Recycler Virus Is A Virus That Exploits The Autorun Feature Of Windows

Please note that the following advice if taken will absolve me from any responsibility. I am only reporting what I did to get rid of the virus installed on my hard drive. 1. You should be able to see your root drive root drive which is c: or d: etc. 2. Ensure that you are able to see hidden files by going to Tool>Folder Option>view and checking off hidden files. 3. System Volume Information and Recycler should be visible in your root drive (c: d: or whatever drive you use) 4. Right Click on Recycler folder and go to Properties. 5. Go to the tab labeled Security, If your user name is not there then add your username that you use for XP . Give yourself all security rights as well as the SYSTEM user. Then press okay. If you cannot see the security tab and you are using XP professional then go to Tool>Folder Option>View uncheck box "Use simple File sharing" then select Apply. 6. Right Click on System volume information folder and go to Properties. Repeat step 5. 7. Go to the garbage icon on the desktop and right click. Choose properties then check the box " Do not move files to the recycle bin. Remove files immediately when deleted." Press Apply. 8. Go back to the root drive and delete Recycler folder. 9. Go to the System Information folder and delete the last folder. These folders are where Xp has taken a snapshot of your system in order to restore it. The virus is hiding here in the event that you restore it is also restored. 10. You should now open the registry editor and remove the virus from here so that when you restart the virus is not recreated. 11. Open the registry editor. Start >Run> then type regedit in the box and select OK The registry will now open. 12. Hit Ctrl+F Type Recycler in the search box . Delete the entry when found. press F3 to find the next occurrance of Recycler and delete. 13. Close regedit. 14. Go to all installed harddrives and so steps 2- steps 6, steps 8 and steps 9. 15. Run your virus software. You should be able to update any virus software that was previously unupdatable. 16. Reboot your computer 17. Verify that that the reycler folder is deleted from you root drive. 18. Then you can uncheck the box in the garbage that you checked in step 7. To keep all you deleted files in case you need to restore a file that was accidentally

deleted. My findings: This virus is recreated using the methods of the garbage bin. Everytime you delete a file it recreates itself because it looks in the garbage and restores or copies the virus information inside. If the virus is not able to be stored inside and is immediately removed when you check the box in step 7. Then it cannot recreate itself and all of its power is lost. So erasing it from the registry and drive ensures that it cannot return. Recycler virus is a virus that exploits the autorun feature of Windows. It copies the autorun.inf files on each drive of the computer, be it permanent or a removable media such as DVDs, CD ROMs, USB Devices, or Memory Sticks. The recycler virus originated from the W32.Lecna.H worm that spreads itself by copying itself to all the active drives. The virus creates a hidden folder in each active drive. Each time you insert a removable media, it will execute itself. It uses a batch file to modify the system registry and executes itself each time the system starts up. You cannot remove the virus even after formatting your removable media. The anti-virus software may detect it but cannot remove it. The recycler virus is very destructive. Once it infects your computer, it will connect itself to malicious websites and download the malicious code to your computer. The malicious code will then steal your personal information such as credit card information, social security, account numbers, usernames, and passwords stored on your computer. Conduct a Recycler Virus Removal You can remove the recycler virus both manually and by using any recycler virus removal tool. To remove the virus manually, you need to: 1. Search for the process called CTFMON.EXE and kill it through Task Manager. 2. Search CTFMON.EXE file in the Startup menu and delete it. 3. Boot the system in safe mode and open the command prompt. 4. Disable hidden, system, and read only attributes for autorun.inf and recycled folder delete them. 5. Clean the recycle bin. 6. Repeat these steps for all the drives on your computer. 7. Open registry editor and modify the NoDriveTypeAutoRun entry with 03ffffff value after searching it in following registry folders: HKEY_LOCAL_MACHINESOFTWARE HKEY_CURRENT_USERSOFTWARE 8. Reboot and scan your system with latest antivirus software. The manual removal of the infection is not recommended because it requires an expertise to edit windows registry. In case you remove/modify a wrong registry entry, you may cause severe damage to your system. Therefore, it is always better to remove Recycler Virus with a specialized removal tool.

How to Remove Recycler Virus

Recycler.exe virus will attack your drives, both hard disk and removable. The origin name of recycler virus is W32.Lecna.H, a worm that spreads by copying itself to all of your currently active drives. After infecting your computer, it will download potentially malicious code if you connected to the internet. Some anti virus just passed recycler, so you must delete it manually. Here is the method: 1. 2. 3. 4.

Open Windows Task Manager by pressing Ctrl + Alt + Del. Select Processes tab. Search and find CTFMON.EXE. Select it and click End Task. Run Search tool. Search CTFMON.EXE file and delete it. Commonly it is located in Startup menu. 5. Open Run tool. Type cmd. The Command application will open. 6. Type cd\. 7. Type attrib –r –s –h +a *.inf. 8. Type del autorun.inf. 9. Type attrib –r –s –h +a recycled. 10. Type cd recycled. 11. Type del *.* and confirm the deletion. 12. Type cd\. 13. Type rmdir recycled. 14. Now the recycler virus is removed from your system drive. What you need to do next is repeating step 6-13 and apply it to other drives. 15. Upgrade your anti virus definition and re-scan your computer. November 6, 2008 · Filed Under Virus Removal

i wasn’t looking for a virus but i found 1… 1> Get yourself a LiveCD of any Linux OS… if u use Torrents it’s easy to get.. it’s about 700 mbs at max… 2> Next step is to burn it to a CD 3> Restart n boot using the LiveCD.. 4> Plugin your pendrive and open it in the explorer…. 5> you’ll be able to see every file that’s ****ing with your system… 6> Delete them all… (i suggest formatting it) 7> Restart the system and your drive is as good as new..