As a virus that exploits the ‘autorun’ feature in Windows, the Recycler virus copies the Autotun.inf files onto each of your computer’s drives, regardless of whether they are permanent or removable storage such as memory sticks, USB devices, disk drives or external hard drives. It then creates a hidden folder in each active drive and executes itself whenever you insert a removable media into your system. It also modifies the registry on your permanent hard drive via a batch file, enabling itself to execute every time the system boots up.
Once your computer has been infected with the Recycler virus, it connects itself to a malicious website and downloads malicious code; this code in turn steals your personal data (usernames, bank information, credit card numbers etc.). Furthermore, you cannot remove the recycler virus by simply formatting your hard drive, since many antivirus programs may be able to detect it, but do not possess the capability to remove it.
Removing the Recycler Virus Manually
For users who are proficient enough to remove the recycler virus manually, the following procedure outlines the basic steps for its removal. However, given its stubborn nature, experts recommend the use of advanced anti-spyware software such as SpyHunter to scan your PC, as it is likely that the recycler virus may have downloaded many other malware on your system.
Step 1: Terminate Processes
- Right click on the Taskbar and select Start Task Manager
- On the Task Manager window, click on the Processes tab
- Look for CTFMON.EXE, select it and click End Process to terminate it
Step 2: Delete CTFMON.EXE
- Click on the Start Menu and type CTFMON.EXE in the search box.
- Delete the CTFMON.EXE that shows up in the search results by right-clicking the file, and clicking Delete.
Step 3: Change Hidden Files Setting
Some Autorun.inf files may be hidden, and cannot be seen unless the setting is modified in Folder Options.
- Click on Start Menu, select Control Panel
- Click on Appearance and Personalization
- Select Folder Options
- In the Folder Options window, click on the View tab
- Ensure that Show hidden files, folders, and drives is selected
- Click Apply, and OK
Step 4: Restart in Safe Mode
- Restart your computer; before the Boot screen appears, press F8 and select Safe Mode from the corresponding menu
- Now look for Autorun.inf in each of your drivesanddelete them upon detection.
Step 5: Run Registry Editor
- Click on the Start Menu, type regedit in the search box and press Enter
- In the Registry Editor, click on Edit and then click Find
- In the Find box, enter NoDriveTypeAutoRun
- Change the value of NoDriveTypeAutoRun to 03ffffff
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ActiveSetup\ Installed Components
- Look for the entry called {08B0E5C0-4FCB-11CF-AAX5-90401C608512}
- Right-click on this entry, and click Delete
Step 6: Restart the Computer and Scan
Once you have successfully completed the manual removal process, restart your computer and open Windows normally; the infection should have been permanently removed now. However, just to be on the safe side, thoroughly scan all your drives with a good antivirus software to ensure no traces of the virus remain. Furthermore, any removable devices that could have been infected must be thoroughly scanned prior to further usage to prevent another outbreak of the virus. Last but most definitely not least, it is imperative to keep your antivirus and antispyware definitions up-to-date.
