.

I run Zone Alarm Firewall, and I run AVG anti-virus. I scan with two anti-virus once a month, i.e., AVG and AntiVir. I also scan once a month with Lavasoft Adaware, Spybot search and destroy and A-squared.

I also installed something called "keylogger killer" from http://www.tooto.com/keyloggerkiller/. However I have no idea how good it really is. It is a very very small file, just a few KB, and so far it has set of no alarms at all.

What is your opinion on all of this, do you think I need to be concerned from a security and privacy standpoint ? Some people have said no, others have said to reformat my hard drive, which I don't want to do unless there really is a privacy concern.

One strange thing that happened today is that when I went to shut down my computer, it seemed to freeze up. I hit "control alt delete" and a window popped up that said "XPCOM" in the upper left hand corner. Then it said "EventReceiver" after the XPCOM:, I never saw that before and I am not sure what it was. Later, after restarting, I also saw a strange file named "!aneas~1" located at C:\!aneas~1, the file is only 10.5 KB created back in 2001, but it just looks kind of strange. I found it when I did a search for "!" on the hard drive, because that killbox folder had an exclamation point in front of it, and I wanted to search the hard drive and make sure it was gone. Aneas looks like a spanish name to me. The file has not been accessed until today.

Is there anything else I should or can do to beef up my security a little bit ? Any programs or system modifications you would recommend ? I have been using the Firefox browser lately, and I have all of the windows critical updates.

As long as there is no security issue, it looks like the problem is solved, but I would still like to get your thoughts. This seems like a very strange occurrence to me. I just don't want anyone getting my credit card number, looking at my personal or business email messages and/or files, or getting snapshots of my screen.

Thanks again for all your help and feedback.

Sincerely,
John
ekim68's Avatar
ekim68   (Mike) ekim68 is online now
Member with 45,312 posts.
 
Join Date: Jul 2003
Location: Eugene, Oregon
17-Dec-2005, 11:37 PM #6
http://forums.techguy.org/security/1...elp-tools.html

This is a good start....And, bravo for chasing down the culprits...
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2