C:\recycler\s-1-5-21-

Discussion in 'Virus Information' started by rc, Oct 16, 2009.

  1. rc

    rc Guest

    Good morning group,

    Can anyone advise me as to how to remove the recycler virus? I have
    attempted several adware/spyware scans but without any luck. I have read
    several forums suggesting editing registries and the sort. Would like to
    avoid that if possible but if not I would like guidance. thanks .
     
    rc, Oct 16, 2009
    #1
    1. Advertisements

  2. Could you be more specific?

    I have a vague answer...

    MBAM, SAS, and MSRT are all available for free.
     
    FromTheRafters, Oct 16, 2009
    #2
    1. Advertisements

  3. rc

    rc Guest

    MBAM, ADAware, Rogue Remover are the ones I have attempted to remove
    C:\Recycler\s-1-5-21-1482476501-1644491937-682003330-1013\csrxx.exe
     
    rc, Oct 16, 2009
    #3
  4. Have you tried emptying the recycle bin?

     
    FromTheRafters, Oct 16, 2009
    #4
  5. rc

    VanguardLH Guest

    So why not delete the Recycler folder and reboot to have Windows create
    a new one?

    In a command shell:
    - c: (or whatever drive you want to remove the Recycle Bin)
    - cd \
    - attrib -s -h recycler (might be called Recycled on some hosts)
    - del recycler
    Reboot.

    I don't recall if <drive:\Recycler is a reserved name. If so, you have
    to use the syntax noted in http://support.microsoft.com/kb/315226 or
    http://support.microsoft.com/kb/320081 (cause 5). If the commands above
    don't work in a command shell, reboot Windows into its Recovery Console
    mode and execute them there.
     
    VanguardLH, Oct 16, 2009
    #5
  6. From: "rc" <rc@home>

    | MBAM, ADAware, Rogue Remover are the ones I have attempted to remove
    | C:\Recycler\s-1-5-21-1482476501-1644491937-682003330-1013\csrxx.exe

    Please upload a sample to
    http://www.uploadmalware.com/
     
    David H. Lipman, Oct 17, 2009
    #6
  7. rc

    rc Guest

    That seemed to have done the trick. Thanks.

     
    rc, Oct 17, 2009
    #7
  8. What you never mentioned is how you know you had "the recycler
    virus". Can you please explain that? Thanks!
     
    The Central Scrutinizer, Oct 22, 2009
    #8
  9. rc

    rc Guest

    I looked up the error message I was receiving and that is what was reported.
     
    rc, Oct 22, 2009
    #9
  10. Very detailed... Thank you.

    Whoa.
     
    The Central Scrutinizer, Oct 23, 2009
    #10
  11. rc

    Fury17 Guest

    Every time I run CCleaner, it takes forever to remove multiple
    Dc##.mp3 files from the C:\Recycler\S-1-5-21-1... path. I tried
    exploring for the Recycler folder and it shows the folder but it is
    always empty. Should I just delete the folder? BTW I use Norton 360,
    AdAware, CCleaner and SpywareBlaster and CCleaner is the only thing
    that ever finds it.

    p.s. Another forum went on about disabling explorer.exe, open regedit,
    delete all keys, etc. - any legitimacy to this? Thanks I am new here.
     
    Fury17, Oct 25, 2009
    #11
  12. Yes much legitimacy if you actually know what you would be doing
    with all of that :)

    --
     
    The Central Scrutinizer, Oct 26, 2009
    #12
  13. I found that my version of the "Recycler Virus" starts in the Registry
    under HKEY_USERS in
    S-1-5-21-<lots of garbage>-1003_Classes (500 indicates Administrator,
    and regular users start with -1000)

    (Be SURE that you backup your registry BEFORE you start changing
    anything in there!)
    Start -> Run "regedit" then slide down to the bottom of the registry
    and click on HKEY_USERS.
    Taking a peek won't hurt anything ... But changing values can destroy
    your system!

    I think disabling Explorer and then 'hand-cleaning" the registry may
    the only way out.
    McAfee's Downloadable Scanner will not download citing a need for IE8
    as the reason - but I have IE8!
    (Possibly this product is being blocked by the malware to prevent the
    malware's removal.)
    Good luck ...
     
    Old & In The Way, Oct 30, 2009
    #13
  14. Actually if you are screwing with the registry like this, you should do
    a wipe and reinstall.


    --


    I found that my version of the "Recycler Virus" starts in the Registry
    under HKEY_USERS in
    S-1-5-21-<lots of garbage>-1003_Classes (500 indicates Administrator,
    and regular users start with -1000)

    (Be SURE that you backup your registry BEFORE you start changing
    anything in there!)
    Start -> Run "regedit" then slide down to the bottom of the registry
    and click on HKEY_USERS.
    Taking a peek won't hurt anything ... But changing values can destroy
    your system!

    I think disabling Explorer and then 'hand-cleaning" the registry may
    the only way out.
    McAfee's Downloadable Scanner will not download citing a need for IE8
    as the reason - but I have IE8!
    (Possibly this product is being blocked by the malware to prevent the
    malware's removal.)
    Good luck ...
     
    The Central Scrutinizer, Oct 31, 2009
    #14
  15. @ The Central Scrutinizer: You are exactly right!

    In fact, even a "full-format" of the disk isn't enough.

    It's in the "System Volume Information" folder, too.

    You must "DELETE THE EXISTING PARTITION(S)"
    and then create a new partition(s) on the disk drive.

    Lastly do a "FULL FORMAT" to prepare the disk drive
    for use in the system, or to reinstall Windows XP Pro
     
    OldandInTheWay, Nov 6, 2009
    #15
  16. rc

    Andy Medina Guest

    Even deleting the partition(s) of the disk isn't enough if a MBR infector is
    involved.
     
    Andy Medina, Nov 6, 2009
    #16
  17. Even replacing the entire disk storage hardware with new hardware with
    known clean software is not enough if your firmware is malicious.

    ....next...
     
    FromTheRafters, Nov 6, 2009
    #17
  18. rc

    Andy Medina Guest

    True but highly unlikely... next

     
    Andy Medina, Nov 6, 2009
    #18
  19. From: "FromTheRafters" <erratic @nomail.afraid.org>

    | Even replacing the entire disk storage hardware with new hardware with
    | known clean software is not enough if your firmware is malicious.

    | ...next...

    We don't need more of BoaterDave paranoia. You'll incite him with this crap. :)
     
    David H. Lipman, Nov 6, 2009
    #19
  20. Thanks, but at my age nothing much gets me upset when it comes t
    computers. I started programming an IBM 11/30 using FORTRAN in 1972. A
    heart at I'm "child of DEC" (PDP-11, VAX, Alpha) with an M.S. in Applie
    Mathematics. My real career was in electronic instrument design, where
    wrote lots of real-time assembler code for micro-controllers in additio
    to designing the hardware itself. I taught C++ programming at th
    University of Maryland for a few years as well in the past decade.
    I'm just a "back in the day" type windbag now. ;-)

    Thanks for the reminder about the MBR. I've had to save disks wit
    corrupted MBR's before and that's a "yawn job" for me to do. I guess
    was lucky and in this case the MBR was still pristine. I'd think tha
    repartitioning would have to caused the MBR to be rewritten for th
    bootstrap loader to be able to find the new partition, but I may b
    wrong.

    At this point I have "rebulit" my secondary system disk (I spin
    drives: two bootable systems and two for data storage in a RAID 1 array
    The primary system drive and the data can be physically disconnected t
    prevent any contagion although I'm beginning to think I may have screwe
    up enough stuff that even the malware can't run anymore! (The system i
    booting and I'm stripping it down to see what happens)

    If you guys care to gab, I'd love to know more about the side-effect
    of locating pagefiles on another drive, and how do I fix "Add/Remov
    Programs" which doesn't allow in the way of functionality anymore fo
    removing old software.

    If I could extract my Microsoft Office 2000 CD-key I'd really b
    thrilled. That seems to have been made wholly unavailable by the las
    Security Update and every key finder I've tried can't cough up what
    need.

    Joh
     
    OldandInTheWay, Nov 7, 2009
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.