How to Manually Remove Recycler/Autorun Virus

A Recycler folder virus, also named as Autorun virus, is among the known types of computer viruses and is getting common day by day. It has the property to reproduce and distribute itself into the active drives including the external devices. The root directory of removable media contains a file association called Autorun.inf, which is duplicated into every drive including removable drives.

Prior to proceeding this piece for the solution, let be advised to first Scan and Fix your system’s concealed disorders which most probably is eliciting the inconsistencies:

While in connection to the internet, this virus downloads other malicious codes on your computer, which are used in stealing personal and confidential information on your computer, including your passwords. It is a rapidly growing issue around the globe, because of its characteristic to be detected but not removed by even the strong antiviruses. It is now obvious that you might not get rid of it even after formatting the drive. This is the reason we have come up with a possible solution to this delinquency.

The solution is divided into a few simple phases. First, you have to stop the Recycler virus from being operational and then delete it through your Windows Registry. A detailed practice is stated below.

Phase 1: Ending Processes

The Recycler folder virus is recreated, whenever, deleted from the local drives. This is because of its supportive process running in the background. This process is called CTF Loader and needs to shut down for a proper treatment of virus. To end this process, go to Processes tab of Task Manager by right clicking the Taskbar. If due to some reason, your mouse is not functional, press Alt + Ctrl + Del to load Task Manager or Ctrl + Shift + Esc, to directly load the Processes. Locate the process ctfmon.exe representing CTF Loader in the processes list, and click on the End Process button.

Phase 2: Remove Recycler Entries

Recycler folder virus is now endangered as its supportive process is closed. It is now proposed to remove its entries from the Windows Registry, with the help of Registry Editor. Open the Registry Editor by pressing Windows key and then typing regeditin the search box and hit Enter. When the Registry Editor opens, navigate to the path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ActiveSetup\ Installed Components’ and delete the entry located under it naming {08B0E5C0-4FCB-11CF-AAX5-90401C608512}’. Right click it and select Delete.

Phase 3: View the Hidden Objects

Most of the nasty objects hide their selves with the hidden system files. Prerequisite to the procedure of finding further malicious files, you must unhide the hidden files and folders to view the infections. Leave the Explorer open. Go the Tools menu (press Alt key to display menu bar) and select Folder options. On the View tab of Folder options locate and uncheck the items; display the contents of system folders; hide extensions for known file types; and hide protected operating system files (Recommended).

Phase 4: Deleting all Instances

This is the phase where you pinpoint and exterminate every instance of virus on your disk. This process entails to explore through your local drives, detect and delete the suspicious files that end in *.cmd and *.bat, except Autorun.bat and Command.cmd. At the same time, delete the CTF Loader’s executable file by pressing Windows key first. Then type ctfmon.exe’ and do not hit Enter. Right click the search result and click Delete.

As you have already removed the threatening elements, you need to restart your system to configure according to the changes made. Later on, taking some proactive measures to assure that your system is secure.

Phase 5: Scan for Viruses and Registry Errors

After rebooting the system do not run any programs or applications, as it can take you back to the troublesome situation. On logging on to the Windows, first thing you need to do is to run an antivirus utility to scan any viral components and then remove, if detected. Once it is obvious that the system is virus-free now, open your Registry cleaning application and run it to detect invalid and/or corrupt entries in your Windows Registry. It will take a few minutes to spot and fix these Registry errors.

5 Thoughts on “How to Manually Remove Recycler/Autorun Virus

  1. Jorge Monroy on August 13, 2014 at 9:46 pm said:

    I’m agree with this solution but let me contribute with these remarks:

    Phase 4. Please do not try to erase ctfmon.exe file, could be a sytem file (, only stop the process and let antivirus do its job in Phase 5 . If you dont want to take the risk, right click the file and select Properties, ‘Read-only’ and ‘Hide flags’ MUST BE OFF, take a look on ‘Version tab’ and if any doubt arises then overwrite it with the same version of a reliable file.

    Take care, could be many *.cmd and *.bat files not asociated with a virus but with another application. But If you find it in root directory ( C:\ , D:\ , etc …) is highly probable a virus.

    Phase 5. Finally restart Windows but in ‘Safe Mode’ and run an antivirus utility in the most aggressive mode and clean registry.

    Hope be usefull.

  2. Rai Naveed on March 15, 2015 at 8:27 am said:

    I have a recycle bin virus and i have tried following this process but when ever I open the task manager it closes and does not open at all nor does the processes open directly
    what should i do?

  3. Xandrei on May 5, 2015 at 10:41 pm said:

    I don’t see this ‘{08B0E5C0-4FCB-11CF-AAX5-90401C608512}’ under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ActiveSetup\ Installed Components’
    So I couldn’t continue.. Could it be that that registry entry has been renamed into something else?

    • Ivor on May 6, 2015 at 6:03 am said:

      Continue with the next step.

      “Could it be that that registry entry has been renamed into something else?”
      I don’t think so.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Post Navigation