Question Recycle.exe

[John Manous]

So... long story. I had given a USB stick to a teacher for hw and when she gave it back it didnt include my work and i hesitated to ask to find the one thinking it wasn't somehting special. There were some files that were weird, I click on them and avg popped up saying they were viruses. I thought that it was a mistake and just let it do its job without looking it up to see if it was actually a virus. Today I wanted to use the USB stick and I find out that the file that contained my previous work was hidden and there were other files. One of them, I found out are just a backup I think and there was another one, as the title suggests, called recycle.exe. Without much thought I double-clicked the file out of curiosity and got no obvious response. When I realised I had executed an unknown file I went on to check on the web what it was and found out its a virus (or trojan? I dont really know, both terms were there). Meanwhile the screen turned grey and the mouse went loading and when I clicked there was a message saying "Nvidia+something (I didnt memorise that) has stopped working" and when I clicked "ok" it went normal. This happened twice and I then scanned the file with AVG free antivirus which ultimately quarantined the file and deleted it. Now the question is: having recieved about 5 minutes of operation, how much damage could it have caused, how can I completely delete its effects if any and how can I be totally sure of its extermination by AVG? (I am just scared that the virus will create a rookit or something that will be undetectable) Sorry for the long read. Thank you in advance. All contributions appriciated!

 

[punkncat]

Just to preface, schools commonly use various malware as anti-cheat. The university that my son goes to utilizes a tool kit that was identified as nearly 20 various virus/trojan programs. Most of them have to stay installed for him to be able to perform online school/testing and to actually have the token he needs to be online at the school. On that note I tried working with him on learning how to use a virtual machine for just school work but without being there to work some bugs we couldn't get it operational in a usable way.....

Anyway, on topic. The mentioned exe is a valid part of Steam, but in the format you saw it in likely negates that as a possibility. The other mention of it is as a trojan that allows others to see and make changes to local files. It mentions that you should be able to see it running as a process within your task manager. There are various mentions online of how to remove it and it doesn't seem to be particularly dangerous from a "once you know about it" perspective.
I would make mention to the teacher of this, as more than likely their machine is infected. I cannot imagine them using this as part of their (aforementioned) toolkit, but you never know.

 

[John Manous]

Just to preface, schools commonly use various malware as anti-cheat. The university that my son goes to utilizes a tool kit that was identified as nearly 20 various virus/trojan programs. Most of them have to stay installed for him to be able to perform online school/testing and to actually have the token he needs to be online at the school. On that note I tried working with him on learning how to use a virtual machine for just school work but without being there to work some bugs we couldn't get it operational in a usable way.....

Anyway, on topic. The mentioned exe is a valid part of Steam, but in the format you saw it in likely negates that as a possibility. The other mention of it is as a trojan that allows others to see and make changes to local files. It mentions that you should be able to see it running as a process within your task manager. There are various mentions online of how to remove it and it doesn't seem to be particularly dangerous from a "once you know about it" perspective.
I would make mention to the teacher of this, as more than likely their machine is infected. I cannot imagine them using this as part of their (aforementioned) toolkit, but you never know.

It has been 3 years since I last had a lesson with that teacher xD and it just happened that I found out about this yesterday. The computer my teacher viewed my work on was most likely her personal as I gave it to her and didnt just logged on a school pc to show it. I talked with a friend of mine who happened to have heard of it and told me to format my disc but I dont want because I will have to reinstall around 700gb of data which with my slow as a tourtoise 1gb per hour or around 300kb/s internet speed will take ages. I am just afraid that it has spawned more viruses that are invisible and will steal data such as passwords and maybe even credit card info. Furthermore I have deleted the virus according to AVG at least and I dont think the removal videos will help in any way. As far as I remember the icon of the file was pixelated in some fashion and didnt have the smoothness of win 10 icons and seemed like a win xp or previous if that is of any importance. A stupid last question: Is the virus called "RECYCLE.EXE" "RECYCLER.EXE" "RECYCLED.EXE" or "RECYCLE.BIN"? I have seen these three versions and wonder whether they are referring to the same thing. This morning I found out that there is another virus called rundll32(I dont think its the safe windows file as it was called KINGSTON16GB, the brand of the stick) in it. So I am thinking of downloading a Virual Machine to be sure of what it is. Whats on earth did my teacher do with the USB stick xD... (Fun Fact: I wanted to take that USB to another class as hw, imagine if I hadnt found the second virus on time...) One last last thing. Does using my pc make the situation worse or is it k, because I worry that it will continue spawing more viruses, I read about it in a website called 2 spyware (here is the link: https://www.2-spyware.com/file-recycled-exe.html ) "One of the most important tasks of this file is to start a parasite or launch some of its components. "
Thanks a lot by the way

 

[britechguy]

If you have a reputable antivirus, and AVG certainly is, that has scanned all involved drives and quarantined what it could not clean then you really need to stop worrying. It's done its job.

The history of how this came to be has nothing to do with whether or not the infection has been effectively remedied.

You never mention what version of Windows you're using, but if you want a "for good measure" check and you're using Windows 10, then set up an offline scan of your system drive using Windows Security. You can do a manual full scan of any data drives using Windows Security once the system comes back up again.