Any other tech-related topics
Post Reply
Posts: 150
Joined: Mon Jun 11, 2018 5:19 am


#1 Post by juverax » Sun Feb 14, 2021 11:48 am

RECYCLER (all uppercase)

Recently, approximately a week ago, I was reading a post here on the TPFC forum, that included a screenshot of the poster's file system (a USB file system or the main hard drive file system, I can't remember).
I did not have time that day to comment on the post.
On the image one could see a folder "RECYCLER" (Note that often, this folder is a "hidden folder", and the name is in uppercase).
This folder is ONE (but there are others) of the signatures of the Microsoft Windows "Conficker worm" that appeared around 2009, and there has been since then various variants.
See the Wikipedia page: ( though I know there is more to say about the virus than what is explained on the Wikipedia page).
Note that modern versions of Windows are immune to Conficker.
Conficker's propagation power is very efficient, making it very difficult to eradicate.
However, since, Conficker is a Microsoft Windows virus, it is only possible to protect (immunize) drives against the installation of malicious files and folders (and delete these folders and files when they already exist) by booting the system from a live Linux distro (my favorite one is Knoppix), and delete all the malware files and folders once you have identified them and this may depend on the variant on your machine, and as a double measure of precaution to avoid re-infection, recreate these files and folders according to the following rules:
for any malware folder, create an empty file with the same name, and for any malware file, create an empty folder with the same name.
This will prevent the worm from storing its malware code.
For all the cases that I have seen the malware folders and files reside in the root folder.
For example, your USB device should now have a file named RECYCLER in its root folder (and no extension).
This will protect your portable USB drive from Conficker, because even if Conficker is not longer active on the system you use every day (and what the malware was doing was never known), and that is the case for modern installations of Windows, you never know the level of protection on the machine you are attaching your portable USB drive (it can be one of your old computers, an XP machine, a friend's machine, a library machine, etc.): that is the "mission" of a portable USB drive!
Though it does not seem that Conficker was stealing or destroying data, as a rule a machine should be absolutely CLEAN.
The malware may still be active on the infected host (read about the Conficker DLL on the Wikipedia page), and you may not be able to clean the system yourself unless you use the Microsoft tool ... moval_Tool
Also, in cases you have no access privilege to the infected system, the only thing you can do is to protect your USB devices.
Last edited by juverax on Sun Feb 14, 2021 1:02 pm, edited 6 times in total.

User avatar
Posts: 1979
Joined: Sat Jul 31, 2010 1:19 am
Location: Helsinki, Finland


#2 Post by SYSTEM » Sun Feb 14, 2021 12:03 pm

Interesting. I actually had a RECYCLER folder in one partition in my external drive. The folder's edit timestamp was August 16, 2010. I removed it just now.
My YouTube channel | Release date of my 13th playlist: August 24, 2020

Post Reply