Something here doesn't exactly sinc with me.
Do you have the url where you got this information?
Have you scanned this particular drive for infection?
Have you queried a reputable security site, such as Symantec, or McAfee etc?
Just from reading what you have posted here, this looks like a back-door
approach to getting you to
buy, or download some software.
If this were reputable information, chances are that, there would be no
mis-spellings, and
composition would be much better.
Performing a Google search on something like this yields many results, that
aren't relevant to the
particular situation, even if it sounds that way.
Did this particular drive come with any type of software installed?
I would be suspicious of the autorun.inf file
since I don't know what commands it contains, and I don't know what the
UcHelp.exe file is.
I've seen the recycler folder before, and the desktop.ini file,
but the file was located outside the folder.
I notice in this information, the .ini file is located inside the recycler
folder
If it were me, I would do some more research on this before I downloaded and
installed any software,
or removed any files from the system hard drive.
Until you are sure of exactly what to do, based on information from a reputable
source,
simply unplug the USB drive, and don't use it until you know exactly how to
proceed.
This is interesting, if you have any of the information that I asked about,
could you post it to the
list?
HTH,
Richard Justice
www.blind-computing.com
----- Original Message -----
From: [EMAIL PROTECTED]
To: [email protected]
Sent: Tuesday, August 07, 2007 11:15 AM
Subject: Re: [Blind-Computing] Recycler
Hi Chris ,
I did a Google search on recycler and found the following .
Recycler is a virus which spreads through our Pen drive.
I am pasting the info , below:
The virus drops the following files into the flash drive (thumb drive or usb
drive)
List of 3 items
. autorun.inf
. RECYCLER\desktop.ini
. UcHelp.exe
list end
The easiest way to remove the virus is to format the USB drive. However if
the computer has contacted the virus, then you may have to use the procedure
outlined below to remove it. If not, it will start spreading to other USB
drive that is plug into the infected computer.
To remove the trojan, you need to download PSKILL utility, see below.
pskill -t explorer.exe
attrib -s -h c: \ windows \ system32 \ AceExt32.dll
attrib -s -h "c: \ windows \ Downloaded Program Files \ Ext32.dat"
attrib -s -h "c: \ windows \ Downloaded Program Files \ Ext32.dll"
attrib -s -h "c: \ windows \ Downloaded Program Files \ CxUSBKey.exe"
attrib -s -h "c: \ windows \ Downloaded Program Files \ ZipExt32.dll"
del "c: \ windows \ system32 \ AceExt32.dll"
del "c: \ windows \ Downloaded Program Files \ Ext32.dat"
del "c: \ windows \ Downloaded Program Files \ Ext32.dll"
del "c: \ windows \ Downloaded Program Files \ CxUSBKey.exe"
del "c: \ windows \ Downloaded Program Files \ ZipExt32.dll"
start explorer.exe
reg delete HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \
CurrentVersion \ ShellServiceObjectDelayLoad / v ZipExt32 / f
reg delete HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \
CurrentVersion \ ShellServiceObjectDelayLoad / v AceExt32 / f
reg delete HKEY_CLASSES_ROOT \ CLSID \
{35CEC8A3-2BE6-11D2-8773-92E220524140} / f
reg delete HKEY_CLASSES_ROOT \ CLSID \
{35CEC8A3-2BE6-11D2-8773-92E220524150} / f
---
Remove Uchelp.exe on the flash drive (thumb drive):
List of 2 items
. Attrib -s -h \RECYCLER\Uchelp.exe
. Del Uchelp.exe
list end
---
PsTools Version in this package: 2.43. PsKill works on NT 4 and higher
including Windows Vista.
Download PsTools
The PsTools kit's PSKILL utility can terminate processes on the local
computer and processes on remote systems. Running PsKill with a process ID
directs
it to kill the process of that ID on the local computer. If you specify a
process name PsKill will kill all processes that have that name.
Now my system is infected ., but I could not understand the removal
procedure .
If any one can make out from the info , , please, guide me.
Thanks in advance.
In a day, when you don't come across any problems, -you can be sure that
you are travelling in the wrong path -. .
SWAMI - VIVEKANANDHA .
----- Original Message -----
From: "Chris Hallsworth" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Tuesday, August 07, 2007 1:58 AM
Subject: Re: [Blind-Computing] Recycler
> The recycler folder is not a virus; instead, it's a folder that Windows
> generates to allow files to go to the recycle bin. So, in other words, the
> recycler folder is the recycle bin. I can't believe that Symantec detected
> it as a virus, because, and I tell you this now, it is in no way a virus,
> so
> a false positive must be assumed here for those using Symantec. I use AVG
> Free and I've never had reports that recycler is a virus. However, and I
> should point this out, infected files could go to the recycle bin, so this
> is why Symantec picked it up but not AVG, I don't know. Hope that helps.
> ----- Original Message -----
> From: <[EMAIL PROTECTED]>
> To: <[email protected]>
> Sent: Monday, August 06, 2007 5:09 PM
> Subject: [Blind-Computing] Recycler
>
>
>> Hello friends!,
>> Today I copied few files to my pen drive a folder named recycler was
>> automatically created.
>> Is it a Virus?,
>> If so please help me to get rid of that .
>> Thanks in advance.
>> In a day, when you don't come across any problems, -you can be sure that
>> you are travelling in the
>> wrong path -. .
>> SWAMI - VIVEKANANDHA .
>> In a day, when you don't come across any problems, -you can be sure that
>> you are travelling in the wrong path -. .
>> SWAMI - VIVEKANANDHA .
>> Visit the Blind Computing List home page at:
>> http://www.blind-computing.com
>> Address for the list archives:
>> http://www.mail-archive.com/[email protected]/
>> To post to this group, send email to
>> [email protected]
>> To unsubscribe from this group, send an email to
>> [EMAIL PROTECTED]
>> For help from Mailman with your account Put the word help in the subject
>> or body of a blank message to:
>> [EMAIL PROTECTED]
>> Use the following form in order to contact the management team
>> http://www.blind-computing.com/contact.php
>> If you wish to join the JAWS Users List send a blank email to the
>> following address:
>> [EMAIL PROTECTED]
>
>
> Visit the Blind Computing List home page at:
> http://www.blind-computing.com
> Address for the list archives:
> http://www.mail-archive.com/[email protected]/
> To post to this group, send email to
> [email protected]
> To unsubscribe from this group, send an email to
> [EMAIL PROTECTED]
> For help from Mailman with your account Put the word help in the subject
> or body of a blank message to:
> [EMAIL PROTECTED]
> Use the following form in order to contact the management team
> http://www.blind-computing.com/contact.php
> If you wish to join the JAWS Users List send a blank email to the
> following address:
> [EMAIL PROTECTED]
Visit the Blind Computing List home page at:
http://www.blind-computing.com
Address for the list archives:
http://www.mail-archive.com/[email protected]/
To post to this group, send email to
[email protected]
To unsubscribe from this group, send an email to
[EMAIL PROTECTED]
For help from Mailman with your account Put the word help in the subject or
body of a blank message
to:
[EMAIL PROTECTED]
Use the following form in order to contact the management team
http://www.blind-computing.com/contact.php
If you wish to join the JAWS Users List send a blank email to the following
address:
[EMAIL PROTECTED]
Visit the Blind Computing List home page at:
http://www.blind-computing.com
Address for the list archives:
http://www.mail-archive.com/[email protected]/
To post to this group, send email to
[email protected]
To unsubscribe from this group, send an email to
[EMAIL PROTECTED]
For help from Mailman with your account Put the word help in the subject or
body of a blank message to:
[EMAIL PROTECTED]
Use the following form in order to contact the management team
http://www.blind-computing.com/contact.php
If you wish to join the JAWS Users List send a blank email to the following
address:
[EMAIL PROTECTED]
