You are on page 1of 3

Please note that the following advice if taken will absolve me from any responsibility.

I am only reporting what I did to get rid of the virus installed on my hard drive.

1. You should be able to see your root drive root drive which is c: or d: etc.

2. Ensure that you are able to see hidden files by going to Tool>Folder Option>view
and checking off hidden files.

3. System Volume Information and Recycler should be visible in your root drive (c:
d: or whatever drive you use)
4. Right Click on Recycler folder and go to Properties.

5. Go to the tab labeled Security, If your user name is not there then add your
username that you use for XP . Give yourself all security rights as well as the
SYSTEM user. Then press okay. If you cannot see the security tab and you are using
XP professional then go to Tool>Folder Option>View uncheck box "Use simple File
sharing" then select Apply.

6. Right Click on System volume information folder and go to Properties. Repeat step
5.

7. Go to the garbage icon on the desktop and right click. Choose properties then
check the box " Do not move files to the recycle bin. Remove files immediately when
deleted." Press Apply.

8. Go back to the root drive and delete Recycler folder.

9. Go to the System Information folder and delete the last folder. These folders are
where Xp has taken a snapshot of your system in order to restore it. The virus is
hiding here in the event that you restore it is also restored.

10. You should now open the registry editor and remove the virus from here so that
when you restart the virus is not recreated.

11. Open the registry editor. Start >Run> then type regedit in the box and select OK
The registry will now open.

12. Hit Ctrl+F Type Recycler in the search box . Delete the entry when found. press
F3 to find the next occurrance of Recycler and delete.

13. Close regedit.

14. Go to all installed harddrives and so steps 2- steps 6, steps 8 and steps 9.

15. Run your virus software. You should be able to update any virus software that
was previously unupdatable.

16. Reboot your computer

17. Verify that that the reycler folder is deleted from you root drive.

18. Then you can uncheck the box in the garbage that you checked in step 7. To
keep all you deleted files in case you need to restore a file that was accidentally
deleted.

My findings: This virus is recreated using the methods of the garbage bin. Everytime
you delete a file it recreates itself because it looks in the garbage and restores or
copies the virus information inside. If the virus is not able to be stored inside and is
immediately removed when you check the box in step 7. Then it cannot recreate
itself and all of its power is lost. So erasing it from the registry and drive ensures
that it cannot return. Recycler virus is a virus that exploits the autorun feature of
Windows. It copies the autorun.inf files on each drive of the computer, be it
permanent or a removable media such as DVDs, CD ROMs, USB Devices, or Memory
Sticks. The recycler virus originated from the W32.Lecna.H worm that spreads itself
by copying itself to all the active drives.

The virus creates a hidden folder in each active drive. Each time you insert a
removable media, it will execute itself. It uses a batch file to modify the system
registry and executes itself each time the system starts up. You cannot remove the
virus even after formatting your removable media. The anti-virus software may
detect it but cannot remove it.

The recycler virus is very destructive. Once it infects your computer, it will connect
itself to malicious websites and download the malicious code to your computer. The
malicious code will then steal your personal information such as credit card
information, social security, account numbers, usernames, and passwords stored on
your computer.

Conduct a Recycler Virus Removal

You can remove the recycler virus both manually and by using any recycler virus
removal tool. To remove the virus manually, you need to:

1. Search for the process called CTFMON.EXE and kill it through Task Manager.
2. Search CTFMON.EXE file in the Startup menu and delete it.
3. Boot the system in safe mode and open the command prompt.
4. Disable hidden, system, and read only attributes for autorun.inf and recycled
folder delete them.
5. Clean the recycle bin.
6. Repeat these steps for all the drives on your computer.
7. Open registry editor and modify the NoDriveTypeAutoRun entry with 03ffffff value
after searching it in following registry folders:
HKEY_LOCAL_MACHINESOFTWARE
HKEY_CURRENT_USERSOFTWARE
8. Reboot and scan your system with latest antivirus software.

The manual removal of the infection is not recommended because it requires an


expertise to edit windows registry. In case you remove/modify a wrong registry
entry, you may cause severe damage to your system. Therefore, it is always better
to remove Recycler Virus with a specialized removal tool.

How to Remove Recycler Virus


Recycler.exe virus will attack your drives, both hard disk and removable. The origin
name of recycler virus is W32.Lecna.H, a worm that spreads by copying itself to all of
your currently active drives. After infecting your computer, it will download potentially
malicious code if you connected to the internet. Some anti virus just passed recycler, so
you must delete it manually. Here is the method:

1. Open Windows Task Manager by pressing Ctrl + Alt + Del.


2. Select Processes tab.
3. Search and find CTFMON.EXE. Select it and click End Task.
4. Run Search tool. Search CTFMON.EXE file and delete it. Commonly it is
located in Startup menu.
5. Open Run tool. Type cmd. The Command application will open.
6. Type cd\.
7. Type attrib –r –s –h +a *.inf.
8. Type del autorun.inf.
9. Type attrib –r –s –h +a recycled.
10. Type cd recycled.
11. Type del *.* and confirm the deletion.
12. Type cd\.
13. Type rmdir recycled.
14. Now the recycler virus is removed from your system drive. What you need to do
next is repeating step 6-13 and apply it to other drives.
15. Upgrade your anti virus definition and re-scan your computer.

November 6, 2008 · Filed Under Virus Removal

i wasn’t looking for a virus but i found 1…

1> Get yourself a LiveCD of any Linux OS… if u use Torrents it’s easy to get.. it’s about
700 mbs at max…
2> Next step is to burn it to a CD
3> Restart n boot using the LiveCD..
4> Plugin your pendrive and open it in the explorer….
5> you’ll be able to see every file that’s ****ing with your system…
6> Delete them all… (i suggest formatting it)
7> Restart the system and your drive is as good as new..