[AI] recycler

Ramkumar researcher1 at dataone.in
Tue Aug 7 11:22:04 EDT 2007


Hi Friends,
I did a Google search on recycler and found the following .
Recycler is a virus which spreads through our Pen drive.
I am pasting the info , below:

The virus drops the following files into the flash drive (thumb drive or usb
drive)
List of 3 items
. autorun.inf
. RECYCLER\desktop.ini
. UcHelp.exe
list end
The easiest way to remove the virus is to format the USB drive. However if
the computer has contacted the virus, then you may have to use the procedure
outlined below to remove it.  If not, it will start spreading to other USB
drive that is plug into the infected computer.

To remove the trojan, you need to download PSKILL utility, see below.

pskill -t explorer.exe
attrib -s -h c: \ windows \ system32 \ AceExt32.dll
attrib -s -h "c: \ windows \ Downloaded Program Files \ Ext32.dat"
attrib -s -h "c: \ windows \ Downloaded Program Files \ Ext32.dll"
attrib -s -h "c: \ windows \ Downloaded Program Files \ CxUSBKey.exe"
attrib -s -h "c: \ windows \ Downloaded Program Files \ ZipExt32.dll"
del "c: \ windows \ system32 \ AceExt32.dll"
del "c: \ windows \ Downloaded Program Files \ Ext32.dat"
del "c: \ windows \ Downloaded Program Files \ Ext32.dll"
del "c: \ windows \ Downloaded Program Files \ CxUSBKey.exe"
del "c: \ windows \ Downloaded Program Files \ ZipExt32.dll"
start explorer.exe
reg delete HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \
CurrentVersion \ ShellServiceObjectDelayLoad / v ZipExt32 / f
reg delete HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \
CurrentVersion \ ShellServiceObjectDelayLoad / v AceExt32 / f
reg delete HKEY_CLASSES_ROOT \ CLSID \
{35CEC8A3-2BE6-11D2-8773-92E220524140} / f
reg delete HKEY_CLASSES_ROOT \ CLSID \
{35CEC8A3-2BE6-11D2-8773-92E220524150} / f

---

Remove Uchelp.exe on the flash drive (thumb drive):
List of 2 items
. Attrib -s -h \RECYCLER\Uchelp.exe
. Del Uchelp.exe
list end

---

PsTools Version in this package: 2.43. PsKill works on NT 4 and higher
including Windows Vista.

Download PsTools

The PsTools kit's PSKILL utility can terminate processes on the local
computer and processes on remote systems. Running PsKill with a process ID
directs
it to kill the process of that ID on the local computer. If you specify a
process name PsKill will kill all processes that have that name.

Now my system is infected ., but I could not understand the removal
procedure .
If any one can make out from the info , , please, guide me.
Thanks in advance.
In a day, when you don't come across any problems,  -you can be sure that 
you are travelling in the wrong path -.  .
SWAMI  -      VIVEKANANDHA .
----- Original Message ----- 
From: "Abdul Razique Khan" <1988.abdul at gmail.com>
To: <accessindia at accessindia.org.in>
Sent: Tuesday, August 07, 2007 7:52 PM
Subject: Re: [AI] recycler


> Hello my friend,
> You can't delete this file because as the name suggests it will
> produce anotherr file of the same sort.
> If I am not wrong, this virus creates a folder in every folder of the
> parent folder's name. Even if you delete those folers, it will
> reproduce another one.
>
> Thanks,
> Abdul
>
> To unsubscribe send a message to accessindia-request at accessindia.org.in 
> with the subject unsubscribe.
>
> To change your subscription to digest mode or make any other changes, 
> please visit the list home page at
>  http://accessindia.org.in/mailman/listinfo/accessindia_accessindia.org.in
> 





More information about the AccessIndia mailing list