You are on page 1of 3

Use a batch file (Example.

bat) to change it from to a non hidden and a non read


only file. It will convert it to a deletable folder and delete it. Do not delete the
Autorun file because I found that the virus changed one of my documents to the
autorun.

@Echo off

ATTRIB -S -A -H -R

Pause

Then if no errors come up after running the batch right click on RECYCLER folder
and click delete.

Make sure the Batch is in the drive not the subdirectry.

(Example) - DriveLeter>Example.bat

Hope this helps : )

Please note that the following advice if taken will absolve me from any
responsibility. I am only reporting what I did to get rid of the virus installed on my
hard drive.

1. You should be able to see your root drive root drive which is c: or d: etc.
2. Ensure that you are able to see hidden files by going to Tool>Folder Option>view
and checking off hidden files.

3. System Volume Information and Recycler should be visible in your root drive (c:
d: or whatever drive you use)

4. Right Click on Recycler folder and go to Properties.

5. Go to the tab labeled Security, If your user name is not there then add your
username that you use for XP . Give yourself all security rights as well as the
SYSTEM user. Then press okay. If you cannot see the security tab and you are using
XP professional then go to Tool>Folder Option>View uncheck box "Use simple File
sharing" then select Apply.

6. Right Click on System volume information folder and go to Properties. Repeat


step 5.

7. Go to the garbage icon on the desktop and right click. Choose properties then
check the box " Do not move files to the recycle bin. Remove files immediately
when deleted." Press Apply.

8. Go back to the root drive and delete Recycler folder.

9. Go to the System Information folder and delete the last folder. These folders are
where Xp has taken a snapshot of your system in order to restore it. The virus is
hiding here in the event that you restore it is also restored.

10. You should now open the registry editor and remove the virus from here so that
when you restart the virus is not recreated.

11. Open the registry editor. Start >Run> then type regedit in the box and select
OK The registry will now open.
12. Hit Ctrl+F Type Recycler in the search box . Delete the entry when found. press
F3 to find the next occurrance of Recycler and delete.

13. Close regedit.

14. Go to all installed harddrives and so steps 2- steps 6, steps 8 and steps 9.

15. Run your virus software. You should be able to update any virus software that
was previously unupdatable.

16. Reboot your computer

17. Verify that that the reycler folder is deleted from you root drive.

18. Then you can uncheck the box in the garbage that you checked in step 7. To
keep all you deleted files in case you need to restore a file that was accidentally
deleted.

My findings: This virus is recreated using the methods of the garbage bin. Everytime
you delete a file it recreates itself because it looks in the garbage and restores or
copies the virus information inside. If the virus is not able to be stored inside and is
immediately removed when you check the box in step 7. Then it cannot recreate
itself and all of its power is lost. So erasing it from the registry and drive ensures
that it cannot return.