USB Flash drives are a major source of virus infection. Most computer networks will get infected if one computer gets infected. If this happens, it’s always a lot of pain removing viruses from the networks. Sometimes, users will need to format their hard drives in order to get rid of the viruses. In this article, we will discuss about how to manually remove virus from a USB Flash Drive without formatting it. This means that if you follow this tutorial, your data will not be deleted while the virus will be removed from the pen drive.
Please note that this method will work on a system which is not affected by viruses. Otherwise you may not be able to delete virus files.
Indication of Virus
1. When you plugin a drive, Some Autoplay feature polls you to select a option. If you see a folder like icon that reads open using the program provided on the device. Does not select that. Also does not select Open folder to view files using Windows Explorer. Since the virus can execute with these options. Cancel it.
Note: Windows 7 has disabled the Autorun Option for Flash Drives, since the autorun source is usually unknown.
2. You will also see a folder like icon instead of Flash Drive Icon in my computer
Removal of Virus
Un-hiding hidden files
In Start Menu Click RUN and then type cmd. Type your Flash Drive Letter followed with colon. Here
J:
type attrib -r -a -s -h *.* and press enter.
This will unhide all files.
Correct Way of Opening Flash Drives
Do not open the Flash Drive by double clicking the icon in my Computer or By Right clicking and then Open,Explorer
Open the USB Drive by using Folders Icon.
Click on the Folders icon then select your Flash Drive
OR
You can select Your Flash Drive by using the Address Bar in Windows Explorer.
OR
Type your Drive letter in the Address Bar
After Opening the drive. Select Details View using this icon
Identifying and removing the virus
You can now see what the virus does with your Flash Drive. The Virus disguises itself as folder. You can see that system file icon as illustrated here is similar to folder icon. You actually click on the file.
Actually you click on those virus file thinking of them as folder and the virus executes. In the detailed view you can clearly see that the system file has a Type description of Application and the system folder has a Type description of Folder.
Delete all such files. Carefully do not delete the folders.
Delete the Autorun.inf file
You can also delete these files using 7-ZIP. Since it shows such virus files as having application file icon.
Open 7-ZIP and Type your Flash Drive Letter in the Address Bar. Here J:\
Delete all the folders and files you think that you did not saved them.
The folders could have names like Recycler,System Volume. Delete them also.
You can also see the Recycle Bin like icons delete them too.
In this illustration these files are virus files
0o.com,system.exe,2m66sr.exe,abk.bat
Now Scan your Flash Drive with some Anti-Virus to delete exe infecting viruses. You can also use a portable antivirus. This is because some application files (which can be some programs like Adobe Reader Setup or else) be affected with exe virus.
If you do not have a proper Anti-Virus then Click on Search and select All files and Folders
In the All or part of file name field type *.exe
In the Look In field select Your Flash Drive
In the More Advanced options select Search System Folders and Search Hidden files and Folders.
When search is complete delete all files
{ 20 comments… read them below or add one }
My computer has been a target to viruses when I plug in some infected flash but i hope this will not happen again in future. thanks for such an informative n useful stuff!
Mahnoor Saad, by following the correct technique to open Flash Drive your system will be safe
What I do is turn off autoplay, that way the virus can’t jump to my PC. Start, run, type gpedit.msc, hit enter, Computer configuration, administrative templates, System, Turn off Autoplay, Enable, turn off on all drives. Do the same for User configuration.
It will be better to remove autorun file through command prompt.
In Start Menu Click RUN and then type cmd. Type:
J: [press enter]
attrib -r -a -s -h autorun.inf [press enter]
del autorun.inf [press enter]
[close the window]
If after line 2, a message appears “file not found” it means that your Flash Drive does not contain the autorun file and you can open your Flash Drive without any fear. Be sure to type the commands correctly and not make any spelling mistakes.
you can also try this for unhiding system and read only files
attrib j:\*.* /d /s -s -h -r
this can also help you recover folders hiden by a “virus”
hi guys;;
new way to protect the removable disks.
step1:
create folder as autorun.inf
step2:
right click that folder mark as hidden and read-only.
step3:
that’s all….
now your any removable disk is protected…
my external harddisk was infected and my folders changed to 1KB shortcuts BUT BY FOLLOWING THE STEPS and using attrib -h -r -s /s /d g:\*.* , the drive was cleaned up and all my folders and files restored.
Your steps works thanks.
G:\>attrib -h -r -s /s /d g:\*.* , le disque a été nettoyé et tous mes dossiers et fichiers restaurés.
MERCI c vraiment gentil de votre part thanks a lot
Ok..guys i have a simple tip about this autorun viruses..all you need to do is disabled the autoplay when you insert your USB/CD here’s how
go to RUN then type gpedit.msc ENTER
Expand Administrative Templates >Windows Components >Autoplay Policies in order.Then double click “Turn off Autoplay”
Click Enabled, and then select All drives so that you can disable Autorun on all drives.Click Ok at last.
After restarting your computer, you have done all the needed work to disable Auto Play in Windows 7.
in Windows XP..in Group Policy
go to System double click Turn Off Autoplay choose enabled..All Drives…whoolla restart and your done.
easy right
how about Mac OS? is that any tips to remove shortcut virus manually…
I have follwed all steps but I am still seeing my files have folder arrows & short cut is writtten with them.
Whats the problem?
Some body plz me?
Zak i already encountered such virus…ok the first thing you need to do is show all files and folders and PLEASE DELETE all the files that has an ARROW icon in your USB/HDD..and delete the variant it’s a .EXE files that used to be hidden for some reason…
Step1: Use task manager and stop “service196.exe” 196 could be any random number.
Step2: Locate this exe file in windows folder and delete it
Step3 : Remove all registry entry for this exe file. Normally uses name “Adobe Reader Speed Launcher”. exact location can be found at
http://www.threatexpert.com/report.aspx?md5=af5ec168d7729de093655472f5bcc5c8
Step 4: Delete autorun.inf and recycle folder from external pendrives etc.
=================
To recover file folder run below given command from command prompt.
attrib -h -r -s /s /d F:\*.*
F could be any external drive. Folders are are just hidden.
while unhinding file do i need to type attrib letter too? i am not able to unhide file to detect virus
please help
To unhide the file, you will need to run the attrib command. Attrib command will change the attributes of the file which you can do through file properties. But since viruses usually disable that functionality, we can make use of the command line tools for this purpose.
After typing attrib the. Do I need to type -r-a-s-h*.* without any space in between ? And do I need to give space between attrib and -r-a-s-h ?
I tried with – giving before letter r a s h and *.* but it said as not valid command
Please help me out
You can follow my tutorial on using the attrib command here:
http://www.technize.net/unhide-files-and-folders-by-single-dos-command/
You will need to give spaces in each letter.
there is particular virus which get created in each folder of pen drive automatically . it remain in executive word file like resume.exe , trip.exe how to remove this type of virus
please help me
how to remove virus which remain in executive file of word format like trip.exe or resume.exe . this virus get created automatically in each folder of pen drive. though i delete by method said above , it get created automatically so how should i remove it
please help me.
If the virus file is getting created automatically again and again without executing any file in the USB drive, most probably, your computer is infected by a virus. You should scan your system for viruses and keep the USB drive inserted while the scan is in progress. If the virus stops the real-time antivirus from functioning, you can run the online virus scanners like TrendMicro Housecall or BitDefender online antivirus.
http://housecall.trendmicro.com/apac/
http://www.bitdefender.com/scanner/online/free.html
If the problem persists, please let me know and we'll try to solve it by other ways.