Shortcut Virus Infection In Thumb Drive

Thursday, April 07, 2011

So far, the “shortcut” virus infection in thumb drive is the most famous problem I had faced in my workplace. When this virus infect your thumb drive, it will hide your files and then create the shortcut icons that represent the files being hide. Look the picture below to ease your understanding about what I am talking about

Capture 


Solution

  1. First of all, you must update an antivirus program in your computer until it get the latest definition update’s files.

  2. Next, impale your thumb drive into your computer’s USB port –-> scan it using the updated antivirus program –-> delete any infected files detected by the program  

    Capture

  3. Double click your thumb drive’s icon to open its contents –-> delete all shortcut icons that represent the files being hide.

    Note:
    In order to ease you to delete the icons, you can sort the contents of your thumb drive based on group. Look the picture below

    Capture 

  4. Press Capture_thumb[13]  to open the Run dialog box --> type cmd -> click OK to open Windows command-line interface.

  5. On Windows command-line interface type the command below to unhide the hidden files: 

    Capture

    <USB thumb drive letter> clip_image001[6] Drive g: for example. No need to put a backslash after double colon (:). Check your USB thumb drive letter in My Computer.

  6. Press Capture --> wait untill you see the default directory of your cmd program.

    Capture

  7. Now, double click to open your thumb drive’s in My Computer –-> delete the files produced by shortcut virus.

    Capture 
     

47 comments:

{ Miecyber } at: April 7, 2011 at 10:42 PM said...

Nice tips..Thanks Bro..

Maybank2u.com tingkatkan tahap keselamatan

Anonymous at: April 9, 2011 at 12:20 AM said...

And what can you do on infected PC to prevent creating shortcuts on USB flash drive?

{ Zainal Abidin } at: April 9, 2011 at 9:36 AM said...

Thanks for the question anonymous..:)

Actually you have to perform the full system scan on the infected PC using the antivirus program that has the latest update definition files...

In my observation, this virus can be cleaned by antivirus such as Kaspersky, Avast...etc..

If you have any idea...I like to share with you pal....

Anonymous at: April 30, 2011 at 12:56 AM said...

Thanks a lot. I had the same problem.  After it got cleaned I started using AVG ThreatLabs free reports at http://www.avgthreatlabs.com. Haven't had any new infections since.

{ Fara } at: May 22, 2011 at 1:04 PM said...

After type the command below to unhide, what can i do??press enter or what??i'm confuse..

{ Zainal Abidin } at: May 22, 2011 at 5:31 PM said...

salam Fara...

after you type the command..you should press enter on your keyboard...

feel free to read this post again...I had updated it for you...

TQ for your question which remind me about my incomplete posting...:)

{ Fahmi P } at: May 23, 2011 at 10:33 PM said...

great tips...

{ farah } at: June 15, 2011 at 10:43 AM said...

oh begitu...
thx kongsi tips...^__^

Anonymous at: June 30, 2011 at 8:59 PM said...

Thank you so much for the great tips!!

Anonymous at: July 17, 2011 at 3:29 PM said...

GAHHH!!! Thank you so much!!! See the amount of exclamation marks? Yeah, That's how happy I am. :D

{ RAJ SAHU } at: July 19, 2011 at 7:34 PM said...

PLEASE TELL ME NAME OF ANTIVIRUS FOR Shortcut Virus Infection In Thumb Drive TO DELETE IT

{ Zainal Abidin } at: July 26, 2011 at 2:27 AM said...

Hello Raj sahu..

you can use either free antivirus or paid antivirus to remove the shortcut virus form your computer...

for free antivirus, I suggest you to use AVAST or AVG...

for paid antivirus i think Kaspersky had showed to me their great performance to remove this type of virus

{ Demu Chan } at: August 4, 2011 at 5:54 PM said...

bro.. ni saje je la tanye.. macam mane yerk kita nak buat external HDD kita jadi "CD Image" supaya senang nak buat restoring komputer semula menggunakan imej yang telah dibuat...

{ Types Of Computer } at: August 18, 2011 at 1:44 PM said...

Zainal Good Work Dude i Like your Site To help sum Problem. ladies and genital man See More Tips So plz Visit Here....
http://arsalancomputer588.blogspot.com/

{ Types Of Computer } at: August 18, 2011 at 3:03 PM said...

w salam ZaiNal

OKay Dear I can Put Backlink our Blog Of your But You Also Do Creat Backlink to my Blog and check it out my Blog....

{ Ridzwan Mohamed } at: September 9, 2011 at 8:17 PM said...

thanks 4 information.

{ NoT TwiN :D } at: October 24, 2011 at 8:16 PM said...

thanks. it's work for me..

{ SUJAY } at: December 23, 2011 at 2:34 AM said...

dude....u r GOD !!!!!!!!!!!.........thanks a lot...from u i got my 8TB worth of data back.....u r awsome

Anonymous at: January 18, 2012 at 6:10 PM said...

Thanks to your advice I managed to get rid of the worm in my thumbdrive! :D Thankyou!

Anonymous at: February 2, 2012 at 5:50 PM said...

THNKSSSS MAn

Ashraf - Sydney, Australia at: March 12, 2012 at 4:25 PM said...

Thank you, mate...you've saved my life! Tonnes of lessons I've prepared to teach were virtually considered history until I saw your post.
Thanks again

{ Zainal Abidin } at: March 13, 2012 at 10:56 PM said...

@Ashraf...

I am glad can help you...may you success in your life bro...

{ Adi Iskandar } at: March 14, 2012 at 10:28 AM said...

tuan, once dah follow the steps.. do we need to do anything else di window command line interface tu?

{ Zainal Abidin } at: March 14, 2012 at 12:24 PM said...

salam Adi Iskandar...

dalam menyelesaikan masalah nih...

kita guna command line interface untuk run command ATTRIB sahaja....tujuannya untuk untuk un-hide kan file2 kita yang disembunyikan oleh virus...

Selepas selesai run command ATTRIB...Adi leh close windows command line interface tersebut..dengan menaip EXIT dan press ENTER....

{ Adi Iskandar } at: March 14, 2012 at 4:09 PM said...

Terimakasih for the explanation.

{ Scouser Mum } at: March 22, 2012 at 8:58 AM said...

TQ so much for this simple, yet crucial tip!! and TQ Adi Iskandar for sharing the link ;-)

RAHUL at: May 27, 2012 at 7:58 PM said...

i am using windows7.
when i put pendrive into the pc..
shortcuts are appearing..
after recover the info.. and on next time again shortcuts were appeared..
i think my pc was attacked by virus..

how to remove this type of viruses permanantly..?

{ Zainal Abidin } at: May 27, 2012 at 8:38 PM said...

hello rahul...

look like your computer aka C:\ drive itself had been infected by shortcut virus...

to remove it I suggest you to scan your PC using antivirus like Kaspersky...

If you like to try the free antivirus...I suggest you to use AVG....

Click here if you need info about top antivirus

RAHUL at: May 27, 2012 at 10:01 PM said...

i tried too..
avg anti-virus
i did full system scan,then all my .exe were removed..

{ Zainal Abidin } at: May 27, 2012 at 10:30 PM said...

hello rahul...

usually virus infect the .exe file....and there are the type of viruses which can behave like the program such as game...eg: zuma deluxe...

this type of virus we call trojan horse...

in your case, the virus had infected your .exe file...

so, after you made full system scan...how you see the performance of you computer???...Is your computer still can boot and run without problem..???

RAHUL at: May 28, 2012 at 12:24 PM said...

i changed my o.s to windows7 recently..

but old o.s data also stored in my local disk(c:) with a folder named "windows.old"

can i delete it..?

{ Zainal Abidin } at: May 28, 2012 at 11:19 PM said...

hello rahul...

yes you can delete it...it will not give the bad effect to your new windows....

Anonymous at: July 14, 2012 at 3:04 AM said...

when i enter the command attrib.....it comes as
access denied J:/recycler bin....something..
what do i do????

{ Zainal Abidin } at: July 15, 2012 at 11:28 AM said...

hello anonymous july14

try open cmd program with administrator priveleges aka run as administrator....it is work..???

Anonymous at: August 7, 2012 at 7:12 AM said...

Thank you very much!

{ laura_nieto9 } at: September 17, 2012 at 8:15 PM said...

This happens to my thumb drive over and over again. Each time I see the shortcuts, I run the full scan on my pc and all my drives, including thumb drive. I remove all the infected files and delete the shortcuts. Next time I plug in my thumb drive, the shortcuts are back. Am I missing a step? Why do they keep coming back?

{ Zainal Abidin } at: September 18, 2012 at 2:09 PM said...

hello laura..

first of all sorry because i am late answering your question.....

For your info...the shortcut virus actually will hide your file and then create the shortcut link that represent the file it hide....

For your problem, allow me to suggest few things...

1. Maybe the files and folders in your computer system is set to unhide mode...So, to solve the problem, you must set them into hide mode...You can enter My Computer ---> click Organize --> click FOLDERS AND SEARCH OPTIONS ---> click the TAB VIEW --> under HIDDEN FILES AND FOLDERS, click RADIO BUTTON DON'T SHOW HIDDEN FILES, FOLDERS OR DRIVES.....

2. You must try update your antivirus until it get the latest virus definition...then try scan your computer and your USB thumb drive again....

3. If your antivirus seem no effect to get rid of thiss shortcut virus... try to use the another antivirus program...For paid antivirus...you can use Kaspersky and for free antivirus you can use AVG or Avast antivirus...

Anonymous at: November 20, 2012 at 1:41 AM said...

Could you type exactly what I mustto type for the command on a post so that I may copy and paste it? I believe I am copying it incorrectly. Also my infected drive was the f: drive.

{ Zainal Abidin } at: November 20, 2012 at 9:24 AM said...

Hello my dear anonymous Nov 20...

can I know which command you means...so I can assist you...:)

Anonymous at: December 2, 2012 at 4:08 PM said...

sorry for interrupting your holiday..just wanna ask..i do follow the step in order and it became like this:
C:\Users\user>attrib -s -h -r h:\*.* /s /d
unable to change attribute -H:\autorun.inf\con

so, how am i going to fix it? help me please

{ Zainal Abidin } at: December 2, 2012 at 8:32 PM said...

hello anonymous december 2....

attrib command is used to unhide the hidden file in your thumb drive...when you write the *.* it means your try to unhide all hidden files reside in your thumb drive....

In your case, if you want to unhide the autorun.inf...you need to write the command like below :

attrib -s -h -r h:\*.inf /s /f

the important point is you need to notice the extension of the file you want to unhide...eg: con...what extension the file con used.... .exe? .html?...

hope my anwser can help you

{ Free Antivirus Download } at: February 15, 2013 at 7:04 PM said...

i think it is not possible that virus infection gone in thumb drive. free antivirus download

{ Zainal Abidin } at: February 15, 2013 at 11:02 PM said...

Hello Free Antivirus Download...

I don't agree with you....anyhow tq so much for visitng my blog...:)

{ Flash Drives data recover } at: May 10, 2013 at 1:08 AM said...

Hi, Thanks for the very nice post about viruses. The best thing is that you shared the images which are really helpful aswel.

Hassan at: May 14, 2013 at 10:55 PM said...

thanx a lot man, you saved me big time

Anonymous at: June 2, 2013 at 4:53 PM said...

God bless you.I've didn't lose my work :)

Anonymous at: September 1, 2013 at 12:34 AM said...

Good tips it worked very well for me. Thanks

Post a Comment

Related Posts Plugin for WordPress, Blogger...