Now Playing Get Rid Of That Pesky Recycler Bin Virus
Posted on April 4, 2010Ok assuming you still want to continue using Windows after being infected by such a nasty virus:
This Step by step can be done even if you don’t have an antivirus:
Stopping Autorun Viruses – this applies to all variants of the virus WORM_AUTORUN.CG
DISABLE AUTORUN. This will stop a lot of viruses from spreading from one drive to the other. You can do this by opening regedit.exe and modifying the following key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer
There should be an entry with the name NoDriveTypeAutorun. Set it to 0×95 to disable autorun on everything but CD drives, or 0xB5 (the letter ‘B’, not the number ’8′) to disable it on all drives.
Ok now to remove the virus:
This virus distributes itself using your USB stick and your local hard drive – it has the uncannily ability of filling up a USB stick with whatever is in your recycle bin and then hides all the files using the windows dll files and resident memory in exlorer.exe. Most Antiviruses will detect this, but they are unable to get rid of the virus totally…
Gather all hard drives and memory sticks suspected as having the virus, connect them up in a machine that has Linux installed or simply boot infected machine with an Ubuntu Live CD – Important, please don’t boot into Windows as you will cause the virus to spread more…
Once booted into Linux, locate the windows hard drives connected, on Ubuntu these are usually displayed on the desktop, others will be located under /mnt/windows or /mnt/media in Dolphin File Manager accessed from the menu at the top of your screen.
Go to the root of each Windows drive, delete the following: autorun.inf, recycler and any bat or cmd files present excepting for autoexec.bat which is a legacy file for windows. Also delete “.recycler” and any folders that say recycler, do the same on any memory sticks or external drives you have connected to the infected machine recently.
The Autorun.inf files and the cmd files are what makes this virus work, when you boot back into windows now the files are removed, you may get a few error messages, to get rid of these messages:
- Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter
- In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Active Setup>Installed Components - In the left panel, locate and delete the key:
{08B0E5C0-4FCB-11CF-AAX5-90401C608512} and any other keys that contain information about Recycler or Autorun
- Close Registry Editor.
If you are still getting the error, go back to registry editor and locate to HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>Current Version>Run
Delete any files you do not recognise, also browse in Windows Explorer to where they are installed and delete off your hard drive (it would be wise to google and make sure) – most of the files here start up when your machine boots up, a number of them can be located next to your system tray next to the time.
For a detailed and somewhat different approach try Bleeping Computer
Tags: Antivirus, Getting Rid Of That Pesky Recycler Bin Virus, Recycler Bin Virus
Categories: Technical Help
Get Rid Of That Pesky Recycler Bin Virus -> http://is.gd/bArID
20.04.2010 10:03
[...] Now Playing Get Rid Of That Pesky Recycler Bin Virus [...]
01.05.2010 17:25
[...] Get Rid Of That Pesky Recycler Bin Virus [...]
03.06.2010 00:12
Hi Parker
I will try to be more concise in my directions
Thanks
Rob
26.01.2011 11:33