New
#1
RECYCLER.BIN Virus in a Third World Country
Recently, I reached out to this community who, needless to say, were fantastic in helping me (by helping, I mean you guys literally made it for me, so thank you) devise a way to autoscan USBs on installation/plugging in (link below).
Looking for general antivirus advice in a third world country
To rehash I work in a Third World Country assisting their government (mainly Police) with western infrastructure, mainly IT and other modern equipment, most/all of this comes from my government's foreign aid budget. They have no internet connection (usually).
There was a major issues a few months back where every computer I came across was riddled with viruses (record was 45 on one system) Problem fixed and the AutoScan that this community basically made for me works like a treat.
So as the community recommended I have constructed a "sheep dip" out of an old SurfacePro that functions as an AutoScan computer, plug in the USB and the BAT file/USBDeview will do the rest (basically my collogues can do that...... not much else LOL), I have apply named this system "The Virus Eliminator".
Now onto problem number 2, recovery of data on the USBs themselves. So I have grabbed a few USBs off the local guys and been running them through the scan, the scan will remove the viruses but I am still left with a USB that has had its root directory changed (RECYCLIER.BIN) so the information is way way way way down in about 15 sub folders which you will have to show hidden files and folders and show system files to reach. Some data is encrypted or, well I'm not actually sure what it is usually a file containing 300mb of gibberish files with no file extension, I opened one in notepad and it looks like script.
So Google pointed me towards the CMD lines of:
(X) being drive letter
The good old check disk with fix
ChkDsk X/f
&
attrib -h -r -s /s /d X:*.*
If I do that I can get to most of the files and start moving things back to the main directory but I am still left with about 600mb of who the DUCK knows of data that I just end up nuking because I don't know what it is or how to recover it so like an Irishman wearing two condoms I am "sure to be sure", deleting it.
I did locate a sneaky BAT file in all the garbage that the virus had put on the drive obviously I wont post it here because I might get into trouble but I am sure some expert could possibly tell me how to perhaps reverse it?
It contains 6 lines of script all starting with %comspec% 1 line pertaining to systeminfo 1 pertaining to ipconfig 1 pertaining to netstart 1 pertaining to arp -a and one pertaining to tasklist the 6th line of text is del %0
Has anyone had experience with the RECYCLIER.BIN virus? I would really like to have another BAT file that could reverse all this destruction or something simple that I can use, I am not going to be here much longer and once I leave I fear that nobody will give enough of a damn to bother trying to help these people.