GopherOne 07-19-2012 01:32 PM

Recycler Virus
I am attempting to follow the steps in the SysChat removal of the Recycler virus. Step 3 calls for disabling folders and files using a command prompt. It has been many years since I have keyed any commands at a command prompt, so I am not sure how to disable folders and files in the Safe Mode. I tried a few times on my own, but nothing worked. I also need a clarification for Step 4. I am supposed to modify the “NoDriveTypeAutoRun”entries which have the “03fffffff”value in a couple of Registry folders, but there is no instruction of what the modification should be. Would any change accomplish the goal of disrupting the operation of the virus, or is there a specific change that must be entered? Thank you.

mhookem 07-19-2012 04:49 PM

I've just found this post and had a look at the post on syschat.
It's the first time I've seen the post and it's nearly 10pm where I am.
So if you can hang on until tomorrow morning GMT I'll take a proper look and help you out.
In the meantime, unless you've got experience with dealing with the registry and the risks involved, leave it until I get back to you.
Thankyou and goodnight!


GopherOne 07-19-2012 05:27 PM

Recycler Virus

Thank you for your message. I look forward to your advice tomorrow.


mhookem 07-20-2012 06:31 AM

Removing The Recycler Virus
To change the file attributes from hidden or read-only. At the command prompt: type attrib -r -a -s -h *.* and press enter. This will remove the read-only, archive, system, and hidden attributes from all files.
Follow the rest of the instructions in the tutorial. Just double check the registry entries before you complete the following instructions. You need to change the registry entry value to what it states in the tutorial: 03ffffff


GopherOne 07-20-2012 10:40 AM

Recycler virus

I still do not completely understand. According to the KarlM virus removal instructions, I must disable the hidden folders, system folders and read only attributes associated with [autorun.inf]. In your response I did not recognize any step to accomplish the disabling, nor did I recognize the modifications that should be made to the registry. I am rather inexperienced in working with the registry, so I want to be confident I understand what I need to do before I make any changes. Thank you. Vern

PS. When you referred to "the tutorial", were you referring to the KarlM instructions for virus removal, or something else?

mhookem 07-20-2012 12:20 PM

When you boot into safe mode and open up the command prompt, push the windows start button hold it down and then push the 'r' key.
This will open up the run window. Type in cmd and push enter to open up the command prompt.
Once you have. Type in the exact command that I posted.
This is what will change the permissions of your files and folders.
Open the run window again and type in regedt32.
This is going to open up the windows registry.
Carry out a search for the entries stated earlier in the tutorial ( the post you've been following).
If you have access to the internet via another computer let me know when you get this far.
Have you ever edited a registry entry before?

GopherOne 07-20-2012 12:38 PM

Recycler virus
I know changing the registry is risky for those without such training, so I have avoided it. I don't recall changing it in the past. Thank you for the more detailed instructions. I do have a laptop that I could use for access to the internet. I will have to be away for about three hours, but I should be back by about 1900 GMT. If that's too late, let me know and I can arrange for another time tomorrow or Monday.

mhookem 07-20-2012 12:57 PM

Yeah I'll be around. I'll keep an eye on this thread

mhookem 07-20-2012 02:17 PM

Ok hold on. I see what you mean. The instructions in the tutorial aren't very clear.
Hold on and I'll post instructions that are easier to follow. I'll try and get it done tonight.
It'll be in easier to follow steps and take you through every move.

GopherOne 07-20-2012 03:10 PM

Recycler virus
Martin, I'm back on line now. I am using a laptop, so I should be able to key in my desktop. I just read your last message. Do you want me to stand by, or should we convene at another time? Vern

