Menu
homeiOS

Removing a virus from a flash drive. How to remove a virus that creates shortcuts to files and folders on a flash drive, memory card or USB drive

Modern antiviruses have already learned to block autorun.inf, which launches a virus when a flash drive is opened.
A new type of virus of the same family has been walking around the network and from flash drive to flash drive for quite some time, simply another Trojan. Infection with them can be immediately detected with the naked eye without any antiviruses; the main sign is this all folders on the flash drive turned into shortcuts.

If there are very important files on the flash drive, the first thing you will do is rush to open all the folders (shortcuts) one by one to make sure the files are present - This is not worth doing at all!

The problem is that these shortcuts contain two commands, the first is to launch and install the virus on the PC, the second is to open your precious folder.

We will clean the flash drive from such viruses step by step.

Step 1: Show hidden files and folders.

If you have Windows XP, then go to the path: “Start-My Computer-Tools Menu-Folder Options-View Tab”:

On the “View” tab, find two parameters and execute:

  1. Hide protected system files (recommended) - uncheck the box
  2. Show hidden files and folders - select the switch.

If you have Windows 7, you need to go a slightly different path: “Start-Control Panel-Appearance and Personalization-Folder Options-View Tab”.


You need the same options and need to enable them in the same way. Now your folders on the flash drive will be visible, but they will be transparent.

Step 2. Cleaning the flash drive from viruses.

An infected flash drive looks like the image below:


In order not to delete all files from the flash drive, you can see what any of the shortcuts launches (usually they launch the same file on the same flash drive). To do this, you need to look at the properties of the shortcut, there you will find a double launch - the first opens your folder, and the second launches the virus:

We are interested in the “Object” string. It is quite long, but it is easy to find the path to the virus in it, most often it is something like 118920.exe in the Recycle folder on the flash drive itself. In my case, the double run line looked like this:

%windir%\system32\cmd.exe /c “start %cd%RECYCLER\6dc09d8d.exe &&%windir%\explorer.exe %cd%support

Here is the same path: RECYCLER\6dc09d8d.exe- a folder on a flash drive and a virus in it.
We delete it along with the folder - now clicking on the shortcut is not dangerous ( if you haven't run it before).

Step 3. Restore the previous appearance of folders.

1. Delete all the shortcuts to our folders - they are not needed.
2. Our folders are transparent - this means that the downloader virus has marked them as system and hidden. You cannot simply disable these attributes, so you need to use the attributes reset via the command line.

There are 2 ways for this:

Open “Start” - “Run” - Enter the CMD command - press ENTER. A black command line window will open in which you need to enter the following commands:

  • cd /d f:\ press ENTER, where f:\ is the letter of our flash drive (may differ from the example)
  • attrib -s -h /d /s press ENTER - this command will reset the attributes and the folders will become visible.

1. Create a text file on a flash drive.

2. Write a command attrib -s -h /d /s into it, rename the file to 1.bat and run it.

3. If you are unable to create such a file, you can download mine: .

If there are a lot of files, it may take time to execute the command, sometimes up to 10 minutes!

4. After this, you can return to the first step and restore the previous appearance of the folders, that is, hide system hidden files.

How to check if your PC is a virus carrier?

If you suspect that it is your PC that is spreading this virus across flash drives, you can view the list of processes in the task manager. To do this, press CTRL+ALT+DEL and look for a process with a name similar to FS..USB..., instead of dots - some letters or numbers.

The source of this process is not removed by AviraAntivir, DrWeb CureIT, or Kaspersky Removal Tool.

I personally removed it with F-Secure with a trial version, but it is hidden in the form of a driver and you can find it using the utility Autoruns.

If you delete a virus from a flash drive, and the folders become shortcuts again?

I’ll say right away that I never had such a situation. I don’t know exactly how to treat it. I see three ways out of the situation:

  • we demolish Windows (1.5-2 hours, the fastest way);
  • install F-Security, Kaspersky, Dr.Web (trial versions) one by one and scan the computer with “full scans” until we find a virus (usually 3-4 hours, depending on the power of the PC and the number of files);
  • burn DrWeb LiveCD to a disk or flash drive, boot from it and study the computer.
  • F-Secure Online Scanner (will ask you to run the Java module, you must agree)

You can download trial versions of these antiviruses for 1 month, update their databases and check your PC using them.

It seems like that’s it, contact me - I’ll always answer, sometimes with a delay.

“I can add that there are also viruses such as Sality (Sector XX - where XX numbers like 05, 15, 11, 12 are modifications, it is not clear who creates them) corrupts executable exe files... with such viruses I have invented my own way of fighting using the same Dr.Web CureIt! having in hand a WinXPE system recorded on a 700 meter CD-R... loading the system from disk and using not hard memory, but RAM.

Works great. The disk inserted loading from the disk, turned on, put in a flash drive with a pre-recorded “FRESH” CureIt!... and voila.. I ran the entire hard drive for the presence of muck. What’s most interesting is that during this process, as with the Life CD from the Web, the viruses “sleep”, i.e. The system is not loaded, and it’s somehow more convenient with the operating system.


In this article we will tell you how quickly and easily remove virus from flash drive. One of the most common families of viruses are Trojans, which are written to the boot system file autorun.inf. A sign of their presence on a flash drive can be files like autorun.exe, autorun.~ex, autorun.inf_ *** and other derivatives with even more dubious extensions after the dot. The virus copies itself to the flash drive as soon as the flash drive is inserted into the USB connector.


The principle of operation of the virus is as follows. Once in the system, it searches for all local disks and flash drives. After this, two files are copied to each source found - autorun.inf and autorun.exe. In turn, autoran.inf contains the following lines:

And the autorun.exe file is executable and serves to reproduce the virus on possible media. In reality, the executable file.exe can be called completely differently, for example cyvvefew.exe, that is, with an incomprehensible name.


Signs that a flash drive or memory card is infected with a virus

The symptoms of Windows infection by such a virus are very varied:

  • The flash drive just won't open
  • left mouse button doesn't work
  • in the context menu of the explorer, instead of the names of the items, krakozyabry.
  • files on the flash drive may disappear

In general, do not overlook. In fact, these viruses are more harmless than those that . And you can catch them either without using an antivirus, or from someone else’s infected computer.

A direct indication that there is a virus on the flash drive is the presence of a hidden RECYCLED or RECYCLER folder. There should not be such a folder on a flash drive.

If such a folder exists, then it probably contains the executable file of the virus ***.EXE.


Removing a virus from a flash drive manually

It is difficult for an ordinary user to detect a virus, since the files have system status, which means they are not displayed in the standard display of files in Windows. Enabling the display of hidden files and folders in Windows is easy. To do this we do the following:

Windows 7: Start -> Control Panel -> Folder Options -> View tab -> show hidden files, folders and drives
Windows XP: Start -> Control Panel -> Folder Options -> View tab -> show hidden files and folders

Some Autorun viruses disable the ability to change this parameter. However, if this option remains, then turn on display and delete the specified files by searching for the word “autorun”.

Free antivirus Anti-Autorun will help remove the virus

You can remove a virus from a flash drive simply by formatting it. Naturally, a full system check will be necessary. Typically, such viruses do not block your computer or corrupt data, so removing them will not be so difficult. But there is a more universal and simpler method.

You can use a special antivirus program called Anti-Autorun. You can find it in a search engine. Using this program, removing a virus from a flash drive will not be difficult. This antivirus is an excellent solution for monitoring and fighting autorun viruses. We hope our recommendations helped.

Perhaps only those who practically never use a USB drive have not encountered such a problem as viruses on a flash drive. Many users know that no matter how hard you try to prevent this problem, sooner or later it appears, and usually quite unexpectedly. Malicious programs can not only damage files that are on the flash drive itself, but also transfer to your computer, in which case the damage can be much greater. Therefore, if you find a virus on a flash drive, do not forget to check. Let's try to figure out how to clean a flash drive from viruses without deleting files in order to perform the operation as quickly and efficiently as possible.

Main signs of infection

Almost the most common malware is the Trojan. It is usually written to the system boot file autorun.inf. The presence of a virus of this type can be indicated by the presence of files such as autorun.exe, etc. on a flash drive.

In addition, the following signs may indicate that a USB drive is infected:

  • The files that are on the flash drive disappear somewhere by themselves,
  • Flash drive won't open
  • Nothing happens when I click the left mouse button.
  • The Recycler folder appears, possibly hidden,
  • It is not possible to safely remove the device, a message constantly appears indicating that it is busy,
  • When starting work, an error window, etc. opens.

Viruses can appear for various reasons. Typically this is to use it on an infected computer. It is also possible that the malware “attacked” your USB drive because you do not use antivirus software. Nowadays the software market offers a huge selection of different .

Virus removal methods

Now let's see how to fix this situation. In order to get rid of the virus, you will need to connect the infected flash drive to a computer with a good antivirus. Then there are several options for the development of events.

A virus that gets onto a flash drive writes a specific file to it, which is activated when it starts. As a rule, antivirus programs neutralize it, as a result of which the flash drive does not open. It follows from this that you need to treat the USB drive without opening it on the computer.

Perhaps the simplest of them is to format the device. However, you will need to do a similar procedure before the flash card is opened, otherwise there is a risk of infecting the entire computer. To do this, you must first disable Autorun. Then we click My Computer and right-click on the device name. In the menu that appears, click Format. But it is worth remembering that in this case all information will be lost from the drive, which is not always desirable. In this case, you can use other methods. You should also understand that after formatting it is not always possible to completely restore all the data, but it is still possible. Read this about how to recover data after formatting.

For example, using antivirus software. After you connect the flash drive to the computer, depending on the settings, the antivirus can independently find new equipment and offer to scan it. If this does not happen, then you will have to start scanning manually. To do this, go to My Computer. Here, right-click on the flash card icon. In the drop-down menu, you need to select Scan selected files using..., then click the name of your antivirus program.

There are some utilities that allow you to clean your flash drive from viruses online. Typically, they do not replace the main antivirus program, but only complement it. When checking, there are two options for developing actions. The program either immediately removes viruses, or each time asks the user which command to execute: “Create” or “Delete”.

You can get rid of malware using antiviruses. However, the best option is to minimize the possibility of a virus getting onto the flash drive. To do this, you should use the USB drive less often on unfamiliar computers that may be infected or do not have an antivirus program installed.

A flash drive is a portable USB storage device that has rapidly gained popularity because it allows the user to quickly record and transfer important information. The USB drive is small in size, so it is easy to keep it with you at all times.

If a problem is detected, there is no need to rush to format all data

However, in some cases, a flash drive can spoil the user’s mood when once again it is necessary to write off information from it, and she “refuses” to provide it. It should be understood that the whole problem lies in a virus that penetrated the flash drive and hopelessly infected it. To help it restore its perfect performance, you should know how to remove a virus from a flash drive.

It is not at all difficult to recognize that a flash drive has been subjected to a virus attack and has been infected, since when working with it, signs begin to appear that have not previously been characteristic of it.

Signs of infection

In particular, if a virus infection occurs, the USB drive may stop opening. If the user wants to take any action by calling up the context menu, the left mouse button will refuse to respond, or the context menu will open, but it will be impossible to read anything, since instead of the usual words, the user will see only some solid “hieroglyphs”.

A slightly different story may also happen, which almost provokes a shock in the user, since when opening a USB drive, the owner of the flash drive may not find a single document.

Indeed, there is a virus that, penetrating the drive, brings such “trouble.” However, it is important for the user to pull himself together, read the information on how to remove a virus from a flash drive, and then return all “lost” documents. In reality, not a single file disappeared; the virus code simply changed their status, turning them into hidden files.

Labels that appear on the flash drive instead of missing documents can also indicate the presence of a virus infection. In this case, experts recommend not to panic and not start frantically opening all the shortcuts, trying to detect at least some presence of important documents.

By clicking on the shortcuts, the user of the USB drive makes the situation even worse by continuing to infect the flash drive with virus code, since the shortcuts are directly linked to the malicious executable file.

Removing a virus from a drive

In connection with the situation that has arisen, the right option would be to calm down, concentrate, and direct all efforts to studying information on how to remove a virus from a flash drive. Moreover, there is nothing complicated in the subsequent steps, and even a beginner can remove a virus from a flash drive, and then successfully display hidden files.

Removal methods

To clean a USB drive from virus code, it is best to use a computer that has powerful protection installed. It is good if this antivirus program is a paid version, because in this case you can be sure that the antivirus databases in it will be up to date, and therefore such an antivirus program can easily deal with any malicious file.

Having such an excellent antivirus program at your disposal, it will be absolutely simple to understand how to remove a virus from a flash drive, since the process will practically occur automatically, with only a little user participation.

The USB drive should be inserted into the USB connector, the antivirus program will immediately prompt you to check the drive, the user can only agree with this. The antivirus program will perform all other actions independently, displaying the result of its work on the screen.

The antivirus program itself will be able to remove hidden viruses. After such cleaning, flash drives will be “healthy” and operational again.

Experienced users can remove a malicious file from a flash drive manually. This tactic is especially welcome when there is no nearby computer with a powerful antivirus program with updated antivirus databases.

To manually eliminate a malicious file, the user must initially display hidden files, since the execution file is in this status.

To show hidden files, you should open the “Control Panel”, go to the “Folder Options” tab, then “View”, among the listed options you should find and check the box for “Show hidden files and folders”. Now the user will be able to see everything that the virus tried to hide. The USB drive will contain RECYCLED and RECYCLER, if there is a file with the exe extension inside, it should be destroyed, since it is a malicious file.

Another option for removing malicious code is the formatting process, but it should be noted that after its completion, not only the virus and all its traces, but also all documents will disappear from the drive without a trace.

Document recovery

After you have successfully eliminated a malicious file, and only documents remain on the drive that are simply not visible because they are in the status of hidden files, it is important to perform a number of simple steps that will allow you to return the documents to their usual appearance.

The easiest way is to use a file manager, which includes Total Commander.

Having launched Total Commander, go to the “Configuration” tab, then “Panel Contents”, and then check the box next to “Show hidden/system files”.

Now the user will see all his documents. At this stage, you should select them, then go to the “Files” tab, then “Change Attribute”, and in the dialog box that appears, uncheck the “Hidden” and “System” boxes. This concludes the fight against the virus and the work of restoring documents.

So, when using a USB drive, you should be careful and not expose it to virus infection again. However, if such an infection does occur, it is important to remain calm and calmly eliminate the malicious object, not allowing it to “manage” the USB drive for a long period of time.