USB flash drive shortcut virus

How to remove viruses in USB flash drives

Hackers often develop computer viruses and other malicious software that have creative ways of spreading from computer to computer. One particular method of propagation is via USB flash drives. Although computer users are increasingly making good use of cloud storage and other online services, some users still prefer the good ol’ USB devices for file transfers. Viruses that exploit this behavior will therefore continue to pose problems.

How USB viruses work

If a virus ever lays its hands on your USB flash drive, its modus operandi is probably one of these two: either using Windows’ AutoPlay feature to automatically execute a malicious script or leaving a shortcut file that runs the script. The virus uses the latter method to sort of hold the flash drive files hostage. The unknowing user is left with no choice but to use the shortcut to get access to the files, but that also activates the malicious script.

How to remove viruses in USB flash drives

Plug the infected device into a clean Windows computer. But before that, make sure the computer’s AutoPlay setting is disabled lest it automatically executes the malicious code.

Open your anti-virus software, and let it scan the drive. Don’t have security software? A good choice is Malwarebytes Anti-Malware.

If your anti-virus software fails to find and clean the infection, you’ll have to do it yourself. Open File Explorer and navigate to the infected drive. It’s best that you single left-click the drive in the left navigation pane instead of right-clicking or double-clicking the drive in My Computer (or This PC in Windows 8). Doing the latter two could execute the malicious script.

When you’re now inside the drive, you should now see the single shortcut (or in other cases, some unfamiliar EXE files). Don’t be tempted to click it; delete it instead. If you also find an autorun.inf file, delete it as well. Proceed to the Folder Options dialog box, and enable the setting to view hidden files. While the dialog box is still open, uncheck the Hide protected operating system files (Recommended) option. Ignore the warning by clicking Yes. Click OK.

Folder Options - how to show protected, hidden system files

You should now see your “lost” files. Or, you might find a new item in the drive—a grayed out folder with no file name. When you enter this folder, you’ll probably find your files as well as some new, unfamiliar additions. These unfamiliar files typically have random, indistinguishable file names and may have “.pif”, “.exe”, or “.cmd” filename extensions. These are mostly likely the viruses. Delete them.

How to recover hidden files in the USB

Because the malware develop isn’t probably a total jerk, he may have designed his malware to leave your files intact and only made them hidden from view. If you followed the instructions from the previous section, then you should be seeing your files at this point.

If you’re familiar with the File Properties dialog box, you probably will want to uncheck the Hidden attribute checkbox to unhide your files. But since your files are hidden on a system level, this won’t work.

You need to run an elevated/administrator command prompt, by pressing Start, typing “cmd” in the search box and pressing Ctrl+Shift+Enter. Click Yes in the User Account Control dialog box if it appears.

Enter the following ATTRIB command in the command prompt:

ATTRIB -r -a -s -h -i F: /s /d

Do NOT press Enter yet when you’re done typing the ATTRIB line in the command prompt! First, change “F” to whatever letter is assigned to your infected USB flash drive.

ATTRIB command in elevated administrator command prompt

When you press Enter, the command may take a while to finish. When it’s done, you should now be able to see all your files normally, even if you disable the settings to view hidden files and system files.

This guide is pretty much useless if you plug the USB flash drive back into an infected computer. Doing so not only re-infects the flash drive but also re-hide the files, which means you’ll have to repeat the steps above to clean the flash drive and unhide the files. Run a full system scan on the infected computer using an anti-malware program.

If the malware developer is indeed a total jerk and has designed its malware to delete your files, forget doing the steps above. You’ll have to rely on data recovery software to get back your files.

How to protect your computer from USB viruses

We’re repeating ourselves here: go install a reputable and effective anti-virus! It’s as simple as that.

Leave a Reply