Author Topic: AVAST fails to removing RECYCLER  (Read 3565 times)

Offline edu500ac

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
AVAST fails to removing RECYCLER
« on: November 04, 2009, 04:26:54 PM »
Avast fails to remove worms. It detects the RECYCLER worm, claims that it has removed it, but fails to remove. I am sure that it has permission to remove the RECYCLER fold, and everything inside it. If I go to the pendrivre, I succed to remove RECYCLER by hand, using the command:

rd /q/s RECYCLER

After this operation, the pendriver is clean, but the virus installs itself in it again, if I leave the protection in charge of AVAST; during the installation, AVAST complains a lot, but leave the worm alone. It is interesting that AVAST fails in removing the worm, and let the worm to reinstall itself. I bought two copies of AVAST professional, for two different machines. In one of them, I used Avira, that removed the culprit  worm easily. I left the virus and AVAST in one of the machines, in order to test AVAST.  By the way, I tried to send a message to AVAST support, but the link seems to be broken.  Should I forget AVAST, and switch to AVIRA? I performed a search in the Internet, and found that a lot of people makes the same complaint about AVAST. One of them suggests switching to AVIRA. I never hear about AVIRA before, but I downloaded it, and applied it to one of my machines and it worked. I kept the other machine infected, so I could test suggestions from AVAST support.


Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69200
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: AVAST fails to removing RECYCLER
« Reply #1 on: November 04, 2009, 05:12:22 PM »
If you have XP, vista or Win2k (all 32bit), you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, 'Schedule boot-time scan...' Or see http://www.digitalred.com/avast-boot-time.php.

That should be able to deal with a file in use or otherwise protected, it might also be able to find what is restoring the original, which may be hidden or undetected (also see ### below).

###
If it keeps coming back, there is likely to be an undetected or hidden element to the infection that restores or downloads the file again. What is your firewall ?

If you haven't already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

Don't worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.

Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20121
  • Gender: Male
  • malware fighter
    • Personal Message (Offline)
Re: AVAST fails to removing RECYCLER
« Reply #2 on: November 04, 2009, 05:21:50 PM »
Hi edu500ac,

This virus has been widely spread these days and it has become very common that every pen drive we use will be infected by this virus. This Recycler virus / BV:AutoRun-G[Wrm] is very annoying one and even formatting the pen drive will not remove the virus. Though antivirus software is able to identify, it cannot remove the virus completely. If you delete this manually, it will again create itself and none of the virus removal tricks could work to resolve the problem.
Download Flash Disinfector from here: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
and save on some non windows drive.
Double click on it and it will ask you to insert USB flash drive and click ok. Do so. (see attached picture)

Clicking on ok will make your desktop go blank, don’t worry, its normal.
It will fix the autorun.inf virus and you are done partially. Yes, its a partial solution, it will lock the autorun file and you will see some file created by flash disinfector. If you remove the file, the virus get re activated. May be some future update of our antivirus softwares will have complete fix for this,

so I advise you to install this USB av-software for a more enlasting protection:
To protect your computer from viruses, Trojan or malware a good antivirus solution for your USB devices is a necessary. Mx One is such a free antivirus designed to protect you external storage devices like USB stick or pen drives , iPod., mp3, mp4, M2, SD, microSD. Download: http://jayaprakashkv.blogspot.com/2008/07/download-free-usb-sticks-antivirus-mx.html   home-site for this tool: http://mxone.net/en/

Features.
+ Protection against: Virus, Trojans, Worms, Spyware (Spyware), Hacking Tools (Hacktools), Software Risk (Riskware).
+ Compatible with any antivirus resident like for example: Nod32 ™., Kaspersky ™. BitDefender ™. AVG ™., Norton ™., Panda ™. AVG ™, ™ Avast, Avira Antivir ™, among others.
+ Protection in realtime with ..
- System "CHECK AND DESTROY" detects and removes all viruses that attempt to infect your device while connected to an infected PC, even unknown viruses.
- System Protection "Guardian" protects your PC from viruses that come in infected and USB devices to connect to your computer infected no matter what if the device has Mx One Antivirus installed or not, also detects even unknown viruses.
+ Protection against unknown viruses and new variants with "Heuristic ONE" AND "GENERIC ONE"
+ You only need very small 1Mb of space available on either the PC or on removable media.
+ Completely free,


polonus


Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline edifyguy

  • Full Member
  • ***
  • Posts: 131
  • Gender: Male
  • It's not the having, it's the getting rid of......
    • Silver Dollar Business Solutions
    • Personal Message (Offline)
Re: AVAST fails to removing RECYCLER
« Reply #3 on: November 04, 2009, 07:18:16 PM »
How is that possible? Even reformatting doesn't remove it??! Where does it hide? Firmware??!

That makes no sense. Sounds fudgy.......

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now