resycled\boot.com - Virus ?

**bigboy** · 19-01-2009

Some days back I tried to get in drive C: and KIS2009 popped up a message that boot.com does not have a signature with two options, I have chosen limited.
unfortunately this file behaving like a virus and KIS could not recognize that. it creates (autorun.inf,\resycled\boot.com) on any external or internal drive that is attached to my computer. I deleted them many times but it still they come up again .
please if you have a cure for this thing advice me what should I do because KIS 2009 couldn't do anything

best wishes

**Big Fish** · 19-01-2009

resycled/boot.com is a worm that propagates on local fixed and removable USB drives. resycled/boot.com may infect drives via autorun.inf file it created that runs a command each time the drive is accessed. Malicious files will be copied to a drives attached on infected computer.

How to Remove resycled/boot.com:

1. Download Malwarebytes’ Anti-Malware (mbam-setup.exe) and save it on your Desktop.
2. After downloading, double-click on mbam-setup.exe to install the application.
3. Follow the prompts and install as “default” only
4. Before the installation completes, check on the following prompts:
- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware
5. Click “Finish.” Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished click on the “Show Results”
8. Make sure that all detected threats are marked, click on Remove Selected.
9. Restart your computer.

**.:MUNDITO:.** · 19-01-2009

This is a virus. Start Windows in safe mode, then click Start -> Run. Type in regedit and click okay.

Now at the top of the registry editor, click Edit -> Find. Type boot.com and click Find Next. Every time it finds a new boot.com, press the delete key and then enter. It should find a dozen or so copies.

Now, plug in any external drives or flash drives you have used with this computer. Open My Computer. Click Tools -> Folder Options -> View and select "Show Hidden Files and Folders" and click okay.

For each drive, open it and delete the resycled folder and autorun.inf. Back up each autorun.inf before deleting them off external drives, because they might be important.

Restart the computer and the problem should be gone.

**Mr. Boo Bear** · 19-01-2009

follow this step belows
1.make sure the virus has been really removed, for that download avast antivirus for free and schedule a boot time scan. then open each drives by right clicking the drive and explore command. unhide all including system files and folders. then search for "autorun.inf" and "resycle". delete these.
2.now comes the main steps as i guess the first step has already been done by you.----open folder option>file types >drive >(open with)advanced in the actions select "new", type "open" in the first space and browse for C:/windows/exploler.exe to select as the program to execute the command (i.e open) in the next line . click ok and exit .
3. now try to open drives, it will open but in a different window. now how can we make the drive open in same window??? easy pal!

A.First Method:
1. Open Start >> Run and type regsvr32 /i shell32.dll
2. press ok
3. You will see a message DllRegisterServer and DllInstall in shell32.dll succeeded
4. that’s it

B.Second Method:1. Open Start >> Run and type regedit
2. Navigate to HKEY_CLASSES_ROOT/Directory/Shell
3. Double click the default key type none and press ok.
4. now navigate to HKEY_CLASSES_ROOT/Drive/Shell.
5. Double click the default key type none and press ok.

C.Third Method:If you don’t want to play with the registry ,you can run the following command instead at
Run Prompt: ( Open Start >> Run )

“reg add hkcr\drive\shell /ve /d none /f” (without double quotes)
and u r done.

**Janos™** · 19-01-2009

If you still need help with this please do following:

Download and install TrendMicro HijackThis
* Once installed open HijackThis by clicking Start > Programs > HijackThis and click the button labeled
Do a system scan only

* Click the scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
* Once the scan is complete the scan button will now read save log. Click this button to save the log file to your PC. Once you select where you would like to save the file it