Confused? Yeah, I hear you on that one. I haven't had a chance to check the site yet, but just going on the information available to me right now, I can't say either way whether your computer is infected. I can tell you this though, the files located on the pen drive can be deleted, since the drive didn't come with any preloaded software.
Richard Justice www.blind-computing.com ----- Original Message ----- From: [EMAIL PROTECTED] To: [email protected] Sent: Tuesday, August 07, 2007 12:49 PM Subject: Re: [Blind-Computing] Recycler Hi Ricque, The URL is as follows: http://www.mac-net.com/1186487.page 2. Yes I have scanned this drive with AVG free , but it didn't detect it has a threat. 3. I have not queried any reputable site , But in my friend's system Symantec detected it has a virus. 4. This drive did not come with any software's. 5. I have not downloaded any softwares, I am waiting for your expert advise . Yes, I have un plugged the pen drive. I am not using it now. Confused!!! Ramkumar . In a day, when you don't come across any problems, -you can be sure that you are travelling in the wrong path -. . SWAMI - VIVEKANANDHA . ----- Original Message ----- From: "Ricque" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Tuesday, August 07, 2007 9:27 PM Subject: Re: [Blind-Computing] Recycler > Something here doesn't exactly sinc with me. > Do you have the url where you got this information? > Have you scanned this particular drive for infection? > Have you queried a reputable security site, such as Symantec, or McAfee > etc? > Just from reading what you have posted here, this looks like a back-door > approach to getting you to > buy, or download some software. > If this were reputable information, chances are that, there would be no > mis-spellings, and > composition would be much better. > Performing a Google search on something like this yields many results, > that aren't relevant to the > particular situation, even if it sounds that way. > Did this particular drive come with any type of software installed? > I would be suspicious of the autorun.inf file > since I don't know what commands it contains, and I don't know what the > UcHelp.exe file is. > I've seen the recycler folder before, and the desktop.ini file, > but the file was located outside the folder. > I notice in this information, the .ini file is located inside the recycler > folder > If it were me, I would do some more research on this before I downloaded > and installed any software, > or removed any files from the system hard drive. > Until you are sure of exactly what to do, based on information from a > reputable source, > simply unplug the USB drive, and don't use it until you know exactly how > to proceed. > This is interesting, if you have any of the information that I asked > about, could you post it to the > list? > HTH, > Richard Justice > www.blind-computing.com > ----- Original Message ----- > From: [EMAIL PROTECTED] > To: [email protected] > Sent: Tuesday, August 07, 2007 11:15 AM > Subject: Re: [Blind-Computing] Recycler > > > Hi Chris , > I did a Google search on recycler and found the following . > Recycler is a virus which spreads through our Pen drive. > I am pasting the info , below: > > > The virus drops the following files into the flash drive (thumb drive or > usb > drive) > List of 3 items > . autorun.inf > . RECYCLER\desktop.ini > . UcHelp.exe > list end > The easiest way to remove the virus is to format the USB drive. However if > the computer has contacted the virus, then you may have to use the > procedure > outlined below to remove it. If not, it will start spreading to other USB > drive that is plug into the infected computer. > > To remove the trojan, you need to download PSKILL utility, see below. > > pskill -t explorer.exe > attrib -s -h c: \ windows \ system32 \ AceExt32.dll > attrib -s -h "c: \ windows \ Downloaded Program Files \ Ext32.dat" > attrib -s -h "c: \ windows \ Downloaded Program Files \ Ext32.dll" > attrib -s -h "c: \ windows \ Downloaded Program Files \ CxUSBKey.exe" > attrib -s -h "c: \ windows \ Downloaded Program Files \ ZipExt32.dll" > del "c: \ windows \ system32 \ AceExt32.dll" > del "c: \ windows \ Downloaded Program Files \ Ext32.dat" > del "c: \ windows \ Downloaded Program Files \ Ext32.dll" > del "c: \ windows \ Downloaded Program Files \ CxUSBKey.exe" > del "c: \ windows \ Downloaded Program Files \ ZipExt32.dll" > start explorer.exe > reg delete HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ > CurrentVersion \ ShellServiceObjectDelayLoad / v ZipExt32 / f > reg delete HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ > CurrentVersion \ ShellServiceObjectDelayLoad / v AceExt32 / f > reg delete HKEY_CLASSES_ROOT \ CLSID \ > {35CEC8A3-2BE6-11D2-8773-92E220524140} / f > reg delete HKEY_CLASSES_ROOT \ CLSID \ > {35CEC8A3-2BE6-11D2-8773-92E220524150} / f > > --- > > Remove Uchelp.exe on the flash drive (thumb drive): > List of 2 items > . Attrib -s -h \RECYCLER\Uchelp.exe > . Del Uchelp.exe > list end > > --- > > PsTools Version in this package: 2.43. PsKill works on NT 4 and higher > including Windows Vista. > > Download PsTools > > The PsTools kit's PSKILL utility can terminate processes on the local > computer and processes on remote systems. Running PsKill with a process ID > directs > it to kill the process of that ID on the local computer. If you specify a > process name PsKill will kill all processes that have that name. > > Now my system is infected ., but I could not understand the removal > procedure . > If any one can make out from the info , , please, guide me. > Thanks in advance. > In a day, when you don't come across any problems, -you can be sure that > you are travelling in the wrong path -. . > SWAMI - VIVEKANANDHA . > ----- Original Message ----- > From: "Chris Hallsworth" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Tuesday, August 07, 2007 1:58 AM > Subject: Re: [Blind-Computing] Recycler > > >> The recycler folder is not a virus; instead, it's a folder that Windows >> generates to allow files to go to the recycle bin. So, in other words, >> the >> recycler folder is the recycle bin. I can't believe that Symantec >> detected >> it as a virus, because, and I tell you this now, it is in no way a virus, >> so >> a false positive must be assumed here for those using Symantec. I use AVG >> Free and I've never had reports that recycler is a virus. However, and I >> should point this out, infected files could go to the recycle bin, so >> this >> is why Symantec picked it up but not AVG, I don't know. Hope that helps. >> ----- Original Message ----- >> From: <[EMAIL PROTECTED]> >> To: <[email protected]> >> Sent: Monday, August 06, 2007 5:09 PM >> Subject: [Blind-Computing] Recycler >> >> >>> Hello friends!, >>> Today I copied few files to my pen drive a folder named recycler was >>> automatically created. >>> Is it a Virus?, >>> If so please help me to get rid of that . >>> Thanks in advance. >>> In a day, when you don't come across any problems, -you can be sure >>> that >>> you are travelling in the >>> wrong path -. . >>> SWAMI - VIVEKANANDHA . >>> In a day, when you don't come across any problems, -you can be sure >>> that >>> you are travelling in the wrong path -. . >>> SWAMI - VIVEKANANDHA . >>> Visit the Blind Computing List home page at: >>> http://www.blind-computing.com >>> Address for the list archives: >>> http://www.mail-archive.com/[email protected]/ >>> To post to this group, send email to >>> [email protected] >>> To unsubscribe from this group, send an email to >>> [EMAIL PROTECTED] >>> For help from Mailman with your account Put the word help in the subject >>> or body of a blank message to: >>> [EMAIL PROTECTED] >>> Use the following form in order to contact the management team >>> http://www.blind-computing.com/contact.php >>> If you wish to join the JAWS Users List send a blank email to the >>> following address: >>> [EMAIL PROTECTED] >> >> >> Visit the Blind Computing List home page at: >> http://www.blind-computing.com >> Address for the list archives: >> http://www.mail-archive.com/[email protected]/ >> To post to this group, send email to >> [email protected] >> To unsubscribe from this group, send an email to >> [EMAIL PROTECTED] >> For help from Mailman with your account Put the word help in the subject >> or body of a blank message to: >> [EMAIL PROTECTED] >> Use the following form in order to contact the management team >> http://www.blind-computing.com/contact.php >> If you wish to join the JAWS Users List send a blank email to the >> following address: >> [EMAIL PROTECTED] > > > Visit the Blind Computing List home page at: > http://www.blind-computing.com > Address for the list archives: > http://www.mail-archive.com/[email protected]/ > To post to this group, send email to > [email protected] > To unsubscribe from this group, send an email to > [EMAIL PROTECTED] > For help from Mailman with your account Put the word help in the subject > or body of a blank message > to: > [EMAIL PROTECTED] > Use the following form in order to contact the management team > http://www.blind-computing.com/contact.php > If you wish to join the JAWS Users List send a blank email to the > following address: > [EMAIL PROTECTED] > Visit the Blind Computing List home page at: > http://www.blind-computing.com > Address for the list archives: > http://www.mail-archive.com/[email protected]/ > To post to this group, send email to > [email protected] > To unsubscribe from this group, send an email to > [EMAIL PROTECTED] > For help from Mailman with your account Put the word help in the subject > or body of a blank message to: > [EMAIL PROTECTED] > Use the following form in order to contact the management team > http://www.blind-computing.com/contact.php > If you wish to join the JAWS Users List send a blank email to the > following address: > [EMAIL PROTECTED] Visit the Blind Computing List home page at: http://www.blind-computing.com Address for the list archives: http://www.mail-archive.com/[email protected]/ To post to this group, send email to [email protected] To unsubscribe from this group, send an email to [EMAIL PROTECTED] For help from Mailman with your account Put the word help in the subject or body of a blank message to: [EMAIL PROTECTED] Use the following form in order to contact the management team http://www.blind-computing.com/contact.php If you wish to join the JAWS Users List send a blank email to the following address: [EMAIL PROTECTED] Visit the Blind Computing List home page at: http://www.blind-computing.com Address for the list archives: http://www.mail-archive.com/[email protected]/ To post to this group, send email to [email protected] To unsubscribe from this group, send an email to [EMAIL PROTECTED] For help from Mailman with your account Put the word help in the subject or body of a blank message to: [EMAIL PROTECTED] Use the following form in order to contact the management team http://www.blind-computing.com/contact.php If you wish to join the JAWS Users List send a blank email to the following address: [EMAIL PROTECTED]
