Hi Chris ,
I did a Google search on recycler and found the following .
Recycler is a virus which spreads through our Pen drive.
I am pasting the info , below:
The virus drops the following files into the flash drive (thumb drive or usb
drive)
List of 3 items
. autorun.inf
. RECYCLER\desktop.ini
. UcHelp.exe
list end
The easiest way to remove the virus is to format the USB drive. However if
the computer has contacted the virus, then you may have to use the procedure
outlined below to remove it. If not, it will start spreading to other USB
drive that is plug into the infected computer.
To remove the trojan, you need to download PSKILL utility, see below.
pskill -t explorer.exe
attrib -s -h c: \ windows \ system32 \ AceExt32.dll
attrib -s -h "c: \ windows \ Downloaded Program Files \ Ext32.dat"
attrib -s -h "c: \ windows \ Downloaded Program Files \ Ext32.dll"
attrib -s -h "c: \ windows \ Downloaded Program Files \ CxUSBKey.exe"
attrib -s -h "c: \ windows \ Downloaded Program Files \ ZipExt32.dll"
del "c: \ windows \ system32 \ AceExt32.dll"
del "c: \ windows \ Downloaded Program Files \ Ext32.dat"
del "c: \ windows \ Downloaded Program Files \ Ext32.dll"
del "c: \ windows \ Downloaded Program Files \ CxUSBKey.exe"
del "c: \ windows \ Downloaded Program Files \ ZipExt32.dll"
start explorer.exe
reg delete HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \
CurrentVersion \ ShellServiceObjectDelayLoad / v ZipExt32 / f
reg delete HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \
CurrentVersion \ ShellServiceObjectDelayLoad / v AceExt32 / f
reg delete HKEY_CLASSES_ROOT \ CLSID \
{35CEC8A3-2BE6-11D2-8773-92E220524140} / f
reg delete HKEY_CLASSES_ROOT \ CLSID \
{35CEC8A3-2BE6-11D2-8773-92E220524150} / f
---
Remove Uchelp.exe on the flash drive (thumb drive):
List of 2 items
. Attrib -s -h \RECYCLER\Uchelp.exe
. Del Uchelp.exe
list end
---
PsTools Version in this package: 2.43. PsKill works on NT 4 and higher
including Windows Vista.
Download PsTools
The PsTools kit's PSKILL utility can terminate processes on the local
computer and processes on remote systems. Running PsKill with a process ID
directs
it to kill the process of that ID on the local computer. If you specify a
process name PsKill will kill all processes that have that name.
Now my system is infected ., but I could not understand the removal
procedure .
If any one can make out from the info , , please, guide me.
Thanks in advance.
In a day, when you don't come across any problems, -you can be sure that
you are travelling in the wrong path -. .
SWAMI - VIVEKANANDHA .
----- Original Message -----
From: "Chris Hallsworth" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Tuesday, August 07, 2007 1:58 AM
Subject: Re: [Blind-Computing] Recycler
> The recycler folder is not a virus; instead, it's a folder that Windows
> generates to allow files to go to the recycle bin. So, in other words, the
> recycler folder is the recycle bin. I can't believe that Symantec detected
> it as a virus, because, and I tell you this now, it is in no way a virus,
> so
> a false positive must be assumed here for those using Symantec. I use AVG
> Free and I've never had reports that recycler is a virus. However, and I
> should point this out, infected files could go to the recycle bin, so this
> is why Symantec picked it up but not AVG, I don't know. Hope that helps.
> ----- Original Message -----
> From: <[EMAIL PROTECTED]>
> To: <[email protected]>
> Sent: Monday, August 06, 2007 5:09 PM
> Subject: [Blind-Computing] Recycler
>
>
>> Hello friends!,
>> Today I copied few files to my pen drive a folder named recycler was
>> automatically created.
>> Is it a Virus?,
>> If so please help me to get rid of that .
>> Thanks in advance.
>> In a day, when you don't come across any problems, -you can be sure that
>> you are travelling in the
>> wrong path -. .
>> SWAMI - VIVEKANANDHA .
>> In a day, when you don't come across any problems, -you can be sure that
>> you are travelling in the wrong path -. .
>> SWAMI - VIVEKANANDHA .
>> Visit the Blind Computing List home page at:
>> http://www.blind-computing.com
>> Address for the list archives:
>> http://www.mail-archive.com/[email protected]/
>> To post to this group, send email to
>> [email protected]
>> To unsubscribe from this group, send an email to
>> [EMAIL PROTECTED]
>> For help from Mailman with your account Put the word help in the subject
>> or body of a blank message to:
>> [EMAIL PROTECTED]
>> Use the following form in order to contact the management team
>> http://www.blind-computing.com/contact.php
>> If you wish to join the JAWS Users List send a blank email to the
>> following address:
>> [EMAIL PROTECTED]
>
>
> Visit the Blind Computing List home page at:
> http://www.blind-computing.com
> Address for the list archives:
> http://www.mail-archive.com/[email protected]/
> To post to this group, send email to
> [email protected]
> To unsubscribe from this group, send an email to
> [EMAIL PROTECTED]
> For help from Mailman with your account Put the word help in the subject
> or body of a blank message to:
> [EMAIL PROTECTED]
> Use the following form in order to contact the management team
> http://www.blind-computing.com/contact.php
> If you wish to join the JAWS Users List send a blank email to the
> following address:
> [EMAIL PROTECTED]
Visit the Blind Computing List home page at:
http://www.blind-computing.com
Address for the list archives:
http://www.mail-archive.com/[email protected]/
To post to this group, send email to
[email protected]
To unsubscribe from this group, send an email to
[EMAIL PROTECTED]
For help from Mailman with your account Put the word help in the subject or
body of a blank message to:
[EMAIL PROTECTED]
Use the following form in order to contact the management team
http://www.blind-computing.com/contact.php
If you wish to join the JAWS Users List send a blank email to the following
address:
[EMAIL PROTECTED]
