$Recycle.bin

I don’t have a response of how can I delete this trojan JET. So this is what I’m doing till I find out.

http://guides.yoosecurity.com/how-to-remove-recycle-bin-virus-trojan-horse-manual-removal-instructions/

Actualizacion 30/10/2014

I’ve found a program called “Autoruns” that shows me the full list of executables on my computer. This should work for now.

http://download.sysinternals.com/files/Autoruns.zip

http://answers.microsoft.com/es-es/windows/forum/windows_8-hardware/bloc-de-notas-al-encender-ordenador/71500b57-c4ea-4f46-9607-351e30aca69e

I need to tipe this for the future me:

Future me, aparently the virus has changed his way to operate, till know we know this:

Create a folder named $Recycle.bin and one named System Volume Information, this two folders have something to be with the desktop.ini file that appers in almost all my folders…. once the main desktop.ini file was removed from privilegies  the other files come to apper in a globlal search in the C folder.

Till now I’m analazyng the data of the main desktop.ini.

After the complete defeat of this virus I tried to optimize my computer, because was running low. Withe the next 3 links I’ve got a faster computer

http://superuser.com/questions/759152/windows-8-1-update-1-disk-usage-100

http://www.thewindowsclub.com/disable-superfetch-prefetch-ssd

http://www.tomshardware.com/answers/id-2045646/windows-100-disk-usage.html

Maybe une day I will destroy that virus. But, till now he defeat me u.u

The next is to search in the regedit and in the services.msc for things that doesn’t suppose to be there.

The computer is running faster once I deactivated some programs of intel and icon trays in the services.msc

The name of the virus is e621ca05.exe, and creates a folder named $Recycler.bin, not $Recycle.bin

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s