How might deleting one file wipe out a whole directory tree?

Topic

New Reply

Someone in my family managed to delete an entire directory tree, the other day, containing most of their documents. Unfortunately, by the time I’d arrived, a restore from an old backup had over-written most of the new files, so Recuva only managed to revive 3 out of 12 or so important docs.

What I don’t understand is how the original deletion might have occurred. Is there some kind of virus out there that could do this?

Sequence of Events

The person involved is not very tech-savvy, but here’s what I was able to understand (running Windows 10):

1. The user saw a file in Windows Explorer that had a Chrome (or other Google-related) icon, sitting in their Documents directory.  (Chrome is their default web browser.)

2. The user double-clicked the file. Or possibly deleted it — let’s assume it was a delete. They did not receive a confirmation prompt of any sort (this has now been rectified — I hope).

3. The user discovered that an entire subdirectory had been deleted along with the file. There was nothing at all in Deleted Items.

There’s a lot that’s unclear about this (eg: I don’t know which directory the “file” was sitting in, relative to the directory tree that disappeared, nor what it was named), but the user was convinced something weird happened.

And keep in mind that the deleted files did NOT find their way to the Recycle Bin.

Possibilities

1. The user simply misremembers what they did.

2. The user accidentally held down Shift when selecting items to delete (hence catching the directory), and when deleting (hence missing the Recycle Bin).

3. Deleting the file somehow triggered a delete of the whole directory tree (similar to how _files directories can disappear when an HTML file is deleted).

4. The user actually double-clicked the file and it somehow ran some kind of viral script that inexplicably chose to delete that one, key directory.

Conclusions?

Unless the user can find a more recent backup, the data is gone. That’s not in question. They’re a lot less upset about it that I would be!

But I’m left wondering, was it user error or something malicious? Could it still be on their system, and evading both MS Defender and a full version of Kaspersky?

Reply | Quote

Replies

There might exist a possibility of a malicious script, however this sort of confusion reads like user error.  Personally (experienced), observed and complaints heard there are those times when fatigue or other factors plus lack of computers knowledge combine for some interesting misjudgements.

Show me what you did do: Attempt to get the user to demonstrate to you what actions they took to get to this failure.

As notifications can be easily ignored, have you checked to see if Kaspersky or Defender quarantined any files?

1 user thanked author for this post.

PStepanas

Reply | Quote

I’ve done this unwittingly.
1 Selected a [sub-]directory, left panel
2 Selected a file, right panel
3 Re-clicked directory, left panel
– What I overlooked was that the file-highlight was no longer blue, but grey
4 Pressed Delete key, since the file still had a highlight (no, I’m not colorblind, just color-perceptive colorblind; I saw what I wanted to see – a highlight)
– Got confirmation dialog, but in rush didn’t note that it was for Directory.
5 Had to recover from Recycle Bin.

Fortunately, Recycle Bin (RIGHT-click on Bin, choose Properties) was set up this way –

1 user thanked author for this post.

PStepanas

Reply | Quote

Yep, that’s pretty much what I figured.

The user wasn’t even able to tell me exactly which keys they pressed, so user error seemed the most likely, and I guess Possibility 2 covers the “no Recycle Bin” thing.

Thanks.

Reply | Quote