'RECYCLE' Virus, how do I get rid of it?

For some days I couldn't enter met C-drive and D-drive by just left-clicking it. Only by right-clicking and than use 'explore'. No real problems, but then I found out I got a virus.

If I plug in my mp3-player, it's root contains a map called 'RECYCLER'. Inside, there's nothing I can see..
I googled a bit and read something about this virus, and that it likes to get into removable drives, like my mp3-player.

Virus scans (I use NOD32 and the Windows Defender) don't detect/fix it, though NOD32 did found the virus once, and put it in quarantaine, but it didn't make any difference.

Can anyone explain how to get rid of this virus, without completely reinstalling my computer, or using a backup? ('system recovery' or however you call it in English doesn't work for some unexplainable reason..)

If there's anything more you want to know, just ask.

Please follow instructions exactly as given



Visit this page below to familiarize yourself to the tool below and download from one of the links provided.

A guide and tutorial on using ComboFix




If you have previously downloaded ComboFix,please delete that version now.



It is IMPORTANT that it is saved directly to your desktop

Close any open browsers.

Disconnect from the Internet.

Please do not re-connect your machine back to the Internet until Combofix has completely finished.

Disable your antivirus program and any realtime malware scanners and script blockers now


How To Disable



Double click on combofix.exe and follow the prompts.

When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Note:
Do not mouseclick combofix’s window while it's running.

That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Re-enable your anti-virus and re-connect back to the internet and post the combofix log.



*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

ComboFix SHOULD NOT be used unless requested by a forum helper.

__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

I have downloaded and saved ComboFix on my desktop.

I've read the instructions etc., but I can't quit my anti-virus program Nod32.
If I want to quit it, I have to give a password, which I don't know..
So, is there any way to quit it??
Then I can run ComboFix

You shouldn't need to provide a password to disable NOD32 (I currently use this tool on one of my PCs AND THAT STEP IS NOT NEEDED TO DISABLE NOD32). If you do not have NOD32 icon in the taskbar toolbar (clock erea), it may be necessary to run START>All Programs>NOD ... Thereafter, I right-click on the NOD icon and select 'disable' which makes the green icon red (DISABLED).



This could be the malware phishing for this COMPROMISING info:
ESET Knowledgebase -




As an alternative, probably better and safer to run 'combofix' in SAFEMODE, instead.

__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Well, all I can say, whatever function I wanna activate in Nod32 requires a password..
A box pops up, saying:

NOD32 Antivirus Security System
[_________________________] (=white box)


But if I run my computer in safe mode, I don't have to disable my anti-virus programs?? (I'm not very experienced with safe mode indeed)

That is generally the case because safemode is a minimalist use of only absolutely necessary running programs avoiding potentially conflicting resource issues with no complicating access to the Internet (generally so and mostly advisable):


A description of the Safe Mode Boot options in Windows XP

__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Well, I tried about 10-20 times, but for some reason I don't always get in the menu where I can choose to boot in safe mode.
But when I do, I can't select any option, because my keyboard doesn't seem to work... The option 'boot windows xp normally' (something like that) is highlighted, but the Enter button works neither.
So is there any way to program my computer to boot in safe mode next time I reboot my pc?

Can you borrow another keyboard to investigate this further? There are too many weird issues going on here - all classic signs of malware.



* Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
• Run the scan in SAFEMODE (tapping the F8 key on bootup), if necessary.
• If an update is found, it will download and install the latest version.
• If you encounter any problems while downloading the updates, manually download them from HERE and just double-click on mbam-rules.exe to install.
• Once the program has loaded, you can initially select the often highly productive "Perform Quick Scan", then click Scan.
  ….. AND/OR go straight to the longer but more comprehensive scan:
• It is also highly advisable to run the longer ”Full Scan” in addition to the above scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked , and click Remove Selected.
• When disinfection is completed , a log will open in Notepad and you may be prompted to Restart(See Extra Note).
• A run log is automatically saved by MBAM and can be viewed by clicking the Logs TAB in MBAM.
• Copy&Paste the entire report(s) in your next reply along with a fresh HijackThis log.
• Please post any current revised observations.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




Also, you could simply try and run 'combofix' without NOD32 disabled - and it might not interfere.



Related autorun issues are also potentially a more serious vulnerability for which MS issued an out-of-cycle patch (KB article 958644). 'Belarc Advisor' tool clearly flags this important patch if it is missing (top right header):

Belarc Advisor - Free Personal PC Audit


See for further investigation and cleanup (if needed):

Guide to cleaning and preventing Conficker
Keep the latest worm infestation off your PC

__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Sorry for late response, was bit busy these days.
But I just can't get into safe mode, while my computer is launching.. only half of the times pressing F8 get's me trough to the menu, but I'm never able to select any option. Keyboard seems broken, though it isn't. Same story with other keyboards.

So, any solutions?
And I really need some kind of a password to terminate NOD32..
That's still the big issue, I need to quit it before running CombiFix.

And what is it with Malwarebytes' Anti-Malware? What do I have to use, that or CombiFix?

Try resolving your hardware issues as follows:

• Access the 'Device Manager' and double-click all applicable entries for your keyboard.
• FOR MORE DETAILS SEE: Windows XP: How to Troubleshoot Hardware Problems with Device Manager
• Does it show that your device is working properly?
• Click the 'Driver' TAB.
• Click 'Update driver' and follow the prompts (you can click 'Roll Back Driver' if necessary).
• As a last possible step, click 'Uninstall' and reboot your PC to force it to re-find the keyboard and its related driver.
• Lastly, consider going to a repair shop if this keyboard issue still remains unresolved.

Sounds like your settings may have been protected by a password (that you or a family member may have created and possibly forgotten). If you don't know that password, you will need to contact the vendor for any possible options like reinstalling NOD32 on top of itself (likely may not work).

This is the location where the password was/is entered:

• Start>All Programs>ESET>Documentation.
• Goto: Tools>User Interface (see documentation/screen shot).
  
  
• Find 'Settings Protection' on your user screen.
• It will tell you if 'settings are password protected'.

MBAM is less complicated as an initial scan - that would be the best one to run first.




As previously stated, you could try this scan without having disabled NOD32. There might not be any serious complications from having done so.

__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.