$RECYCLE.BIN and System Volume Information

Question

$RECYCLE.BIN and System Volume Information

Anonymous

I connected my phone to my laptop and copied some files to the laptop.After copying i did a custom scan using windows defender and thats when i saw $Recycle.Bin and System Volume Information folders created in every partition.After navigating to the drive i found that they were hidden but they always show up in windows defender while custom scanning.I did scan my laptop with Microsoft's Malicious Software removal tool but it didn't find anything.Do i need to format my laptop?Is my laptop infected with a malware?

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

Anonymous

Thank you guys for the information.

Another question:

Is windows defender alone capable of handling malwares like the $Recycle.Bin?

http://answers.microsoft.com/en-us/windows/forum/windows_8-security/is-recyclebin-folder-a-virus/3cb18958-bf75-42f6-a6c3-824e880df242

Im not quite sure you have understood above posts by Rob and Dinesh.. Generally malware can be detected by defender in windows 8 and some malware uses $Recycle.Bin as a part of malware hiding component or so.

$Recycle.Bin itself is not a virus... and if you want, any folder and its content can be made shown as a recycle bin using a desktop.ini file..

Normally within this desktop.ini u can see.

[.ShellClassInfo]

CLSID={645FF040-5081-101B-9F08-00AA002F954E}

LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-8964

check Is $RECYCLE.BIN folder a virus? for more details regarding this desktop.ini

0 comments

3 additional answers

Answer 1

Anonymous

Thank you guys for the information.

Another question:

Is windows defender alone capable of handling malwares like the $Recycle.Bin?

0 comments

Answer 2

$Recycle.Bin and System Volume Information Folder (Hidden) is a system folder create and used by Windows for the purpose of storing deleted files and folders.

If your system have multiple partition in hard disk drive, Windows create and maintain separate $Recycle.Bin folder in each and every partition individually to store deleted files & folders in their respective disk partitions.

See http://geekzsupport.com/recycle-bin-hidden-folder-virus/

**No, $Recycle.Bin is not a virus but it may misuse by virus program.**By default, $Recycle.Bin folder and subfolders, files were hidden, you can able to see and access contents through uncheck Hide Protected Operating System Files under View > Folder Options in Windows Explorer.

So your case, malware alive in this folder we've to manually remove it.

D09r

Answer 3

Completely normal as the following thread indicates. Since these are normally hidden many people are confused when they see them and so think they are related to malware which is virtually never true.

http://answers.microsoft.com/en-us/windows/forum/windows_7-files/all-hard-drives-show-recyclebin-system-volume/1e457dd0-a34f-479d-9b77-c07071194ae3

Though copies of files containing malware can exist in the System Volume information folder which are created to contain the backups accessed by System Restore, during normal system operation these files can't be accessed and so are only an issue if those backups containing malware happen to be restored. This situation is rare, but like the existence of these folders this is confusing to some, so they think the very fact that the folder exist somehow indicates malware which is entirely untrue.

Unless your antimalware (Defender) is specifically indicating that malware exists in these folders they are completely normal and safe. Even if malware exists in them, it isn't the folders that are the problem, it's simply the files containing the malware which require special steps to remove since the folders aren't intended to be browsed or deleted.

Rob

Share via

$RECYCLE.BIN and System Volume Information

3 additional answers