How to Manually Remove Virus From USB Flash Drive without Formatting

In this article, we will discuss about how to manually remove virus from a USB Flash Drive without formatting it. This means that if you follow this tutorial, your data will not be deleted while the virus will be removed from the pen drive.

USB Flash drives are a major source of virus infection. Most computer networks will get infected if one computer gets infected. If this happens, it’s always a lot of pain removing viruses from the networks. Sometimes, users will need to format their hard drives to get rid of the viruses. By using this guide, you will be able to remove the virus without formatting the Flash drive.

Please note that this method will work on a system which is not affected by viruses. Otherwise you may not be able to delete virus files.

Indication of Virus

1. When you plugin a drive, Some Autoplay feature polls you to select an option. If you see a folder like icon that reads open using the program provided on the device. Does not select that. Also does not select Open folder to view files using Windows Explorer. Since the virus can execute with these options. Cancel it.

Note: Windows 7 has disabled the Autorun Option for Flash Drives, since the autorun source is usually unknown.

Autorun dialog for USB drive

2. You will also see a folder like icon instead of Flash Drive Icon in my computer

My Computer

Removal of Virus

Un-hiding hidden files

In Start Menu Click RUN and then type cmd. Type your Flash Drive Letter followed with colon. Here

J:

type attrib -r -a -s -h *.* and press enter.

This will unhide all files.

Correct Way of Opening Flash Drives

Do not open the Flash Drive by double clicking the icon in my Computer or By Right clicking and then Open,Explorer

Open the USB Drive by using Folders Icon.Folder tree button

Click on the Folders icon then select your Flash Drive

Select USB drive from Folders tree

OR

You can select Your Flash Drive by using the Address Bar in Windows Explorer.

Opening flash drive from address bar

OR

Type your Drive letter in the Address BarType drive letter in address bar

After Opening the drive. Select Details View using this icondetails view icon

Identifying and removing the virus

You can now see what the virus does with your Flash Drive. The Virus disguises itself as folder. You can see that system file icon as illustrated here is like folder icon. You actually click on the file.

Actually you click on those virus file thinking of them as folder and the virus executes. In the detailed view you can clearly see that the system file has a Type description of Application and the system folder has a Type description of Folder.

Delete all such files. Carefully do not delete the folders.

Delete the Autorun.inf file

Deleting autorun.inf file

You can also delete these files using 7-ZIP. Since it shows such virus files as having application file icon.

Open 7-ZIP and Type your Flash Drive Letter in the Address Bar. Here J:\

Delete all the folders and files you think that you did not save them.

The folders could have names like Recycler,System Volume. Delete them also.

You can also see the Recycle Bin like icons delete them too.

In this illustration these files are virus files

0o.com,system.exe,2m66sr.exe,abk.bat

Deleting suspecious files from usb drive

Now Scan your Flash Drive with some Anti-Virus to delete exe infecting viruses. You can also use a portable antivirus. This is because some application files (which can be some programs like Adobe Reader Setup or else) be affected with exe virus.

If you do not have a proper Anti-Virus then Click on Search and select All files and Folders

In the All or part of file name field type *.exe

In the Look In field select Your Flash Drive

In the More Advanced options select Search System Folders and Search Hidden files and Folders.

When search is complete delete all files

20 thoughts on “How to Manually Remove Virus From USB Flash Drive without Formatting

  1. how to remove virus which remain in executive file of word format like trip.exe or resume.exe . this virus get created automatically in each folder of pen drive. though i delete by method said above , it get created automatically so how should i remove it
    please help me.

    Reply
    1. If the virus file is getting created automatically again and again without executing any file in the USB drive, most probably, your computer is infected by a virus. You should scan your system for viruses and keep the USB drive inserted while the scan is in progress. If the virus stops the real-time antivirus from functioning, you can run the online virus scanners like TrendMicro Housecall or BitDefender online antivirus.
      http://housecall.trendmicro.com/apac/
      http://www.bitdefender.com/scanner/online/free.html

      If the problem persists, please let me know and we'll try to solve it by other ways.

      Reply
  2. there is particular virus which get created in each folder of pen drive automatically . it remain in executive word file like resume.exe , trip.exe how to remove this type of virus
    please help me

    Reply
  3. After typing attrib the. Do I need to type -r-a-s-h*.* without any space in between ? And do I need to give space between attrib and -r-a-s-h ?
    I tried with – giving before letter r a s h and *.* but it said as not valid command
    Please help me out

    Reply
    1. To unhide the file, you will need to run the attrib command. Attrib command will change the attributes of the file which you can do through file properties. But since viruses usually disable that functionality, we can make use of the command line tools for this purpose.

      Reply
  4. Step1: Use task manager and stop “service196.exe” 196 could be any random number.
    Step2: Locate this exe file in windows folder and delete it
    Step3 : Remove all registry entry for this exe file. Normally uses name “Adobe Reader Speed Launcher”. exact location can be found at

    http://www.threatexpert.com/report.aspx?md5=af5ec168d7729de093655472f5bcc5c8

    Step 4: Delete autorun.inf and recycle folder from external pendrives etc.
    =================
    To recover file folder run below given command from command prompt.
    attrib -h -r -s /s /d F:\*.*
    F could be any external drive. Folders are are just hidden.

    Reply
  5. Zak i already encountered such virus…ok the first thing you need to do is show all files and folders and PLEASE DELETE all the files that has an ARROW icon in your USB/HDD..and delete the variant it’s a .EXE files that used to be hidden for some reason…

    Reply
  6. I have follwed all steps but I am still seeing my files have folder arrows & short cut is writtten with them.
    Whats the problem?
    Some body plz me?

    Reply
  7. Ok..guys i have a simple tip about this autorun viruses..all you need to do is disabled the autoplay when you insert your USB/CD here’s how

    go to RUN then type gpedit.msc ENTER

    Expand Administrative Templates >Windows Components >Autoplay Policies in order.Then double click “Turn off Autoplay”

    Click Enabled, and then select All drives so that you can disable Autorun on all drives.Click Ok at last.

    After restarting your computer, you have done all the needed work to disable Auto Play in Windows 7.

    in Windows XP..in Group Policy

    go to System double click Turn Off Autoplay choose enabled..All Drives…whoolla restart and your done. 😛 easy right

    Reply
  8. G:\>attrib -h -r -s /s /d g:\*.* , le disque a été nettoyé et tous mes dossiers et fichiers restaurés.
    MERCI c vraiment gentil de votre part thanks a lot

    Reply
  9. my external harddisk was infected and my folders changed to 1KB shortcuts BUT BY FOLLOWING THE STEPS and using attrib -h -r -s /s /d g:\*.* , the drive was cleaned up and all my folders and files restored.
    Your steps works thanks.

    Reply
  10. hi guys;;
    new way to protect the removable disks.
    step1:
    create folder as autorun.inf
    step2:
    right click that folder mark as hidden and read-only.
    step3:
    that’s all….
    now your any removable disk is protected…

    Reply
  11. you can also try this for unhiding system and read only files

    attrib j:\*.* /d /s -s -h -r

    this can also help you recover folders hiden by a “virus”

    Reply
  12. It will be better to remove autorun file through command prompt.

    In Start Menu Click RUN and then type cmd. Type:

    J: [press enter]
    attrib -r -a -s -h autorun.inf [press enter]
    del autorun.inf [press enter]
    [close the window]

    If after line 2, a message appears “file not found” it means that your Flash Drive does not contain the autorun file and you can open your Flash Drive without any fear. Be sure to type the commands correctly and not make any spelling mistakes.

    Reply
  13. What I do is turn off autoplay, that way the virus can’t jump to my PC. Start, run, type gpedit.msc, hit enter, Computer configuration, administrative templates, System, Turn off Autoplay, Enable, turn off on all drives. Do the same for User configuration.

    Reply
  14. My computer has been a target to viruses when I plug in some infected flash but i hope this will not happen again in future. thanks for such an informative n useful stuff!

    Reply

Post Comment