Hey does anyone know about this virus/trojan Recycler.exe. It affects removable drives. Right now it has become a nightmare for me tryig to get rid of it. AVG Anti-Virus doesn't detect it even though I can see it is scanning the virus files. Trend Micro Internet security shows everything safe even when I delete the folder and it regenerates while Trend Micro is running. Kaspersky Internet Security detects that the files are infectected but cannot clean it up. I've the latest updates of the said anti-viruses yet I'm going around in circles. Any help would be much appreciated.
Recycler.exe - virus
Boot your computer in safe mode by pressing F8 during startup, and re run the AVG scan. It should be able to detect the files in safe mode. You will also have to delete the autorun files off the flash drive. I suggetst you find a friend who has a mac to delete if for you. There may be an easier way, but this way should work.
such a thing will keep playing around. one has to be careful with removable drives and get yourself a good anti virus.
I've tried every anti virus i could think of. No use. Of course I'm using the trial versions. Don't know if that might have something to do with that. I even tried to remove it manually, no avail!
wats ur actual problem? why dont you manually delete the fileand also the autorun.inf from your pendrive. i guess there must be a service running under the name wscript.exe too
specify more details plz.
specify more details plz.
at least, you'd better turn off your autorun first..
or like they said before, run your windows in safe mode first, then you scan with your antivirus
or like they said before, run your windows in safe mode first, then you scan with your antivirus
I use NOD32, and I was able to remove various viruses while they were running. It's pretty good!
| aningbo wrote: |
| wats ur actual problem? why dont you manually delete the fileand also the autorun.inf from your pendrive. i guess there must be a service running under the name wscript.exe too
specify more details plz. |
I did try to manually delete the files. My anti-virus does scan the autorun.inf file but it just doesn't delete it. Even in safe mode its not working. My main problem is everytime i delete the file it regenerates. I can't find the auto-run.inf file to delete it manually. Let me try and disable auto-run and see if I can get that to lessen my headache.
if all the steps have been failed, if you dont have any important data in your usb , then just format your device through command prompt without opening that device.
| ainieas wrote: |
| Hey does anyone know about this virus/trojan Recycler.exe. It affects removable drives. Right now it has become a nightmare for me tryig to get rid of it. AVG Anti-Virus doesn't detect it even though I can see it is scanning the virus files. Trend Micro Internet security shows everything safe even when I delete the folder and it regenerates while Trend Micro is running. Kaspersky Internet Security detects that the files are infectected but cannot clean it up. I've the latest updates of the said anti-viruses yet I'm going around in circles. Any help would be much appreciated. |
The reason antivirus suites dont see the virus is because the file attribute its files were set to system/superhidden.
So even if you set your folder view to Show hidden files, it would still not show up.
You have to enable showsuperhidden key in the registry then do a full system scan as that virus/trojan put files iside the windows directory and modify keys in the registry. Particularly the ShowSuperHidden key.
To modify that key;
Click "run" at the start menu, type regedit
the Registry editor will open.
Go to HKEY_CurrentUser\Software\Microsoft\Windows\Explorer\Advanced
on the left side look for the key ShowSuperHidden and set it to 0 (ZERO).
Close the Registry editor then on Folder options' View tab select Show hidden files. You may havee to reboot for the changes to take effect. then Do a full system scan, with your removable drives plugged in.
AVG should see it and clean it.
Hope this helps
I encountered this virus recently. The biggest problem with this virus is it makes itself hidden and readonly. It also spreads through autorun.inf file. However it is possible to delete it by checking for readonly files. That is what I did. I was helped by the blog post http://binaryday.com/2009/05/16/how-to-remove-recycler-virus-on-usb/
Also u can try free antivirus program such as cureit. You can download it from http://www.freedrweb.com/download+cureit/. I think that it help. Just run it and chek your hard disk, very easy for execute. Good luck !
| ainieas wrote: |
| Hey does anyone know about this virus/trojan Recycler.exe. It affects removable drives. Right now it has become a nightmare for me tryig to get rid of it. AVG Anti-Virus doesn't detect it even though I can see it is scanning the virus files. Trend Micro Internet security shows everything safe even when I delete the folder and it regenerates while Trend Micro is running. Kaspersky Internet Security detects that the files are infectected but cannot clean it up. I've the latest updates of the said anti-viruses yet I'm going around in circles. Any help would be much appreciated. |
There are so many viruses nowadays that use the same name Recycler.exe.
Give me the complete details like file size, location, or better - Send me a copy of the virus though rapidshare or mediashare or filden or some file hosting.
I'll infect my test computer in my Antivirus labs and make an antidote.
If I do make any antidotes, I usually put them here : http://www.fundazone.com
@sitacool
Thanks for sharing the link to http://binaryday.com/2009/05/16/how-to-remove-recycler-virus-on-usb/ . It was really helpful in removing the dreaded virus.
However does anyone have any idea if this virus can affect my cd as well. I have some music cds that are not running properly.
Thanks for sharing the link to http://binaryday.com/2009/05/16/how-to-remove-recycler-virus-on-usb/ . It was really helpful in removing the dreaded virus.
However does anyone have any idea if this virus can affect my cd as well. I have some music cds that are not running properly.
| mamuni wrote: |
| @sitacool
Thanks for sharing the link to http://binaryday.com/2009/05/16/how-to-remove-recycler-virus-on-usb/ . It was really helpful in removing the dreaded virus. However does anyone have any idea if this virus can affect my cd as well. I have some music cds that are not running properly. |
Nope, they don't directly copy to CDs
These viruses take the easy routes, which is anything recognised as a mass storage device in the USB port.
Pen Drives, Memory cards, mobile phones, iPods, mp3 players, digital cameras, external hard drives, etc ...
Your CD may just have some scratches, dust or time damage.
recycler.exe
Recycler.exe is W32.Lecna.H.
W32.Lecna.H is a worm that spreads by copying itself to mapped drives. It also opens a back door and may download potentially malicious code on to the compromised computer.
Related files:
%System%\AUTORUN.INF
%System%\confi.exe
%System%\Config.ini
%System%\Recycler.exe
%System%\uninstx.exe
%System%\keyvect.dll
%System%\netscv.exe
Read more:http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2007-082212-5844-99&tabid=2
Kill the process Recycler.exe and remove Recycler.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com
Removal: recycler.exe is removed by RegRun.
Recycler.exe is W32.Lecna.H.
W32.Lecna.H is a worm that spreads by copying itself to mapped drives. It also opens a back door and may download potentially malicious code on to the compromised computer.
Related files:
%System%\AUTORUN.INF
%System%\confi.exe
%System%\Config.ini
%System%\Recycler.exe
%System%\uninstx.exe
%System%\keyvect.dll
%System%\netscv.exe
Read more:http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2007-082212-5844-99&tabid=2
Kill the process Recycler.exe and remove Recycler.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com
Removal: recycler.exe is removed by RegRun.
If you have an external hard drive it would probably easiest to reformat everything... usually speeds the whole computer up too!
cheers
cheers
| Jaan wrote: |
| If you have an external hard drive it would probably easiest to reformat everything... usually speeds the whole computer up too!
cheers |
If u use windows, the best housekeeping is to format and reinstall once in a while.
| ainieas wrote: |
| Hey does anyone know about this virus/trojan Recycler.exe. It affects removable drives. Right now it has become a nightmare for me tryig to get rid of it. AVG Anti-Virus doesn't detect it even though I can see it is scanning the virus files. Trend Micro Internet security shows everything safe even when I delete the folder and it regenerates while Trend Micro is running. Kaspersky Internet Security detects that the files are infectected but cannot clean it up. I've the latest updates of the said anti-viruses yet I'm going around in circles. Any help would be much appreciated. |
Yes, even I had the same problem - this recycler virus is really a bad damn thing and finding solution was a nightmare for me. I am not an internet / computer expert and hence that was a huge tough problem on my desk. Nod32 did not identify it, but Avast did identify, but failed to remove it
Anyways, I digged out a solution while googling. Hope the same works for you - here it is- The recycler virus solution: http://www.techpavan.com/2009/01/10/recycler-autorun-virus-removal-instructions/
Hope that helps you
The link you have provided is also the same link to which the post submitted by me earlier i.e http://binaryday.com/2009/05/16/how-to-remove-recycler-virus-on-usb/ refers to. A really useful post on the topic without doubt.
| brokenadvice wrote: |
| Boot your computer in safe mode by pressing F8 during startup, and re run the AVG scan. It should be able to detect the files in safe mode. You will also have to delete the autorun files off the flash drive. I suggetst you find a friend who has a mac to delete if for you. There may be an easier way, but this way should work. |
Hey does anyone know about this virus/trojan mscdent.exe nsmcse.exe mscsmc.exe service.exe network gateway manager that coming up with some program setup . its like a shadow there is there is,nt . i have no program limit but no program can find him . if every body have inf about its please help me and send it to reza2re@yahoo.com
oh recycler.pif and autorun.inf are in ralated with it . it failed sys restore . iknow it isnt rootkit and change regestery keies and value
Hey does anyone know about this virus/trojan mscdent.exe nsmcse.exe mscsmc.exe service.exe network gateway manager that coming up with some program setup . its like a shadow there is there is,nt . i have no program limit but no program can find him . if every body have inf about its please help me and send it to reza2re@yahoo.com
oh recycler.pif and autorun.inf are in ralated with it . it failed sys restore . iknow it isnt rootkit and change regestery keies and value
oh recycler.pif and autorun.inf are in ralated with it . it failed sys restore . iknow it isnt rootkit and change regestery keies and value
Maybe I can help...
This is my Profession and hobby at the same time... Manually deleting virus...
I think its a bit too late for your computer to install some antivirus since now that you are fully infected... There is no Perfect antivirus... I dont have any antivirus in my system i welcome them and delete manually... one disadvantage of antivirus is if its gonna encounter a false positive which could even ruin ur system...
We can either chat or do remote sessions...
Just like to lend a hand to fellow frihosters...
so if ur interested chat me in ym g0d_0f_ff7@ym
This is my Profession and hobby at the same time... Manually deleting virus...
I think its a bit too late for your computer to install some antivirus since now that you are fully infected... There is no Perfect antivirus... I dont have any antivirus in my system i welcome them and delete manually... one disadvantage of antivirus is if its gonna encounter a false positive which could even ruin ur system...
We can either chat or do remote sessions...
Just like to lend a hand to fellow frihosters...
so if ur interested chat me in ym g0d_0f_ff7@ym
| reza2re wrote: |
| Hey does anyone know about this virus/trojan mscdent.exe nsmcse.exe mscsmc.exe service.exe network gateway manager that coming up with some program setup . its like a shadow there is there is,nt . i have no program limit but no program can find him . if every body have inf about its please help me and send it to reza2re@yahoo.com
oh recycler.pif and autorun.inf are in ralated with it . it failed sys restore . iknow it isnt rootkit and change regestery keies and value |
It's my hobby to remove viruses manually.
U can contact me on
http://www.crossloop.com/FundaZone
First get ProcessExplorer.exe (Just google for the link)
That's all u need.
Install Crossloop http://www.crossloop.com
Then send me a help request.
Related topics
 |