Eliminating The Shortcut Virus: A Guide To Cleansing Your Flash Drive

The shortcut virus is a common virus that hides your files and replaces them with inaccessible shortcuts that have the same name. Luckily, your data still exists—it's just hidden by the virus. You can remove the virus using a free tool like UsbFix or by running some commands at the command prompt.

- Using CMD: Connect the infected flash drive to your PC. Open the Command Prompt as an administrator and type `del *.lnk` and press Enter. Then, type `attrib -h -r -s /s /d DRIVELETTER:\*.*` and press Enter. Replace `DRIVELETTER` with the letter of your flash drive.

- Using a Disk Cleaning Tool: If you are unfamiliar with CMD, you can use a simple disk cleaning tool like EaseUS CleanGenius.

- Using Registry: Remove the shortcut virus by editing the Registry Editor. Type `regedit` in the Search box and right-click regedit and choose Run as administrator. Navigate to `HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion > Run` and delete the suspicious keys.

- Using Antivirus Software: Download and install reliable antivirus software. Connect the infected flash drive to your PC and run the antivirus software to clean up the virus.

Use the attrib command in Command Prompt

Using the attrib command in Command Prompt to clean the shortcut virus

The attrib command is a Command Prompt command used to display, set, or remove the attributes of the files or folders in the selected location. By canceling the "hidden" attribute of the virus, you can see it appearing in the folder. And then you will know where to find and remove it.

• Disconnect the infected drive and reboot your computer: Since most shortcut viruses come with programs that will run automatically, disconnect the infected drive and reboot your computer before you start the cleaning process.
• Determine the drive letter of the infected drive: You can skip this step if you already know the drive letter (e.g. E:). Here's how to find the drive letter: Press Win+E to open the File Explorer. Scroll down the left column to the "This PC" or "Computer" section. Find the drive letter next to the name of the infected drive.
• Open the Command Prompt as an administrator: The process varies depending on the version of Windows you are using:

• Windows 10 and 8: Press Win+X to open the Power Users menu (or right-click the Start menu), then click Command Prompt (Admin) or Windows PowerShell (Admin). Click Yes if prompted to give permission.
• Windows 7 and older: Press Win+R to open the Run bar, then type cmd into the box. Press Ctrl+Shift+Enter to run it as an administrator, then enter your password (or confirm) to run the app.

• Type the drive letter and press Enter: Replace DRIVELETTER with the letter of your infected drive.
• Type del *.lnk and press Enter: This command deletes the shortcuts from the drive.
• Type attrib -h -r -s /s /d DRIVELETTER:\*.* and press Enter: Replace DRIVELETTER with your infected drive's letter. This command unhides the files, removes any read-only attributes, and removes the shortcuts. When the command is finished running, your files will be usable again. For example, if your infected drive's letter is E, type attrib -h -r -s /s /d E:\*.* and press Enter.
• Remove the flash drive from the computer: The next step is to scan your computer for malware and repair any found issues so that your drive is not re-infected.

Note: Using cmd can result in serious damage to your system if used improperly. If you are not sure how to operate the command line, only enter commands from trusted sources.

Create a BAT file to remove the virus

Create a BAT File to Remove the Shortcut Virus

Creating a BAT file can simplify the process of removing the shortcut virus from your USB drive. Here are the steps to create and execute a BAT file:

• Connect Your USB Drive: Start by connecting your USB flash drive, pen drive, or SD card to your Windows computer.
• Create a New Text Document: Right-click on your desktop or in any desired folder and choose "New" from the menu. Then, select "Text Document" to create a new text file.
• Open the Text Document: Double-click on the newly created text document to open it in Notepad or your default text editor.
• Copy and Paste the Following Code:

Attrib -s -r -h G:\*.* /s /d /l

Modify the Drive Letter: Replace "G:" in the code with the drive letter of your infected storage device. For example, if your USB drive letter is "E:", change the code to:

Attrib -s -r -h E:\*.* /s /d /l

• Save the File as a BAT File: Go to "File > Save As" in the text editor. Change the "Save as type" option to "All Files (*.*)" and name your file with a ".bat" extension. For example, "RemoveVirus.bat". Save the file on your desktop or any preferred location.
• Run the BAT File: Locate the BAT file you just created and double-click on it to execute the file. This will initiate the process of removing the shortcut virus from your USB drive.
• Wait for the Process to Complete: The BAT file will run, and you should see the command prompt window open and display the removal process. Wait patiently for it to finish.

By following these steps, you will successfully create and run a BAT file to remove the shortcut virus from your USB drive or other storage devices. This method provides a straightforward way to address the virus infection without having to manually enter complex commands.

Use an antivirus tool

Using an antivirus tool is one of the most effective ways to remove the shortcut virus from your flash drive. Antivirus tools can help detect and remove the virus, as well as protect your device from future infections. Here are the steps you can follow:

Step 1: Choose a Reliable Antivirus Software

It is important to select a trusted and reputable antivirus program. You can consider using tools such as TotalAV, Hitman Pro, UsbFix, or USB Shortcut Virus Remover. These tools are designed to detect and remove various types of malware, including the shortcut virus.

Step 2: Install and Run the Antivirus Software

Once you have chosen your preferred antivirus software, proceed to download and install it on your computer. Follow the installation instructions provided by the software developer. After successful installation, open the antivirus program and familiarize yourself with its interface and features.

Step 3: Scan Your Flash Drive

Connect your flash drive to the computer. Then, using the antivirus software, initiate a scan of your flash drive. This process will vary depending on the specific software you are using. Follow the on-screen instructions provided by the antivirus tool.

Step 4: Remove the Detected Threats

After the scan is complete, the antivirus software will typically provide you with a list of detected threats or issues. Review this list carefully. Look for any indications of the shortcut virus or other malicious programs. Follow the recommended steps within the antivirus software to remove or quarantine the detected threats.

Step 5: Restart Your Computer and Flash Drive

Once you have removed the shortcut virus using the antivirus tool, it is generally a good idea to restart your computer and your flash drive. This will ensure that any changes made during the virus removal process take effect.

Step 6: Verify the Removal and Check for Data Loss

After restarting, reconnect your flash drive to the computer and access its contents. Verify that the shortcut virus has been successfully removed. Check if all your files and folders are accessible and intact. In some cases, you may experience data loss or file corruption due to the virus infection.

Step 7: Prevent Future Infections

To protect your flash drive and computer from future infections, it is essential to take preventive measures. Here are some tips:

• Keep your antivirus software up to date: Regularly update your antivirus program to ensure it has the latest virus definitions and improvements.
• Enable real-time protection: Most antivirus software offers real-time scanning and protection, which can help detect and block threats immediately.
• Scan removable media: Before accessing any removable media, such as flash drives or external hard drives, perform a full scan using your antivirus software.
• Back up your important data: Regularly back up your essential data to a secure location, such as a cloud storage service or an external hard drive. This will help protect your data in case of future infections or system failures.

By following these steps and maintaining good cybersecurity practices, you can effectively remove the shortcut virus from your flash drive and prevent similar issues in the future.

Remove the virus from the source computer

Most viruses spread from computers to storage devices, so you must get rid of them from the source computer. Here's what you should do:

• Unplug your flash drive: Stop using your flash drive because more devices will get infected if you continue to use it.
• Clean up all shortcut viruses or other malware on your PC: Cut the source of the virus or malware by cleaning up all viruses and malware on the source computer.

Steps to clean up viruses and malware on Windows 10 PC:

• Enable the firewall on your Windows PC: Open Control Panel > click "Windows Defender Firewall" > Turn Windows Defender Firewall on or off. Check the boxes of "Turn on Windows Defender Firewall" and click "OK" to confirm.
• Turn on Virus & threat protection in Windows Defender Security Center: Right-click the Windows icon and select "Settings" > Click "Update and Security". On the Windows Security section, click "Open Windows Defender Security Center". Click "Virus & threat protection" on the new window > Go to Virus & threat protection settings. Turn on these three options: Real-time protection, Cloud-delivered protection, and Automatic sample submission. Note: Do as Windows Defender Security Center requests if the virus is detected after turning on the Virus & threat protection feature. By doing so, it will remove all detected viruses and malware.
• Run antivirus software to clear the hidden virus, malware, etc: You can use antivirus software such as Malwarebytes' Anti-Malware, Hitman Pro, or TotalAV to clear the hidden virus, malware, etc.

Delete suspicious keys in the Registry Editor

To delete suspicious keys in the Registry Editor, follow these steps:

Step 1: Open the Run Window

Press the Windows and R keys simultaneously on your keyboard to open the Run window.

Step 2: Open the Registry Editor

In the Open field of the Run window, type "regedit" and then press Enter. This will open the Registry Editor in a new window.

Step 3: Navigate to the Correct Folder

In the Registry Editor, navigate to the following path: HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion > Run.

Step 4: Find and Delete Suspicious Keys

Look for suspicious keys with names like odwcamszas, WXXKYz, ZGFYszaas, and OUzzckky. Right-click on these keys and select "Delete" to remove them.

Deleting the wrong keys in the Registry Editor can cause serious issues, including malfunctions in programs or computer features. Therefore, it is important to be cautious and only delete keys that are known to be suspicious or related to the shortcut virus.

Additionally, it is always recommended to create a backup of your registry before making any changes. This will allow you to restore the registry to a previous state if any issues occur.

Frequently asked questions