Read, how to remove a virus that converts files and folders into shortcuts... How to recover data that is lost as a result of the activity of such a virus. Have your files and folders on your USB stick or memory card become shortcuts? Is a USB flash drive or memory card displayed as a shortcut after connecting to a computer? Are you looking for a way to recover data and remove a virus that converts files and folders into shortcuts? Are you using an antivirus but your computer was infected anyway? Unfortunately, not all antiviruses can protect you from such infection.
Varieties of virus labels
Today, the most common 2 types of viruses that create shortcuts: the first create shortcuts instead of files and folders on a USB flash drive or memory card, others create shortcuts for removable drives instead of the flash drives themselves, external USB drives and memory cards.
The most common viruses are:
- Bundpil.Shortcu;
- Mal / Bundpil-LNK;
- Ramnit.CPL;
- Serviks.Shortcut;
- Troj / Agent-NXIMal / FakeAV-BW;
- Trojan.Generic.7206697 (B);
- Trojan.VBS.TTE (B);
- Trojan.VBS.TTE;
- VBS.Agent-35;
- VBS.Serviks;
- VBS / Autorun.EY worm;
- VBS / Autorun.worm.k virus;
- VBS / Canteix.AK;
- VBS / Worm.BH;
- W32.Exploit.CVE-2010_2568-1;
- W32.Trojan.Starter-2;
- W32 / Sality.AB.2;
- Win32 / Ramnit.A virus;
- Worm: VBS / Cantix.A;
A virus that converts files and folders into shortcuts
This virus duplicates your files and folders, then hides and replaces them. The virus is a combination of Trojan and worm viruses. The danger is that you launch a virus every time you want to open your file or folder. Once launched, the virus spreads itself by infecting more and more files and often installs additional malware that can steal data about passwords and credit cards stored on your computer.
A virus that converts flash drives and memory cards into shortcuts
It is a purebred Trojan virus that hides any removable devices connected to the computer and replaces them with their shortcuts. Each time you click on the shortcut, you launch the virus again, which looks for financial information on your computer and sends it to the scammers who created the virus.
What to do in case of infection
Unfortunately, not all antiviruses can detect danger in time and protect you from infection. Therefore, the best protection would be not to use the automatic launch of removable devices and not to click on the shortcuts of files, folders or drives. Be careful not to click on shortcuts that you did not create yourself. Instead of double-clicking to open the disc, click on it right mouse button and select Expand in Explorer.
Recovering data deleted by a virus
For reliable recovery of data deleted by this type of viruses, use Hetman Partition Recovery. Since the program uses low-level disk functions, it will bypass virus blocking and read all your files.
Download and install the program, then analyze the infected USB flash drive or memory card. Carry out information recovery before cleaning the media from the virus. The most reliable treatment option would be to clear the flash drive using the DiskPart command, this will delete all information on it.
Removing a virus from a memory card or USB flash drive
After recovering data from a flash drive, you can completely clear it using the DiskPart utility. Removing all files and formatting the device can leave a virus that lurks in the boot sector, partition table, or unallocated area of the disk. How to properly clean a USB flash drive, see the video.
Removing a virus from a USB flash drive using the command line
This method does not allow you to guaranteedly clean the USB flash drive from all types of viruses, but it will be able to remove the virus that creates shortcuts instead of files. You will not need to download and install third-party utilities; removal is performed using the tool built into any version of Windows.
Removing a virus from your computer
The easiest and most reliable way to clean your computer from a virus is to completely reinstall Windows and delete the system partition.
But if you are an experienced user, you can try the following method:
In this article we will show you how to quickly and easily remove virus from flash drive... One of the most widespread families of viruses is Trojans, which are written to the boot system file. autorun.inf... Files such as autorun.exe, autorun. ~ Ex, autorun.inf_ *** and other derivatives with even more dubious extensions after the dot can be a sign of their presence on the flash drive. The virus copies itself to the USB stick as soon as the USB stick is inserted into the USB port.
The principle of the virus is as follows. Once in the system, it searches for all local drives and flash drives. After that, for each found source, two files are copied - autorun.inf and autorun.exe. In turn, autoran.inf contains the following lines:
And the autorun.exe file is executable and serves to propagate the virus on possible media. In reality, the executable file.exe can be called completely differently, for example cyvvefew.exe, that is, with an incomprehensible name.
Signs of a virus infection on a flash drive or memory card
The symptoms of a Windows infection with such a virus are very diverse:
- the flash drive just won't open
- the left mouse button does not work
- in the explorer context menu instead of the name of the krakozyabra items.
- files on the flash drive may disappear
In general, do not overlook 🙂 In fact, these viruses are more harmless than those that. And you can catch them either without using an antivirus, or from someone else's infected computer.
A direct indicator that a virus is present on the flash drive is the presence of a hidden RECYCLED or RECYCLER folder. There should not be such a folder on a flash drive.
If there is such a folder, then it probably contains the executable file of the virus ***. EXE.
Removing a virus from a USB flash drive manually
It is difficult for an ordinary user to detect a virus, since the files have a system status, which means they are not displayed in the standard display of files in Windows. Enabling the display of hidden files and folders in Windows is simple. To do this, do the following:
Windows 7: Start -> Control Panel -> Folder Options -> View tab -> show hidden files, folders and drives
Windows XP: Start -> Control Panel -> Folder Options -> View tab -> show hidden files and folders
Some viruses of the Autorun family disable the ability to change this parameter. Nevertheless, if this option remains, then turn off the display and delete the specified files by searching for the word “autorun”.
Free Anti-Autorun antivirus will help you remove the virus
You can remove a virus from a flash drive simply by formatting it. Naturally, a complete system check will be necessary. Usually, such viruses do not block the computer or damage data, so their removal will not be so difficult. But there is also a more universal and simpler method.
You can use a specially designed anti-virus program called Anti-Autorun. You can find it in a search engine. Using this program, it will not be difficult to remove a virus from a USB flash drive. This antivirus is an excellent solution for monitoring and fighting autoran viruses. Hope our recommendations helped.
Comments (51)
Mery
Smart-Tronics
Mawrak
Smart-Tronics
komokppc
Ilona
Smart-Tronics
Dante
Sergey
Smart-Tronics
-
A flash drive is a portable USB storage device that has rapidly gained popularity as it allows the user to quickly record and transfer important information. The USB stick is small, so it's easy to keep it with you at all times.
If you find a problem, you do not need to rush to format all the data
However, in some cases, a flash drive can ruin the mood of the user, when once again it is necessary to write off information from it, and she "refuses" to present it. It should be understood that the whole problem lies in the virus that penetrated the USB flash drive and hopelessly infected it. To help her, to restore perfect performance, you should know how to remove a virus from a USB flash drive.
It is not difficult to recognize that a flash drive has undergone a viral attack and has been infected, because when working with it, symptoms begin to appear that have not yet been characteristic of it.
Signs of infection
In particular, a virus infection may cause the USB drive to stop opening. If the user wants to take any action by calling the context menu, the left mouse button will refuse to respond, or the context menu will open, but it will be impossible to read anything, because instead of the usual words, the user will only see some solid “hieroglyphs”.
A slightly different story may also happen, which practically provokes a shock for the user, since when opening the USB drive, the owner of the flash drive may not find a single document.
Indeed, there is a virus that penetrates the drive and brings such "trouble". However, it is important for the user to pull himself together, get acquainted with the information on how to remove a virus from a USB flash drive, and then return back all the "lost" documents. In fact, not a single file has disappeared, the virus code simply changed their status, translating them into hidden files.
Also, shortcuts that appeared on the USB flash drive instead of disappeared documents can indicate the presence of a virus infection. Experts recommend, in this case, not to panic and start frantically opening all the shortcuts, trying to detect at least some presence of important documents.
By clicking on the shortcuts, the user of the USB drive further aggravates the situation by continuing to infect the USB flash drive with virus code, since the shortcuts are directly associated with the executable malicious file.
Removing a virus from a drive
In connection with the situation that has arisen, the correct option would be to calm down, concentrate attention and direct all efforts to studying information on how to remove a virus from a USB flash drive. Moreover, there is nothing complicated in the subsequent actions, and even a beginner can remove the virus from the flash drive, and after that, successfully display the hidden files.
Removal methods
The best way to clear the virus code from your USB drive is to use a computer that has powerful protection installed. It is good if this antivirus program is a paid version, because in this case you can be sure that the antivirus databases in it will be up-to-date, in this regard, such antivirus program can easily deal with any malicious file.
With such an excellent antivirus program at your disposal, it will be quite easy to understand how to remove a virus from a USB flash drive, since the process will practically occur automatically, with only a little user participation.
The USB drive should be inserted into the USB connector, the antivirus program will immediately offer to check the drive, the user can only agree with this. The anti-virus program will perform all other actions on its own, displaying the result of its work on the screen.
The antivirus program itself will be able to remove hidden viruses. Flash drives after such cleaning will be "healthy" and efficient again.
Experienced users can manually delete a malicious file from a USB flash drive. This tactic is especially welcome when there is no computer nearby with a powerful antivirus program with updated antivirus databases.
To eliminate a malicious file manually, the user must initially display the hidden files, since the execution file is in this state.
To show hidden files, you should open the "Control Panel", go to the "Folder Options" tab, then "View", among the listed options you should find and check the "Show hidden files and folders" box. Now the user will be able to see everything that the virus tried to hide. The USB stick will contain RECYCLED and RECYCLER, if there is an exe file inside them, it should be destroyed, as it is a malicious file.
Another option for removing malicious code is the formatting process, but it should be noted that after it is completed, not only the virus and all its traces, but also all documents will disappear from the drive without a trace.
Document recovery
After successfully eliminating the malicious file, and only documents remain on the drive that are simply not visible, since they are in the status of hidden files, it is important to perform a number of simple actions that will return the documents to their usual appearance.
The easiest way is to use the file manager, which includes Total Commander.
After launching Total Commander, go to the "Configuration" tab, then "Contents of panels", and then check the box next to "Show hidden / system files".
The user will now see all their documents. At this stage, you should select them, then go to the "Files" tab, then "Change Attribute", in the dialog box that appears, uncheck the "Hidden" and "System" boxes. This completes the fight against the virus and the work on recovering documents.
So, when using a USB drive, you should be careful not to expose it to virus infection once again. However, if such an infection did happen, it is important to keep cool and calmly eliminate the malicious object, not allowing it to “run” on the USB drive for a long period of time.
A USB stick is a tidbit for viruses. There is even a separate category of "digital strains". They are aimed specifically at external drives. Trojans and worms secretly penetrate the USB flash drive, install their elements (start modules, autorun file, shortcuts) and carefully mask them, delete or damage user folders and files. They also disrupt the operation of the USB drive: they do not allow the partition and individual folders to be opened, prevent the safe removal of the device, imitate system errors (fake messages appear).
Let's consider how to clean the USB flash drive from viruses using various methods.
Method # 1: cleaning with antivirus
Disable autorun
The first step is to secure the operating system of the computer on which the check will be performed. Disable autorun in Windows. So that the virus, after connecting a USB flash drive, could not automatically start and secretly penetrate the PC's hard drive.
This procedure is performed as follows:
in Windows 7
1. Press the key combination "Win" and "R".
2. In the line of the Run panel, enter the directive - gpedit.msc.
3. Click "OK".
4. In the Group Policy Editor window, select the "Computer Configuration" section.
5. Open the "Administrative Templates" subsection.
6. Select Windows Components from the list of options.
7. Navigate to "Autorun Policies" → "Disable Autorun" options.
8. In the settings window that opens:
- by clicking the left mouse button, enable the radio button next to the "Enable" add-on;
- click the "Apply" and "OK" buttons.
in Windows 8.1
1. Right-click on the Windows icon on the taskbar.
2. Select Find from the context menu.
3. In the search box, type - autorun.
4. Click in the issue - "Enabling and disabling autorun".
5. In the "Computer and Devices" pane, go to the "AutoPlay" section.
6. In the block on the left, set the "Do not perform any actions" value in the "Removable media" and "Memory card" fields.
Advice! If you want to completely disable the autorun function, click the slider at the top of the block to Off.
USB flash drive scan
1. After disabling autorun, connect the USB flash drive to the PC.
2. Press "Win + E".
3. In the window that opens, right-click on the USB-drive icon.
4. To check the USB flash drive for viruses, select "Scan ..." in the list of options. (In this case, it is ESET Smart Security).
5. Remove all detected malicious objects.
Advice! Cleaning can be done with alternative antivirus scanners - Dr.Web CureIT !, Free Anti-Malware or Kaspersky Virus Removal Tool. Before checking, do not forget to check the box next to the flash drive in the list of partitions.
Method # 2: formatting
(deleting all data - virus and user files)
Note. This option is appropriate when there is no valuable information on the carrier, or when it is impossible to remove the virus from the flash drive by other means.
1. Make sure the AutoPlay feature is disabled on your computer. And then connect the infected media.
2. Press the "Win" and "E" keys at the same time.
3. Place the cursor over the USB stick shortcut. Press the right button. Select "Format ..." in the system menu.
4. In "Formatting ..." set the following values in the settings:
- "File system" - NTFS;
- "Cluster size" - "Standard size ...";
- "Volume label" - the name of the flash drive (optional; you can leave it unchanged);
- Formatting Methods: In the Quick box, check the box to do a shallow (quick) cleanup.
5. Click the Get Started button.
6. In the additional window, confirm the action: click "OK".
7. When the procedure is complete, in the "Formatting ..." window, click "OK" again.
8. In the settings window, click Close.
Now the flash drive is clean and ready for full use.
Method # 3: remove viruses manually
(for advanced users only)
It is advisable to use this cleaning algorithm if you want to save the maximum amount of useful data located on the infected flash drive.
1. Turn on the display of hidden files and folders in Windows:
- press "Win + E";
- in the window that appears, press "Alt";
- in the top panel open: Tools → Folder Options;
- go to the "View" tab;
- in the last paragraph of the options, enable by clicking "Show hidden files ...";
- click the "Apply" and "OK" buttons.
2. Check the autorun setting. It must be disabled (see Method # 1).
3. Connect and open the contents of the flash drive.
4. Analyze the files. The elements of the malware may look like this:
- files with the .bat extension;
- shortcuts;
- Recycler folder (a clear sign of the presence of a virus).
5. Click on each of them with the right button and view the “Object” setting in the properties (click → item in the “Properties” menu). In virus files, in the "Object", as a rule, the executable file of the "microbe" that attacked the USB drive is displayed.
6. Remove all malicious files and shortcuts, as well as the executable element of the virus to which they refer (specified in the "Object" line).
USB stick vaccination
A vaccine for a USB flash drive is a kind of software protection in the form of a special file (Autorun.inf). It prevents the virus from “settling” on the USB flash drive: it blocks its functions. It is used exclusively as a prophylactic, warning agent on "healthy" USB sticks. Created manually and using special programs. We will take a closer look at some of them.
Panda USB Vaccine
A utility from the famous antivirus company Panda. Has a volume of less than 1MB. Still very helpful. Provided free of charge on the official web resource. After the first launch of USB Vaccine in the panel, check the boxes next to "Hide tray icon ..." and "Enable NTFS ...". And then click Next. Connect the USB flash drive and in the application window click the "Vaccinate USB" button.
Autostop
Doesn't require installation. Runs in the MS-DOS console. At the request of the user, he can not only "vaccinate" the flash drive, but also disable autorun by changing the registry settings, prohibit writing data to the media.
USB Defender
An efficient GUI tool. Activates USB protection in one click (and disables it in the same way). Carefully hides the presence of the AUTORUN.INF "inoculation" on the USB stick.
Let viruses bypass your USB media!
