The Recycler Virus gets its name from the fact that one of the first warning signs you may have a problem is a system message stating, ‘Recycler.exe has  encountered a problem and needs to be closed'. This virus takes advantage of the Windows autorun feature to spread from one disk to another. The typical infection route for spreading this virus is USB devices such as removable hard drives and USB sticks.  When a user inserts a USB device into the computer the autorun feature kicks in and rewrites your autorun.inf file, copies the Recycler.exe program to the device, and hides the folders it is in.  The end result is hijacking your web browser to redirect it to sites with other malicious software on them. Once installed, it opens a backdoor into your computer in attempts to steal your personal data.

To attempt manual removal of this ugly virus:

•    Open the drive letter using command prompt
•    Show all hidden and system files
•    Look for and delete the Application with a Folder icon
•    Search for any other newly created files you know you didn't create and delete them
•    Run a full system scan

The most important first step when working with the Recycler Virus is not to double-click, or right-click open, on the drive you suspect as being infected with the virus. Instead, open a command prompt (Start, Run, cmd, enter) and type CD (drive letter:), for example cd e: for the E drive.


To show all hidden and system files type attrib -r -a -s -h *.* and press enter. This will remove the read-only, archive, system, and hidden attributes from all files.

If you are still using the command prompt, type dir, to list the directory contents. This will display all files, including the viral payload. It is recommended; however, to use Windows Explorer to view the files. Remember not to double-click or right-click the drive to access the files. Rather, open My Computer (or Computer) and click the Folders button at the top to show the tree structure. Highlight the drive containing the viral files. Make sure you are viewing using the Details view by clicking on the button next to Folders and choosing Details.

You should now see the previously hidden virus files. Specifically, autorun.inf and perhaps something with a folder icon called system. The interesting thing to note is that the item which appears to be a folder is actually listed as being an Application when you look under the Type column. Delete both of these files (autorun.inf and system).

Sort by Date Modified and look at the newest files. Delete any that look suspicious and any you know you didn't create yourself. Remember to look for fake folder files that say application under the Type column!

The final step is to run a full system scan with an antivirus and antispyware application to ensure all traces of the recycle virus have been wiped out.


Thanks For Reading.