Sunday, November 10, 2013

Recycler Virus - What Is Recycler Virus and How to Remove Recycler Virus?

What Is Recycler


Recycler is a virus. It resembles the authentic system recycled file, which confuses wide range of PC users. Usually, recycler virus will make it real to name itself by a series of number that lokks just like user’s SID (security identifier), e.g. S-1-5-21-1364623040-634879670-1883500744-500. Such folder/ file also imitate the features of the authentic system one to be hidden. Actually, recycler virus is after all geared by Trojan that is capable of binding itself to system files, especially those that are supposed to be protected by Windows. In other word, Recycler virus can reproduce itself even after it is removed.


Features of Recycler Virus


Report from victims of Recycler virus:
A: “My Wd My passport 1TB external hard disk is showing the following error when I try to open drive:
i m not able 2 see my all old data
only i can see 2 folders
1) Recycler
2) System Volume Information
Please help me to solve the above mentioned issue as I have important files in my external hard disk. Thank you.”
B: “Well, it's just the simple RECYCLER. But I'm confused if it is a virus or not. This "RECYCLER" is in my flash drive. I used command prompt to see the folders inside and then I found that thing. My flash drive had been inside many computers today. Since I found the RECYCLER, i tried to delete it using the cmd. When i deleted it, it just came back. It's so annoying!!. I scanned my flash drive in Avira. But the anti-virus didn't detect it. Finally, I decided to open to see the files inside my flash drive. And voila! I only saw the RECYCLER folder. Alone. Back then, my usb contains movies, powerpoint presentations, and many more. But after it has the RECYCLER folder. It's all gone!!!”
Nowadays, more and more infections start to target system items so as to be immune to the removal by installed security utilities. So how to tell if you are affected by recycler virus? There are some features to help with identification:

A: Many more executable files appear under
C:\Documents and Settings\Administrator\Local Settings\Temp
such as “(random numbers) + iexplorer.exe”

B: There are RECYCLER directory and Latent directory under the root directory of C disk.

C: (random numbers) + iexplorer.exe type file appear under C:\Program Files\Internet Explorer.


http://blog.vilmatech.com/According to the victims’ report, anti-virus programs will not help detect recycler virus. Not to mention to help resolve the problem. Thus, manual way becomes the top option to remove recycler virus. Follow the steps below to help yourself. Attention should be paid to the victims who are equipped with little computer knowledge that the steps require computer skills. Should there be any confusion that leads to unexpected computer problems, feel free to contact professionals from VilmaTech Online Support for real-time help.


 

Self-help Steps to Remove Recycler Virus


Step1. run reputable anti-virus programs to see if there are other virus that might be brought in by or collaborate with Recycler virus and delete any possible virus.

Step2. Modifications that need to be made in database.

Press Win key and R key together to bring up the Run box, then type “regedit” there before tapping on Enter key.

A: Delete the registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Userinit\C:\WINDOWS\system32\userinit.exe
HKEY_CLASSES_ROOT\CLSID\{F084FD46-EB63-4CC0-B814-99C16EE76BD1}

B: Delete “C:\Latent\Latent.com”of the registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Userinit\C:\Latent\Latent.com

C: Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer \ShellExecuteHooks
and delete {F084FD46-EB63-4CC0-B814-99C16EE76BD1} in the right pane.

D: Remove all RECYCLER directory and Latent directory distributed in all disks.

E: Delete
C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMz.Ime

Remember to restart the computer after all the steps have been done and to run some third party programs for detection of vulnerability so as to download patches for it in an attempt to avoid being compromised by other potential virus. Be noted that the directory might be different from some computers of victims since the programs installed are different and the version of Windows are different. However, the above steps are tested to be applicable to most cases. If your case is not completely the same with the one we are offering, you are welcome to get the appropriate solution to your concrete situation.

http://blog.vilmatech.com/

No comments: