DEV Community

Cover image for How to Remove a Virus Creating Shortcuts For Files and Folders in Pen Drives, Memory Cards and USB Drives (a Shortcut Virus)
Michael Mirosnichenko
Michael Mirosnichenko

Posted on

How to Remove a Virus Creating Shortcuts For Files and Folders in Pen Drives, Memory Cards and USB Drives (a Shortcut Virus)

Read this article to find out how to remove s shortcut virus turning files and folders into shortcuts How to restore data lost after such virus hits your system.

Have your files and folders on a USB drive, pen drive or memory card turned into shortcuts? Is your USB drive, pen drive or memory card shown as a shortcut? Are you looking for a method to restore your data and remove the pesky shortcut virus? Is your computer infected, in spite of having an antivirus installed? Unfortunately, few antiviruses can protect you against this misfortune.

With all those nasty effects, this type of virus is relatively harmless (especially if you think of ransomware and the like) so data can be restored, and the virus removed quite easily.

Types of shortcut viruses

At the moment, the two types of shortcut viruses are the most widespread: the first type creates shortcuts instead of files and folders on a pen drive or memory card, while the other type creates shortcuts of removable drives instead of the actual pen drives, USB drives and memory cards.

Names of the most widespread viruses:

  • Bundpil.Shortcu;
  • Mal/Bundpil-LNK;
  • Ramnit.CPL;
  • Serviks.Shortcut;
  • Troj/Agent-NXIMal/FakeAV-BW;
  • Trojan.Generic.7206697 (B);
  • Trojan.VBS.TTE (B);
  • Trojan.VBS.TTE;
  • VBS.Agent-35;
  • VBS.Serviks;
  • VBS/Autorun.EY worm;
  • VBS/Autorun.worm.k virus;
  • VBS/Canteix.AK;
  • VBS/Worm.BH;
  • W32.Exploit.CVE-2010_2568-1;
  • W32.Trojan.Starter-2;
  • W32/Sality.AB.2;
  • Win32/Ramnit.A virus;
  • Worm:VBS/Cantix.A;

The virus turning files and folders into shortcuts

This virus duplicates your files and folders, then hides and replaces them. It is a combination of a Trojan and a worm. The danger is that you start a virus every time when you want to open your file or folder. When you start a virus, it multiplies itself and infects more and more files, and often installs more malware that can steal data on your passwords and credit cards stored on your PC.

The virus turning pen drives and memory cards into shortcuts

This is a thoroughbred Trojan that hides all removable drives connected to the computer and replaces them with shortcuts for these devices. Every time you click on the shortcut, you start the virus again and again, so it starts looking for any financial data on your PC, and sends it to its creators.

What can be done if the virus attacks your PC

Unfortunately, few antiviruses can recognize the threat in time and protect your PC from infestation. That is why the best protection is to disable autorun option for removable devices and avoid clicking on file, folder or disk shortcuts. Be attentive and don’t click on the shortcuts which you didn’t create. Instead of the usual double-click to open the drive, right-click on it and select Open in new window.

Recover data removed by the virus

To restore effectively the data removed by this type of virus, use Hetman Partition Recovery. It uses low-level functions in working with the disk, so it can bypass the virus blocking and read all of your files.

Download and install the program, then analyze the infected pen drive or memory card. Restore the information before cleaning the drive from the virus. The most reliable method is to clean the pen drive with the command DiskPart, which will remove all data.

Delete the virus from the memory card or USB drive

After recovering data from the pen drive, you can clean it entirely with the help of diskpart. Removing all files and formatting the device may still miss the virus hiding in the boot sector, partition table or unallocated area of the drive. Watch the video to see how to clean a pen drive properly.

Remove the virus from the pen drive with the Command Prompt

This method cannot clean your pen drive from all kinds of viruses for sure, but it can help you to get rid of the shortcut virus. You don’t have to download and install any third-party utilities – all the work can be done with this Windows-integrated tool.

Right-click on the Start menu and run the Command Prompt as Administrator.

Image description

Enter the command j: and press Enter (where j: is the letter of the USB drive infected by a virus).

Enter the command: attrib j:. /d /s -h -r –s and press Enter:

–h: shows all hidden files on the flash drive;
–r: disables the read-only setting;
–s: disables the system mark from all files.

Delete the virus from your PC

The easiest and most reliable way to clean the computer from the virus is to completely reinstall Windows, with removing the system partition.

However, if you are a power user, here’s one thing you can try:

Modify the Windows registry to prevent the virus from auto-starting. Press the key shortcut Win + R, in the window that appear, type regedit and press Enter. Go to HKEY_CURRENT_USER / Software / Microsoft / Windows / CurrentVersion / Run.

Image description

View all keys located there. If you see an unusual name or location of a program, remove the entry. Often viruses are hiding under automatically generated names, such as sfdWQD234dcfF. Any keys starting VBS, INI, LINK or EXE files are potentially dangerous. However, you are the person to know for sure what programs are installed on your computer and are supposed to start with Windows, so it’s up to you to decide if a certain key has to be removed. To remove a key, select it by left click and press Del.

Disable the virus auto-start in Windows Services. Press the key shortcut Win + R, in the window that appears, type msconfig and press Enter. In the window that opens, jump to the tab Services. View them and disable all that seem to be suspicious.

Image description

Disable the apps that are started automatically via Task Manager (For Windows 8 and older) Press Ctrl + Shift + Esc and go to the tab Startup. To prevent a suspicious app from starting, right-click on it and select Disable.

Image description

Top comments (0)