Help
Hello,
This is my first post, driven to do it by my problems with what I have tentatively identified as "the recycler virus". This infection turns my USB external drive folders to shortcuts and prevents me from opening my saved data on these drives. I know my computer is infected, but I can't seem to get rid of it. I have tried running malwarebytes and stinger (in safe mode with hidden and super hidden files unhidden) and followed a previous bleeping computer thread to remove the virus that seemed to be successful (http://www.bleepingcomputer.com/forum/topic200165.htm) which recommended OTMoveIt3 and flash disinfector. The log from OTMoveIt3 was:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##NKI-LS-COG#Volume2
_CommentFromDesktopINI REG_SZ
_LabelFromDesktopINI REG_SZ
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##NKI-LS-COG#Volume3
_CommentFromDesktopINI REG_SZ
_LabelFromDesktopINI REG_SZ
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##nki-nas#CogNeuro$
_CommentFromDesktopINI REG_SZ
_LabelFromDesktopINI REG_SZ
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##nki-nas#nki-users#gmusacchia
_CommentFromDesktopINI REG_SZ
_LabelFromDesktopINI REG_SZ
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\_Autorun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\_Autorun\DefaultIcon
(Default) REG_SZ I:\GoFlex.ico
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04d29ee9-44d1-11e0-bf7a-a4badb027432}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04d29ee9-44d1-11e0-bf7a-a4badb027432}\shell
(Default) REG_SZ None
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04d29ee9-44d1-11e0-bf7a-a4badb027432}\shell\Autoplay
MUIVerb REG_SZ @shell32.dll,-8507
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04d29ee9-44d1-11e0-bf7a-a4badb027432}\shell\Autoplay\DropTarget
CLSID REG_SZ {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04d29ee9-44d1-11e0-bf7a-a4badb027432}\_Autorun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04d29ee9-44d1-11e0-bf7a-a4badb027432}\_Autorun\DefaultIcon
(Default) REG_SZ F:\GoFlex.ico
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{186e836c-9721-11e0-baa1-a4badb027432}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{186e836c-9721-11e0-baa1-a4badb027432}\shell
(Default) REG_SZ None
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{186e836c-9721-11e0-baa1-a4badb027432}\shell\Autoplay
MUIVerb REG_SZ @shell32.dll,-8507
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{186e836c-9721-11e0-baa1-a4badb027432}\shell\Autoplay\DropTarget
CLSID REG_SZ {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{186e836c-9721-11e0-baa1-a4badb027432}\_Autorun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{186e836c-9721-11e0-baa1-a4badb027432}\_Autorun\DefaultIcon
(Default) REG_SZ H:\shell32.dll,4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d9315f0-53b9-11e0-a58f-a4badb027432}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d9315f0-53b9-11e0-a58f-a4badb027432}\shell
(Default) REG_SZ None
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d9315f0-53b9-11e0-a58f-a4badb027432}\shell\Autoplay
MUIVerb REG_SZ @shell32.dll,-8507
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d9315f0-53b9-11e0-a58f-a4badb027432}\shell\Autoplay\DropTarget
CLSID REG_SZ {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73b392e2-6051-11e0-a89a-a4badb027432}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73b392e2-6051-11e0-a89a-a4badb027432}\shell
(Default) REG_SZ None
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73b392e2-6051-11e0-a89a-a4badb027432}\shell\Autoplay
MUIVerb REG_SZ @shell32.dll,-8507
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73b392e2-6051-11e0-a89a-a4badb027432}\shell\Autoplay\DropTarget
CLSID REG_SZ {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73b392e2-6051-11e0-a89a-a4badb027432}\_Autorun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73b392e2-6051-11e0-a89a-a4badb027432}\_Autorun\DefaultIcon
(Default) REG_SZ H:\Setup.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{773a0ba9-fbf5-11df-a8a5-a4badb027432}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{773a0ba9-fbf5-11df-a8a5-a4badb027432}\shell
(Default) REG_SZ None
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{773a0ba9-fbf5-11df-a8a5-a4badb027432}\shell\Autoplay
MUIVerb REG_SZ @shell32.dll,-8507
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{773a0ba9-fbf5-11df-a8a5-a4badb027432}\shell\Autoplay\DropTarget
CLSID REG_SZ {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{773a0ba9-fbf5-11df-a8a5-a4badb027432}\_Autorun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{773a0ba9-fbf5-11df-a8a5-a4badb027432}\_Autorun\DefaultIcon
(Default) REG_SZ I:\.\goflex.ico
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beb4df50-2b02-11e0-99f2-a4badb027432}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beb4df50-2b02-11e0-99f2-a4badb027432}\shell
(Default) REG_SZ None
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beb4df50-2b02-11e0-99f2-a4badb027432}\shell\Autoplay
MUIVerb REG_SZ @shell32.dll,-8507
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beb4df50-2b02-11e0-99f2-a4badb027432}\shell\Autoplay\DropTarget
CLSID REG_SZ {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beb4df50-2b02-11e0-99f2-a4badb027432}\_Autorun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beb4df50-2b02-11e0-99f2-a4badb027432}\_Autorun\DefaultIcon
(Default) REG_SZ I:\shell32.dll,4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3beda81-d855-11df-b946-a4badb027432}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3beda81-d855-11df-b946-a4badb027432}\shell
(Default) REG_SZ None
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3beda81-d855-11df-b946-a4badb027432}\shell\Autoplay
MUIVerb REG_SZ @shell32.dll,-8507
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3beda81-d855-11df-b946-a4badb027432}\shell\Autoplay\DropTarget
CLSID REG_SZ {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3beda81-d855-11df-b946-a4badb027432}\_Autorun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3beda81-d855-11df-b946-a4badb027432}\_Autorun\DefaultIcon
(Default) REG_SZ I:\autorun\toshiba.ico
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3beda81-d855-11df-b946-a4badb027432}\_Autorun\DefaultLabel
(Default) REG_SZ Toshiba02
Are there any recommendations for further removal tools. How can I tell when it has been removed (besides trying to plug in an external drive)? On another note, I have heard that it is best to run spyware removal in safe mode with all files unhiddeen. Why is this?
Thank you,
Gabriella
Page 1 of 1
Recycler virus
Back to top
#2
- The Coolest BC Computer
-
- Group: BC Advisor
- Posts: 22,165
- Joined: 01-February 08
- Gender:Male
- Location:Daly City, CA
Posted 07 July 2011 - 10:33 PM
Welcome aboard 
Download Security Check from HERE, and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=============================================================================
Please download MiniToolBox and run it.
Checkmark following boxes:
Click Go and post the result.
=============================================================================
Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to restart the computer.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
=============================================================================
Please download GMER from one of the following locations and save it to your desktop:
IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.
Download Security Check from HERE, and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=============================================================================
Please download MiniToolBox and run it.
Checkmark following boxes:
- Report IE Proxy Settings
- List content of Hosts
- List IP configuration
- List last 10 Event Viewer log
- List Users, Partitions and Memory size
Click Go and post the result.
=============================================================================
Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to restart the computer.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
=============================================================================
Please download GMER from one of the following locations and save it to your desktop:
- Main Mirror
This version will download a randomly named file (Recommended) - Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
- Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
- Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
- GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
- If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
- Now click the Scan button. If you see a rootkit warning window, click OK.
- When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
- Click the Copy button and paste the results into your next reply.
- Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.
Share this topic:
Page 1 of 1