super super hidden directories within $RECYCLE.BIN
Has anyone else ever found some cryptically-named super super hidden
directories/files within $RECYCLE.BIN? I discovered that even empty
Recycling Bins contain deleted files. I was using 7-zip's File Browser
instead of Explorer which doesn't ever show them. (yes, of course I have
it set to show hidden, superhidden, and system files. I also gave myself
full rights of $RECYCLE.BIN using the built-in Administrator account,
just in case.) There's a bunch of deleted files I thought I deleted for
good and some 0-byte files called fileassociations.log in various
$RXXXXXX directories. When I try to delete these, Windows can't find
them. Because I'm OCD, I just had to delete these for real real (I know
they can still be recovered, but I don't want to see them if I'm not
using forensic software. 7-zip is not.) so I took Vista offline, booted
into a Linux CD and deleted from there.... it worked and now there gone
but Vista now says "The Recycling Bin on C:\ is corrupted. Do you want
to empty the Recycling Bin for this drive?" whenever I open the Bin or
start Windows... I don't really care about fixing this (I have plenty of
backup images) but I am curious.
--
r0cket
Re: super super hidden directories within $RECYCLE.BIN
You don't need forensic software to see those files. XYplorer File Manager
will shown them to you just like normal files because that's what they are
(Windows Explorer just hides them from you to get the Recycle Bin idea to
life -- but it's just a construct superimposed onto NTFS). You can also
preview those files in XYplorer without a problem. But I would not recommend
to delete them, because -- as you experienced -- it will corrupt the
Recycler (there's a special file called "INFO2" (in XP, not sure about
Vista) which is expected to be in synch with the items in the Recycler).
http://www.xyplorer.com/
Don
Re: super super hidden directories within $RECYCLE.BIN
Well: You are "almost" right but this problem can be far a way more complicated. If you enabled- Linux is a good way to do this- to see those files, you will find a strange creature; "track"! This file exist even if you reformat the HD- of course not with Windows but with Acronis Disk Director and with 35 pass- and still holds information of the first installation-PC name and so on- and recreate the $Recycle bin on any machine, what did connect to that HD...USB or Ultrabay...doesn't matter. The "upscale" message about the "corruption" is a joke and if you click on "do you want to empty the recycle bin" you give the command for the "system" to do the recreation. So simple! If you have a "real" tool to check out your HD...please go and check out the sector 63-64...
