RECYCLER - virus or harmless folder?

Discussion in 'Windows, Linux & Others on the Mac' started by svenr, Jan 22, 2010.

  1. svenr macrumors regular

    Joined:
    May 6, 2003
    #1
    I'm not sure what to make of this... Today, I noticed a folder "RECYCLER" (all caps) in my [user]/Documents folder, created Wed, Jan 20, two days ago. Inside is one other folder "S-1-5-21-507921405-1715567821-682003330-500" and in there two files:
    Code:
    desktop.ini (65 bytes)
    INFO2 (20 bytes)
    INFO2 is schown as a Unix Executable File.

    It matches what's shown here:
    http://forum.kaspersky.com/index.php?showtopic=70126
    down to the content of the desktop.ini file. There's also this:
    http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/Hamweq
    And there are a lot of results for a search on "recycler virus".

    I don't want to panic though, it could be something normal from Windows. I occasionaly run Win XP SP2 on VMware Fusion mainly to test websites on IE. Does Windows in VMware get to write stuff in my Mac Documents folder? Is RECYCLER somehow related to the Windows trash bin? A search in Windows itself, even including hidden files and folders, for "recycler" finds nothing though, and the trash there is called "Recycle Bin", not RECYCLER. And why is there an executable in there? Should I be worried?

    Intel MacBook, MacOS X 10.5.5
     
  2. Gav Mack macrumors 68020

    Gav Mack

    Joined:
    Jun 15, 2008
    Location:
    Sagittarius A*
    #2
    recycler and desktop.ini are system related - in folder options, view in control panel check whether the hide protected OS files is unticked. Unless you are removing malware you don't really need to see those files..
     
  3. svenr thread starter macrumors regular

    Joined:
    May 6, 2003
    #3
    OK, thanks. So I take it they are standard Windows files/folders.

    But I guess it wasn't clear from my post above, I had that folder on my Mac OS side, outside of Windows. In the standard OS X [user]/Documents folder.

    How did it get there? What about the cryptic "S-1-5-21-507921405-1715567821-682003330-500" folder? what about the executable in there? All harmless? And why did I not find a RECYCLER folder within the actual Windows? I understand it's hidden, but I had the option to find hidden items turned on.
     
  4. sofiamandarina macrumors newbie

    Joined:
    Mar 5, 2010
    #4
    RECYCLER problem

    Hi there, I just plugged in my bf's usb drive to my computer and looking for some files I fould about 3 folders named RECYCLER , all caps. In the folders theres such things as “S-0-9-58-100002075-100022367-100003613-7815.com”
    I read in internet that this RECYCLER folder is a trojan virus, should I be worried?
     
  5. chrono1081 macrumors 604

    chrono1081

    Joined:
    Jan 26, 2008
    Location:
    Isla Nublar
    #5
    This can get complex.

    If its a folder you can't see in windows even though you have hidden files and folders turned on it could potentially be a virus. In addition to show hidden files and folders, ensure that "show protected system folders" is checked.

    One of the crappy things about windows is viruses are able to hide whether the hidden files are set to show or not. Sadly, even trying to see them in command prompt doesn't work.

    Plugging a drive into a linux/unix/MacOS machine you are usually able to see these files and delete them.

    Now with recycler, there is a harmless version of the file but unfortunately there is also a virus with the same name going around. Sometimes you will see recycler misspelled, other times you will not.

    If its on your mac, no worries just delete it. It can't harm your mac. If anyone tells you otherwise they need to learn more about programming and how OS's work.

    I've dealt with that stupid recycler virus more times then I can count at work. Its a pain since we have all win machines here.
     
  6. pag macrumors newbie

    Joined:
    Dec 24, 2013
    #6
    recycler virus

    thre was a recycler virus in my harddisk when i connected t to my macbook air, i deleted it as said. but $RECYCLE.BIN is still in my trash, i am not able to delete it from the trash.
     

Share This Page