Recycler malware complete removal

Hello experts
Recently one of my flash drives got infected with a malware codenamed
recycler. I have deleted, cleaned many times with the installed AV
from different computers( installed with AVG, AVAST, and Kaspersky
and even reformatted the drive. But it seems to keep on returning on
that particular flash drive.
I would like to ask is this particular malware so stubborn that it can
regenerate itself in the particular drive?
Is there a preferred way to remove it?
Would like to hear your valuable inputs?
Thanks

<bobdermot@gmail.com> wrote in message
news:3250b6f5-1b14-42ca-aab3-7ed968c283b0@y1g2000pra.googlegroups.com...
> Hello experts
> Recently one of my flash drives got infected with a malware codenamed
> recycler.

Are you sure this is malware and not just the recycle bin Windows
creates?

> I have deleted, cleaned many times with the installed AV
> from different computers( installed with AVG, AVAST, and Kaspersky
> and even reformatted the drive. But it seems to keep on returning on
> that particular flash drive.

Hmmm.

> I would like to ask is this particular malware so stubborn that it can
> regenerate itself in the particular drive?

I've never heard of it, that is why I ask if you are sure.

> Is there a preferred way to remove it?

Better would be to understand it.

> Would like to hear your valuable inputs?

Well...maybe somebody *else* will be along to help you.

> Thanks

No problem.

From: <bobdermot@gmail.com>

| Hello experts
| Recently one of my flash drives got infected with a malware codenamed
| recycler. I have deleted, cleaned many times with the installed AV
| from different computers( installed with AVG, AVAST, and Kaspersky
| and even reformatted the drive. But it seems to keep on returning on
| that particular flash drive.
| I would like to ask is this particular malware so stubborn that it can
| regenerate itself in the particular drive?
| Is there a preferred way to remove it?
| Would like to hear your valuable inputs?
| Thanks

Please check your logs. Are you sure it is not spelled; Rescycler ?

Or are you taling about a file name; recycler.exe ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

On Feb 8, 10:21*am, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
> From: <bobder...@gmail.com>

>
> Or are you taling about a file name; *recycler.exe ?
>
> --
> Davehttp://www.claymania.com/removal-trojan-adware.html
> Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp

Yes, that's it.
Is there a best way to completely remove it? TIA

From: <bobdermot@gmail.com>

>> Or are you taling about a file name; recycler.exe ?


| Yes, that's it.
| Is there a best way to completely remove it? TIA

First disable AutoPlay/AutoRun on your computer.

Then use the following Multi AV scanning tool to clean your PC and ALL removable
read/write media starting with the Trend Micro module.

Download MULTI_AV.EXE from the URL --
http://www.pctip.ch/ds/28400/28470/Multi_AV.exe
or
http://212.98.39.7/ds/28400/28470/Multi_AV.exe

http://www.pctip.ch/downloads/dl/35905.asp
or
http://212.98.39.7/downloads/dl/35905.asp

English:
http://www.raymond.cc/blog/archives/...irus-for-free/


To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.



* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

On Feb 9, 10:58*am, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
> From: <bobder...@gmail.com>
>
> >> Or are you taling about a file name; *recycler.exe ?
>
> | Yes, that's it.
> | Is there a best way to completely remove it? TIA
>
> First disable AutoPlay/AutoRun on your computer.
>
> Then use the following Multi AV scanning tool to clean your PC and ALL removable
> read/write media starting with the Trend Micro module.
>
> Download MULTI_AV.EXE from the URL --http://www.pctip.ch/ds/28400/28470/Multi_AV.exe
> orhttp://212.98.39.7/ds/28400/28470/Multi_AV.exe
>
> http://www.pctip.ch/downloads/dl/35905.asp
> orhttp://212.98.39.7/downloads/dl/35905.asp
>
> English:http://www.raymond.cc/blog/archives/...r-computer-wit...
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE togo through your
> FireWall to allow it to download the needed AV vendor related files.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in Normal Mode.
> This way all the components can be downloaded from each AV vendor's web site.
> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
>
> You can choose to go to each menu item and just download the needed filesor you can
> download the files and perform a scan in Normal Mode. Once you have downloaded the files
> needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want to run in Safe
> Mode. *It is suggested to run the scanners in both Safe Mode and NormalMode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
> file.
>
> * * * * Please report back your results ** * *
>
> --
> Davehttp://www.claymania.com/removal-trojan-adware.html
> Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp

Thanks for your input, but I was wondering why the PC is when its the
flash drive that is exhibiting the fault when its plugged into the USD
drive.
Besides not all PC where that particular USB drive is plugged
displayed that warning.
I have plugged that particular USB to PCs that was protected by ESET,
AVG, Kaspersky, Avast and only the latter displayed that notification
so it implies that Avast might be exhibiting a case of false
positives?.
It was coded like
RECYCLER\5-5-3-42-2819952290-8240758988-879315005\-366\j2gkvsq.vmx
More explanation on this would be interesting.

On Feb 10, 6:47*am, bobder...@gmail.com wrote:
> On Feb 9, 10:58*am, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
> wrote:
>
>
>
>
>
> > From: <bobder...@gmail.com>
>
> > >> Or are you taling about a file name; *recycler.exe ?
>
> > | Yes, that's it.
> > | Is there a best way to completely remove it? TIA
>
> > First disable AutoPlay/AutoRun on your computer.
>
> > Then use the following Multi AV scanning tool to clean your PC and ALL removable
> > read/write media starting with the Trend Micro module.
>
> > Download MULTI_AV.EXE from the URL --http://www.pctip.ch/ds/28400/28470/Multi_AV.exe
> > orhttp://212.98.39.7/ds/28400/28470/Multi_AV.exe
>
> >http://www.pctip.ch/downloads/dl/35905.asp
> > orhttp://212.98.39.7/downloads/dl/35905.asp
>
> > English:http://www.raymond.cc/blog/archives/...r-computer-wit...
>
> > To use this utility, perform the following...
> > Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS}
> > Choose; Unzip
> > Choose; Close
>
> > Execute; C:\AV-CLS\StartMenu.BAT
> > { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> > NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
> > FireWall to allow it to download the needed AV vendor related files.
>
> > C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> > This will bring up the initial menu of choices and should be executed in Normal Mode.
> > This way all the components can be downloaded from each AV vendor's website.
> > The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
>
> > You can choose to go to each menu item and just download the needed files or you can
> > download the files and perform a scan in Normal Mode. Once you have downloaded the files
> > needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
> > during boot] and re-run the menu again and choose which scanner you want to run in Safe
> > Mode. *It is suggested to run the scanners in both Safe Mode and Normal Mode.
>
> > When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
> > file.
>
> > * * * * Please report back your results ** * *
>
> > --
> > Davehttp://www.claymania.com/removal-trojan-adware.html
> > Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp
>
> Thanks for your input, but I was wondering why the PC is *when its the
> flash drive that is exhibiting the fault when its plugged into the USD
> drive.
> Besides not all PC where that particular USB drive is plugged
> displayed that warning.
> I have plugged that particular USB to PCs that was protected by *ESET,
> AVG, Kaspersky, Avast and only the latter displayed that notification
> so it implies that Avast might be *exhibiting a case of false
> positives?.
> It was coded like
> RECYCLER\5-5-3-42-2819952290-8240758988-879315005\-366\j2gkvsq.vmx
> More explanation on this would be interesting.- Hide quoted text -
>
> - Show quoted text -

ooops correction sorry..
(when its the
flash drive that is exhibiting the fault when its plugged into the USD
drive). I mean the USB slot of the PC.

From: <bobdermot@gmail.com>

| ooops correction sorry..
| (when its the
| flash drive that is exhibiting the fault when its plugged into the USD
| drive). I mean the USB slot of the PC.

You have an AutoRun worm. You need to scan the PC and all removable media.

I do not think this is a Flase Positive.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

<bobdermot@gmail.com> wrote:

> It was coded like
> RECYCLER\5-5-3-42-2819952290-8240758988-879315005\-366\j2gkvsq.vmx
> More explanation on this would be interesting.

Looks like you have Conficker. The file name differs in only one
letter from that described at Sans (jwgkvsq.vmx).
http://isc.sans.org/diary.html?storyid=5830

On Feb 10, 8:31*am, "Ant" <n...@home.today> wrote:
> <bobder...@gmail.com> wrote:
> > It was coded like
> > RECYCLER\5-5-3-42-2819952290-8240758988-879315005\-366\j2gkvsq.vmx
> > More explanation on this would be interesting.
>
> Looks like you have Conficker. The file name differs in only one
> letter from that described at Sans (jwgkvsq.vmx).http://isc.sans.org/diary.html?storyid=5830

Hmm, sounds like it is.....and the behavior stated in that link was
similar to it also..
How come that PC that was previously infected and was sanitized and
then the Avast Professional was reinstalled by its owner. Now as I
saw during the installation, Avast has that peculiar way of scanning
the PC during the boot up process and in so doing identified all the
present malware that was then removed manually.
When the software and virus definition was updated a complete scan was
done
to totally to identify and remove any remaining malware. Therefore
he believe and even me is convinced that his PC is completely
sanitized.
Now this particular Flash drive was used in that pc many times so it
seems it the only one that identify that its infected by that
particular recycler.exe? Meaning they have a connection I suppose....?

On Feb 10, 7:16*am, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
> From: <bobder...@gmail.com>
>
> | ooops correction sorry..
> | (when its the
> | flash drive that is exhibiting the fault when its plugged into the USD
> | *drive). I mean the USB slot of the PC.
>
> You have an AutoRun worm. *You need to scan the PC and all removable media.
>
> I do not think this is a Flase Positive.
>
> --
> Davehttp://www.claymania.com/removal-trojan-adware.html
> Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp

Hmmm....is this for all the PC installed with other antivirus except
Avast?

On Feb 10, 12:51*pm, bobder...@gmail.com wrote:
> On Feb 10, 7:16*am, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
>

I have already sorted out my issues...
I used the Kaspersky Kido removal tool from their support forum and it
really worked so fast!
Anyway thanks for everybody's your time in answering my queries..
Regards
Bob