Recycler virus in XP Sp2.

Have you tried running something like Nortons or MacAfee?

Hello,

Have you tried running something like Nortons or MacAfee?

Or Avast (it's free, fast ........................................) ;)

Well, I actually mean to say that as Stang02GT said try running (good) AntiVirus on your PC and see if that helps.

Can you post the exact name of malicious file (that regenerates itself after deletion)?


Hope this helps.........
ambrNewlearner

Have you tried running something like Nortons or MacAfee?

yes iam running symantec client security corporate edition antivirus ahich i have most updated but it dosent works.
the exact name of folder which regenerates itself even after its deletion in each drive is " Recycler ". and now my PC is also infected by autorun.exe. What is the solution for both please tell me.

Hello,

now my PC is also infected by autorun.exe

Where (OR In which folder) is autorun.exe located?

Hmm... Well, this page at TrendMicro mentions about autorun.exe.

Now first of all goto [My computer] ---> [Tools] ---> [Folder options] ---> [View] and then mark the radio button and check box as in image below:

Now goto root of all your HD drives/partitions (i.e. C:\ , D:\ , E:\ etc.) and delete any file named autorun.inf. Then download Sysinternals Autoruns and run the program to see a list of all autorun files on your PC. Goto "Logon" tab in autoruns utility and see for files with name:

%Windows%\msmbw.exe
%System\serbw.exe
%System\formatsys.exe

NOTE-%Windows% is the Windows folder, which is usually C:\Windows.

Also remove any other entries from autoruns that may seem malicious to you (e.g. autorun.exe).

Then open TaskManager and goto "Processes" tab. Close all running instances of any of malicious files (e.g. autorun.exe).

And then remove/delete all the malicious files mentioned in this link.

Reboot your PC.

Then install some good AntiVirus (I dont consider Symantec products to be good........but this may be just my personal opinion). Stang02GT and I myself have posted names of some good antiviruses in previous replies.

NOTE__Well, I'm not sure whether this will help or not. Post about the location of autorun.exe and then I would be able to help with some certainity.

__________________________________________________ ________________

the exact name of folder which regenerates itself even after its deletion in each drive is " Recycler ".

Now first of all goto [My computer] ---> [Tools] ---> [Folder options] ---> [View] and then mark the radio button and check box as in image above in this reply.
Then check whether the the name of folder is "Recycler" or "Recycled". And post back the exact name.

BTW, Microsoft's documentation says that Recycler folder may exist on one's PC. And it is no malicious folder. And so I think that recycler is no threat to your system (as far as I interpret Microsoft's docs). It is just the same folder where your files are located before they are completely wiped/deleted out from Recycle Bin (i.e. recycler is recycle bin itself). But the problem may be that in the past you (or your anti virus) deleted some virus and it is still in your recycle bin (i.e. recycler folder). And so your AntiVirus may display recycler as a virus. Try booting in safe mode (Search google for "SAFE MODE") and then deleting th contents of recycler folder of all drives. That may solve your problem.

And yes, recycler regenerates itself (after it's deleted) after some files are deleted to be moved to recycle bin.

This link may also clarify your questions........

HOPE THIS HELPS......
AmbrNewlearner

i have now found that aesetup2.2.exe is the software which eats\deletes the
autorun.inf virus from system's all drives. First end the process autorun.exe from task manager and then run aesetup2.2.exe. it will completely remove the virus autorun.inf. then delete autorun files from root of all drives manualy. autorun files are normally hidden, so unhide them and delete.

Replying to: Recycler virus in XP Sp2.
Message:

hi friends.
i have the same problem.
i can't remove this virus(recycler)
i can run antivirus on my pc.i can't setup new antivirus.
can any body help me to remov this viros without format.

I have the same problem. I am not sure if it is a virus, trojan or what. I do know it copies itself to any drive that is connected to the computer.
Example: I put in a USB stick and it installs itself there. I put the usb stick in another computer with AVG and upon installation of the usb stick it tried (and failed) to install itself on that computer. AVG blocked the process, deleted the files and the USB stick was fine althought it still had the folders on it, which I was able to delete..

Unfortunately, it was still on the original computer and infecting any drive that was connected to it, including my camera SD card. I already had the files and folders unhidden (standard procedure as a tech) on my computer so I think that is why I can see them.(you may not be able to see them as they are hidden and this virus keeps them that way even if you unhide files and folders)

I have my hard drive partitioned into 2 parts, 1 for the OS, program files, etc and the 2nd part for music files. I moved the music files to the first partition and formated it. Reformating the drive certainly cleaned out the drive (and the virus) but it was immediately reinfected and AVG seemed not notice it. I ran a full scan of all drive and AVG missed it. Upon opening the newly reformated drive, I saw 2 folders: RECYCLER & System Volume Information.

I also noticed the same files on the original C drive and could not delete them from there either. I did not see the process in window task manager.

and for those of you who think it isn't a virus...read this. (nm the stupid trash talk)

http://www.nvnews.net/vbulletin/arch...p/t-36723.html

and you can find info on it at:

http://www.symantec.com/security_res...082116-1050-99

Spybot search and destroy did not detect them either

Please do not confuse this virus "RECYCLER.EXE" with the recycle bin. It is specifically named that to confuse the average user and lead them to believe it is a part of the windows operating system files.

end of part 1.

Part 2
After deleting the 2nd partition, I did a full scan with AVG anti-virus but did not detect the RECYCLER trojan
(its a trojan as noted here:)

http://www.symantec.com/security_res...626-99&tabid=1

I disabled system restore and uninstalled AVG free and restarted my laptop.
I then installed AVAST free and checked the option to run a scan upon restart.

Upon restart AVAST free asked me to do a scan and I picked yes. It took about 30 minutes but it caught the bugger and I picked the option "delete trojan from windows folder" and computer started up fine.
I then tested it by repartitioning the drive so that I once again had a 2nd partition for my music. no RECYCLER folder poped up. I inserted my memory key (cleaned and reformated on another computer) and the trojan wasn't installed their either.

so...AVG is good at detecting the trojan from memory keys/USB sticks but once infected unable to detect it.

Avast detected it upon an intitial scan but since I have never used this anti-virus program I have yet to see how it fairs.

Unfortunaly, it seems the folders are still in the c: drive and I can't delete them but at least they are not infecting any new drives...

my search continues...end part 2

@syedadil
hi peeps,had this same problem,everytime i tried to open my C or D drives it would spit up the following message:
cant find recycler\s-0-0-66-100011238-100001940-9002.com

and not access those drives, i'v read through what everyone else tried and have done the same,iran AVG it took 3 hours and found 2 infections which it deleted, I imediately tried the drives but the same message appeared, then i hit the start button and searched for all files and folders on my computer called AUTORUN, anything that was created within a week of this problem starting I deleted, I thinkmine came from a dodgy torrent?? however when I rebooted and tried my C & D drives they opened without a problem, I must also add that prior to doing AVG and the autorun deletions there I did delete folders called autorun within these drives, I accessed C & D through going therough START..then choosing RUN and browsing each drive for all files, highlighting the autorun and deleting them,so not really sure which element has resolved my problem or if it was a combination of them, but thought id share what I experienced and hope it helps, thanks also for sharing what you guys have without it Id be stumped!

could anyone help me with my problem about the recycler virus that is present in ourt computers that makes the networking fails...(no access to its server) the sharing of the my documents are removed and sharing it again makes it impossible...i can't install any anti virus because of that virus..it keeps on hiding all the folders and showing only the duplicated folders with an extension of .exe and the original folder is hidden...please help me....i got many infected computers here and i don't know what to do

Hi everyone, i know its a bit late after the first posting but this may help.
to delete it from the drive that is infected, the easiest i found was to do it through command prompt.

Start-->
Run-->
Type "cmd" and Enter-->
Type the letter of the infected ex. "c:" and Enter-->
then to see if its there type "dir /a" and Enter. This will show even hidden files-->
then to delete the Recycler directory, type "rd /s Recycler" and Enter-->
If prompted type "y" for yes

This should remove it from the infected drive.
Hope it works

for dealing with malware that copies itself to everything it comes in contact with, use media that cannot be written to for transfer of files. i.e. flip the switch on an SD card to "Locked". My favorite is to just burn something to a cd or dvd.

For deletion of a file that is being used by the system, try running an instance of linux off of a Live CD. You can then mount the hard drive and use a few simple bash commands to remove each file without the system even having a chance to boot into windows. My dad (a hardcore windows guy) has an installation of ubuntu for diagnostic purposes only just in case of something like this.

Google "Ubuntu download" for any ISO, then burn it to a CD. Linux doesn't run EXE files so autorun.exe won't be started, even if it normally starts automatically.