resycled\ntldr.com is a computer worm that propagates on local fixed and removable USB drives. This type of threat may infect drives via autorun.inf file it created that runs a command each time the drive is accessed. Malicious files will be copied to a drives attached on infected computer. Using this technique, resycled\ntldr.com manages to spread a copy of its code to another clean PC when infected drive is attached to it.
Usually, resycled\ntldr.com drops autorun.inf file that runs the code each time that user access the drive. Core file or the main code containing malicious script is also dropped on the computer but will be rendered hidden to conceal its presence and evade antivirus programs.
This worm will attempt to take advantage of Windows’ Autorun function. Through this, drives inserted on the computer will run instantly, thus, if it is infected with resycled\ntldr.com, it runs also. When loaded, the worm will look for any devices attached to the PC and infect them as well. Same worm code and autorun.inf file will be dropped on the target device. Using the infected device on a clean PC may cause the same routine of infection.
Aside from disabling access to some files on the removable drives, resycled\ntldr.com may also damage certain files on the computer. This kind of attack may leave permanent harm on the system if not fully removed immediately.
As shown in the image above, users may see a pop-up message stating that “resycled\ntldr.com is not a valid Win32 application.”
You can also find more information on how to remove this malicious software with our virus removal guide here.
"resycled\ntldr.com is not a valid Win32 application."
A message may appear showing the message "resycled\ntldr.com is not a valid Win32 application." This may happen if your antivirus program has deleted the main file. However, it does not mean that your PC is free from risk. We highly advise running a full scan of your installed antivirus program.
Presence of autorun.inf files on root of drive.
Although autorun.inf file is sometimes set to be hidden. By setting your Folder Options to'Show hidden files, folders and drives,' you can see if the file is present on local and removable drives.
Other Functions of resycled\ntldr.com:
- resycled\ntldr.com may severely damage removable drives and devices
- The worm can steal sensitive data from the infected computer
- resycled\ntldr.com can download and execute other threats
- resycled\ntldr.com may corrupt system files on the computer
- This threat can connect to a remote server and update its files
How to Remove resycled\ntldr.com
1. Download Malwarebytes' Anti-Malware from this link and save it on your Desktop.
2. After downloading, double-click on mbam-setup.exe to install the application.
3. Follow the prompts and install as default only.
4. Before the installation completes, check on the following prompts:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
5. Click Finish. Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished click on the Show Results button.
8. Make sure that all detected threats are marked, click on Remove Selected.
9. Restart your computer.
Note: Some malware may prevent mbam-setup.exe from downloading and running. You can download and rename this program from a different computer before running it on infected system.