DOWNAD and recycler folder

I read from Trend Micro Blog about DOWNAD/Conficker. Some interesting note to highlight since recent visit to a customer place I happened to see the virus log and they were few entries with infected path detected in Recycler folder.

"In January of this year, a few security websites and media outlets reported a wave of detections of another DOWNAD variant.

This variant first sent exploit packets for a Microsoft Server Service Vulnerability to every machine on the network and to several randomly selected targets over the Internet. It then dropped a copy of itself in the Recycler folder of all available removable and network drives and created an obfuscated autorun.inf file on these drives so it can execute every time a user browsed a network folder or removable drive without actually clicking on the file. It then enumerated the available servers on the network and, using this information, gathered a list of user accounts on the machines."


What is Recycler Folder and How to remove it
A good reading material from Tech Salsa

If you have used Windows for quite some time now then you must have seen this folder called RECYCLER. But many people don’t know what this folder is and what is it doing in the drive?



What is Recycler folder?

The Recycler folder is used only on NTFS partitions and is referred to as a location where all the deleted files go after they have been deleted by the user. Now you may be wondering if it contains the deleted files then why we have the Recycle Bin.

When a file is deleted it goes to the Recycle Bin but when the Recycle Bin is emptied, the files are stored in this Recycler folder. This is the reason why we can still restore the deleted data in the Windows.

Difference between Recycle Bin and Recycler

Recycle Bin stores the file that are deleted from the computer until it is emptied completely whereas the Recycler folder contains a Recycle Bin for each user that logs on to the computer. (MS article)

Recycled Folder

This is something different than the Recycler folder as Recycled is same as Recycle Bin. That is both Recycled and Recycle Bin are just two different names for the same memory location.

How to delete Recycler Folder

Recycler is a read only folder and that is why it gave error if you tried to delete it. To view the folder, go to Tools -> Folder Options -> View tab and uncheck the option of Hide Protected operating System Files.

Now just right click on the folder, go to Properties and unselect the option of Read Only. Now it can be deleted.

Recycler Virus

There has been identified a virus with the same name that is Recycler.exe which should not be confused with the Recycler folder.