Remove Sysdate.exe Virus

Recently my computer was infected with this virus called Sysdate.exe that was inside the Recycler folder in the C: drive. I knew that it was a virus since my PC didn’t have the Recycler folder earlier. Thus the location of the virus was C:\RECYCLER\S-1-5-21-8324555943-4443154761-431384085-6428\sysdate.exe

No one want their computer infected with a virus! It is important to be vigilant, install good anti-virus programs and protect your computer. Whether you are an IT specialist or you only ever use your computer to email and play, it is vital to make sure your computer stays safe. That way, it will function well for years to come, without any problems like these pesky viruses.

Symptoms of this virus:

•    In the Recycler folder there was another folder but in the looks of the Recycle Bin whose name was something like S-1-5-21-8324555943-4443154761-431384085-6428 and on double clicking it, I came across all the files which were there in the Recycle Bin.

•    There was an entry in the Registry Editor named Taskman that came back again and again on deleting.

•    There were no changes in the startup and task manager in my system but if there is any in yours then remove the process from startup and kill from task manager.

Note: Go to Folder Options -> View tab -> Check the option of Show hidden files and folders and uncheck the option of Hide Protected operating System Files.

Here are the steps how I removed the virus and fixed my problem.

1.    First of all to see all the contents in the Recycler folder we need to change the attributes of the folder.

2.    Open command prompt (by typing cmd in the Run box) and type

attrib C:\Recycler –r –h –s press enter.

Then again type attrib C:\Recycler\ S-1-5-21-8324555943-4443154761-431384085-6428 –r –h –s and press enter.

3.    The shape and look of the folder will change from that of Recycle Bin to a normal Folder which will now show all the contents inside it.

4.    There were two files inside the S-1-5-21-8324555943-4443154761-431384085-6428 folder, Sysdate.exe and Autorun.inf, both of which were undeletable.

5.    Now to delete Recycler, S-1-5-21-8324555943-4443154761-431384085-6428, Autorun.inf and Sysdate.exe files, first kill the explorer.exe process from the task manager.

6.    Your Explorer will shut down but Task Manager would be still running. Now go to File -> New Task. Click on Browse

7.    Go to the Recycler folder in this browse function and Shift Delete the Sysdate.exe and Autorun.inf files there, they will get easily deleted and will not come back.

8.    Then delete the Recycler folder as well.

9.    After you have done with removing the Viruses, type explorer.exe in the new task section which will bring the explorer running again.

10.    Type regedit in the Run box to open Registry Editor, navigate to HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon and delete the Taskman key in the right pane.

Refresh to see if it comes again. If it does not come again, your virus would have been removed.

11.    If your computer has more than one user then navigate to HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon and edit the Shell key on right side. Edit it to remove the C:\Recycler\ S-1-5-21-8324555943-4443154761-431384085-6428 value.

The value should be only Explorer.exe

Restart the computer to see the virus removed.

I did all the above steps on more than one PC and it worked on each of them.

18 Replies to “Remove Sysdate.exe Virus”

  1. that was really useful! it worked for me. one minor hitch was 8324555943-4443154761-431384085-6428 didn’t work for me. but then i looked at the exact number in the registry HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon wherein the number was given in the taskman key.

  2. Thanks 4 info.
    I would like to share my experience, i dont have net on my pc.so major source of viruses..& othr menaces is pen drives.
    Better listen carefully.
    Instead of opening pd directly.,open winrar & browse ur pd.i say winrar bcoz.
    1. Shows all hidden files.&foldr
    2. Win explorer executes scripts like .inf,ini.when u open it.
    For ex There r files that r not present in clean pds.
    Autorun.inf. Recycler..
    Point is.
    Browse ur pd using winrar & delete the unsual files.
    With experience you will know which one to delete or not.
    Try 2 operations..at max.
    1.view file.
    2.delete.
    3.no copying till u r confident.
    4.this method is useful,to remove those viruses in ur pd only& not present in ur pc.
    By this way u can stop viruses .cant say anything abut. Corrupted applications.again thanks!

  3. Thanks man!! Malwarebytes and NOD32 were detecting and deleting the registry value but it kept coming every time. Your method did the trick. Thanks a lot man! You’re a genius.

  4. One more thing… This maleware mostly comes from Crecks and key Generating tools…. Be careful…..

  5. Amazing. Thank you. Used this technique to remove a different trojan. For others who get this, the file in C:\recycler was YV8G67.EXE

    Had to perform all of these steps in safe mode.
    Also in safe mode, deleted files:
    c:\windows\system32\clsinde.exe
    c:\windows\system32\shelldm.exe
    c:\windows\system32\xcllsx.exe

    And deleted related registry entries for these files found:
    CURRENT USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENT VERSION\RUN

  6. Also should note that once I quit explorer.exe process, the nasty file yv8g67.exe showed as a running process so I had to kill it before deleting it.

  7. Thanks for the info. My symantec anti-virus couldn’t even catch the infection. My pc was sending out spam to unknown addresses through unknown mail servers. Though, I figured out what files and registry values are the culprits, I couldn’t have removed it without the procedure you described. Just curious though, how does this spreads – because I don’t open any suspicious emails or sites and very rarely get a virus on my PC.

  8. i found out that when explorer was running, it was sending huge amounts of data to some servers from the results of netstat -a -b frm cmd prompt. So i killed the explorer process continues to browse the web (alt+ctrl+del>task manager>new task>firefox.exe) not knowing (what virus or trojan or some malfunction it was) what to do, then on some site i found Trojan Remover 6.8.1, thought it cud be some trojan, so scanned and installed it,sysdate.exe was detected by it which my free avg wit latest updates cudnt detect and it’s a 30 day trial thought i cud give it a try (although u know where to search if u need the full version i guess 🙂 ),it (asked everytime) removed all the trojans by renaming them and deleting their referncess in registries(example sysdate.exe had a reference with winlogon.exe) to it and that s all! system restarts and trojan completely removed
    my net connection has a limited data transfer plan,other than free hrs and the connection got broken easily becoz my isp might have detected that my system had a problem which i found after doing this.Well thepoint is if u dont wanna edit all those registries u cud give this a try,but dnload the latest one

  9. Surprisingly, last night my father discovered that my computer is infected. I wanted to give my father some music that he informed me about the virus he found on the cool disc. The surprise is that we have got the very same antivirus, Bitdefender Total Security 2009, and we both keep it up-to-date.
    Dad’s Bitdefender called it “Torjan.vaklik.ax” or “Torjan.script.199675”. There was a “Recycler” folder and a file named “Tmp983.exe” in the folder. The virus also creates an “Autorun.ini” in the root folder of cool discs.
    To make a long story short, I performed a deep system scan, but my Bitdefender could not even recognize the virus. I ran “Autoruns for Windows v9.57” and “Process Explorer v11.33” to find out what was going on.
    I found that one file named “sysdate.exe” was at “C:\Recycler\S-1-5-21-2667259166-8513926043-973354194-2746” and a registry logon was created.
    I knocked the virus, Trojan or whatever it was down. The prescription goes as below:
    1-Download “Autoruns for Windows v9.57” or higher
    2-Type “cmd” in the Run box and type “attrib C:\Recycler –r –h –s” and press enter
    3-Type “cmd” in the Run box and type “attrib C:\Recycler\S-1-5-21-2667259166-8513926043-973354194-2746 –r –h –s” and press enter
    4-Run “Autoruns for Windows”
    5-Open task manager and end “explorer.exe” process
    6-As you end the process, “sysdate.exe” which was not active starts it activity. If you end the “sysdate.exe” it runs itself again. Then you need to delete the registry key with “Autoruns for Windows” and now end the “sysdate.exe” process.
    7-Open “file–>new task” from the menu bar up there and choose “browse” and delete the “C:\Recycler\S-1-5-21-2667259166-8513926043-973354194-2746\sysdate.exe” and then the whole “C:\Recycler”
    8-Open “file–>new task” from the menu bar up there again and run “explore.exe”
    9-Over.

  10. I have a slightly different problem. The Taskman.exe file does not appear within the Recycler folder. After deleting Recycler per your steps, I went on to try and find Taskman under the HKLM/…etc but could not find Taskman in the right pane. Instead, I found it under the C:/WINNT folder. But the Taskman.exe kept re-appearing when I try deleting it. Each time it re-appears, the Recycler is re-created.How can I delete Taskman permanently? Thanks for your help.

  11. really really wonderfull, you are amazing, i catch the virus and scanned it with casper& AVG& Avira &norton with the latest versions but those STUPID programs tell nothing, imagin that..
    you as a regular user now the virus, and now where it is , then you guid your fool antivirus to it and then you said come on little boy here it is catch it but …..
    what can we say about those Companies?
    AVG< KasperSky..etc..
    what their engeneers are doing??
    any way thank you very very very very very much.

Leave a Reply