There is some malware process which is writing the folder $RECYCLE.BIN to every drive in my system. How can I find out which process is doing that. Is there a sysinternals tool? i'm pretty sure of some virus activity
SnapOverflow
There is some malware process which is writing the folder $RECYCLE.BIN to every drive in my system. How can I find out which process is doing that. Is there a sysinternals tool? i'm pretty sure of some virus activity
The
procmonutility will do what you're looking for, but if the virus writer is any good at what they do it won't catch it. If there is a rootkit on that system (very likely) then it is most assuredly hiding the virus processes from the Windows environment.However, it's still worth a shot.
I could be wrong, but "%Recycle.bin" is actually a legitimate Windows folder. It's literally where the "Recycle Bin" goes (each drive has an individual one). If you disable the "Hide Protected Operating System Files (Recommended)" under Tools>Folder Options>View you can see these. So the malicious process your speaking of is a little program called Microsoft Windows 7. :D
Edit:any Windows user should be able to un check that box and see these files Another thing you can do to test though is Right click on the $Recycle.bin folder and go to properties Note its size delete something large(obviously a copy of it would be better you don't want to delete anything important!) Check the properties again, it should be larger(the size of whatever you deleted larger to be exact