USB Stick Virus causes Windows XP Problems (RECYCLER.exe)

July 7, 2009 at 12:00 am Leave a comment

I got an interesting Problem. I havent figured it out completely yet and hope for some support from you guys.
I´m not a geek, and moreover completely new at forums. But enough personal preliminaries.

I have an USB Stick. When I Plug it in, everything is fine, till i double click it in Windows Explorer. After I do so, it does something i havent really figured out. But so far I can report the following problems it seems to cause:

i) After a while i get a Windows error message that tells me: RECYCLER.exe has encountered a problem and needs to be closed, …

ii) The USB Stick wont open anymore, when I double click it. I have to right click it and say explore out of the context menu.

iii) I cant show hidden files anymore in Folder Options! I solved this Problem already by following the tips of this Forum here in that thread:

http://forums.cnet.com/5208-6142_102-0.html?forumID=5&threadID=232457&messageID=2396828

I Used the Registry fix:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL

in the right side of the window, there must be a entry called: checkedvalue

right click on it n and select value….
if its value is set for 0 than delete it n set the value as 1..
close the regedit window…..
now the problem must be gone……this worked in my system n now i can
unhide the hidden files……

This Registry Fix makes me capable to show hidden files in Windows explorer again.

iv) when i unplug the USB stick and Plug it in again, Windows just wouldn`t give me the menu with the Options what i want to do anymore.

As I said, I fixed the problem to show hidden Files. So there are two hidden Files on my USB Stick:

a) autorun
b) RECYCLER

autorun looks like this:

[AutoRun]
open=RECYCLER.exe
shellexecute=RECYCLER.exe
shellAutocommand=RECYCLER.exe

What the RECYCLER.exe does, i cant really tell. I tried to figure out by disassembling it with a tool from HavenTools called PE Explorer:

http://www.heaventools.com/

But my Computer Skills seem to be not sufficient enough to analyse it properly. Can anybody help me?

 
———————————————————-
 
Also make sure to clean out the registry entries mentioned here so it wont attempt to load on the machine at startup:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun
“Taskman”=”C:\WINNT\system32\drivers\taskmen.exe”
“DataAccess”=”C:\WINNT\taskmen.exe”

or this one as well:

Locate the HKEY_LOCAL_MACHINE entry:

HKLMSoftwareMicrosoftWindowsCurrentVersionRun
Recycle Bin Handler =<system folder>
ecycler.exe

and delete it if they exist.

There are a couple of ways to go about this.. You can leave the infected flash drive in the USB port and scan it along with the rest of the computer WITHOUT opening it and attempt to clean it while its in the port…OR… you can clean out the machine first, then place the drive and press the “Shift” key to hopefully prevent it from autorunning.. You could then open “My Computer”, then RIGHT click on the removable drive and choose “Format” (or use the format utility for the specific model of flash drive you have, or run a RIGHT click scan with your antivirus or AVG Antispyware..

Hope this helps.

Grif

 
 
 
———————————————————-
 
 
 

First i want to thank you for all your support and advices.

I kinda got rid of that trojan. That means i don`t have any problems anymore and it doesn`t come back at least for the past few days.

What i found out is that this trojan is called “W32/SillyFDC-Y”. The following link gives a few more informations:

http://www.sophos.de/security/analyses/w32sillyfdcy.html

But anyways there seem to be different variants of this trojan around. So I feel sorry for MoronZilla, that seem to have a more nasty version of it than myself had.

I could delete the autorun and RECYCLER files from all the removable medias that i have.

What makes me wonder is that my Sophos antivirus which is absolutely up to date didn`t detect this particular worm. A let it run several times over the hole computer intensively but it didn`t detect the expected worm.

Anyways what solved my problem was:

i) Deleting the above mentioned files from every removable media i found them on

ii) Cleaning out my entire registry using the cost-free registry cleaner: “Wise Registry Cleaner 2”

iii) running Sophos Antivirus intensively over my computer several times

iv) finally fixing the last registry problems that the worm screw up by hand and mainly using the Windows Tweak UI Registry Power Tool.

Everything seems to work fine again in my case. Hopefully it stays this way.

Cheers

<!–
–><!–
–><!–
–>

Entry filed under: Windows XP. Tags: .

A-301 High Voltage Amplifier/ Piezo Driver and Modulator2

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Stats

  • 41,020 hits

من محتويات الموقع

كثرت إصدارات الماسنجر وتبعثرت بتشاتها وبرامجها .. فالبعض يبحث عن جديد الماسنجر .. والبحض يبحث عن ماسنجر 7.5 .. ماسنجر هوتميل والبعض يبحث عن ماسنجر 7 نحن نوجهك إلى تحميل برنامج ماسنجر بلس مسنجر 9 برنامج الماسنجر الجديد هوتميل تسعة ... برنامج ماسنجر هوتميل بلس لاصدار ماسنجر لايف 9 ماسنجر,ماسنجر بلص,تحميل الماسنجر,ماسنجر 8,صور ماسنجر,اصدارات الماسنجر و ما قبله من اصدارات.. تحميل مسنجر مسنجر بلس مسنجر 9 مسنجر ياهو مسنجر لايف تنزيل مسنجر messenger اقلاع سوفت messenger + msn + hotmail download msn messenger hotmail msn web messenger hotmail msn messenger without hotmail msn messenger und hotmail telecharger msn messenger hotmail msn hotmail messenger mac Internet turbo 2009 ,جديد البرامج و الإنترنات ,1waw.com ,Download parameg FOR MOBILE TORRENT ,كشف الملفات التالفه في الويندوز ,فضل برنامج للصور المتحركة عربي ,فتح محطات ART الفضائية ,Firefox ,برامج تشغيل الملفات ,تحميل أقوى مشغل ملفات flv ,تحميل برنامج مجانا internet download manager ,Fotos+do+sound+forge ,NLite ,كول اديت ,Free arc لفك الضغط ,تنزيل ساعة على سطح مكتب الكمبيوتر ,برنامج تحويل الفيديو يوتيوب الى 3gp ,تنزيل برنامج لفتح الاناشيد ,Fotos+do+sound+forge ,برامج كمبيوتر للفيروسات ,Six free mp3 ,تحويل pdf الي word ,نوع الفيديو للبرو جولد ,تحميل برنامج Passware Kit Enterprise ليش نسخة Demo ,Ares+tube ,Image banner maker ,Kmp 2007 ,تنزيل برنامج لتشغيل اناشيد mp3 ,برنامج مشاهدة القنوات الفضائية ,موقع تحميل الانتي فايروس 2010 ,تنزيل المتصفحات الجديدة ,Download free Revo Uninstaller 2.1.5.0 ,تشغيل كاميرا nokia pc suite ,Zib password remova l برنامج ,تحميل برامج تشغيل الفيديو ,تحميل برنامج عن طريق الجوال لمشاهده التلفزيون ,افلام يوتيوب للهاتف المحمول مجانا ,تسريع الانترنت ,Ares+tube ,برامج حماية من الفيروسات مجانية ,Antivir free download ,برامج نت ,كيفية التعامل مع الملفات المضغوطة ,كول اديت ,Kis 9.0.0.459 key ,برنامج الالة الحاسبة ,برنامج تغيير الأصوات للكمبيوتر من برامج نت ,برامج مشغلات الفيدبو كمبيوتر ,برنامج youtube لنوكيا 73

%d bloggers like this: