My friend's USB drive got infected with the Recycler Virus despite being vaccinated with PANDA security software. This virus has hidden all folders in the USB drive in a subfolder named "_" (underscore, without the quotes). It also creates a bunch of "~" (tilde) or "~$" (tilde-dollar) prefixed files with sizes between 1 kB and 10 kB. The USB drive was also made almost full, with only a few MB of free space remaining. And upon scanning the drive with AVG Anti-virus, there were about 2000 plus threats found.
The first thing we should do is to show all hidden files and folders in the drive. If you're using Windows 7, then this guide by Lawrence Abrams should be helpful.
Once you can see the hidden files and folders, you can follow these steps:
- Scan, using AVG, the files you want to recover, (making sure these are threat free) and transfer these files to your hard-drive. Make sure you check the "_" folder and its subfolders for any of your files which the virus might have hidden.
- Format the USB drive
- Transfer the files you've recovered back to the USB drive.
The above steps are simple compared to manually deleting all unwanted files, since you're not sure you've deleted every infected file. But here's a list of unwanted files I've seen this virus create
- RECYCLER.exe
- "_" folder
- RECYCLER subfolder within the "_" folder
- a lot of .chk files
So another option is to delete these unwanted files and folders (again, make sure you transfer your files out of the "_" folder before deleting it, and make sure the files you are transferring are uninfected by checking them with AVG).
I hope this guide has helped you recover from a Recycler viral infection. Feel free to share your comments and thoughts on how to improve this guide. Thanks.
No comments:
Post a Comment