Author Topic: recycle bin is hijacked.  (Read 6405 times)

0 Members and 1 Guest are viewing this topic.

Offline garegin

  • Jr. Member
  • **
  • Join Date: Nov 2014
  • Posts: 85
  • Karma: 1
    • View Profile
recycle bin is hijacked.
« on: July 08, 2015, 10:27:22 am »
Ok, so when I try to erase the trash can I get.
"This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed, create an association in the Default Program control panel."

The right click context menu for the recycle bin is also altered.

It says

Open
empty
Create Shortcut
Rename
Properties.

Notice that the empty is in lowercase, this is sign that it was modified by the malware.

Offline Julian

  • "Professional Googler"
  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jun 2015
  • Posts: 1325
  • Location: USA, New Mexico
  • Karma: 38
    • View Profile
Re: recycle bin is hijacked.
« Reply #1 on: July 08, 2015, 03:20:55 pm »
okay so try this enable in folder options show hidden files then go to hide protected operating system files and uncheck that. then apply now go to the root of your drive. usually is c:/delete the folder named $recycle.bin click to highlight that folder and prest shift +del let me know

what happens now with context menu is it hides in several places...

HKCR \*\shellex\contextmenuhandlers (Files)
HKCR\AllFileSystemObjects\shellex\ contextmenuhandlers (Files and file folders)
HKCR\Folder\shellex\contextmenuhandlers ( Folders )
HKCR\Directory\shellex\contextmenuhandlers (File Folders)
HKCR\<ProgID>\shellex\contextmenuhandlers (File class)
HKCR\Directory\Background\shellex\ContextMenuHandlers (Desktop)

I have to investigate a lil bit on these keys and find settings for the recycle bin. I'll post back with more information.
Julian