Note: The method will work on a system which is not affected by viruses. Otherwise you may not be able to delete virus files.
Indication of Virus
1. When you plugin a drive, Some Autoplay feature polls you to select a option. If you see a folder like icon that reads open using the program provided on the device. Does not select that. Also does not select Open folder to view files using Windows Explorer. Since the virus can execute with these options. Cancel it.
Note: Windows 7 has disabled the Autorun Option for Flash Drives, since the autorun source is usually unknown.
2. You will also see a folder like icon instead of Flash Drive Icon in my computer
Removal of Virus
1. In Start Menu Click RUN and then type cmd. Type your Flash Drive Letter followed with colon. Here
J:
type attrib -r -a -s -h *.* and press enter.
This will unhide all files.
2. Correct Way of Opening Flash Drives
Note: Do not open the Flash Drive by double clicking the icon in my Computer or By Right clicking and then Open,Explorer
Open the USB Drive by using Folders Icon.
Click on the Folders icon then select your Flash Drive
OR
You can select Your Flash Drive by using the Address Bar in Windows Explorer.
OR
Type your Drive letter in the Address Bar
3. After Opening the drive. Select Details View using this icon
You can now see what the virus does with your Flash Drive. The Virus does disguises itself as folder. You can see that system file icon as illustrated here is similar to folder icon. You actually click on the file.
Actually you click on those virus file thinking of them as folder and the virus executes. In the detailed view you can clearly see that the system file has a Type description of Application and the system folder has a Type description of Folder.
Delete all such files. Carefully do not delete the folders.
4. Delete the Autorun.inf file
5. You can also delete these files using 7-ZIP. Since it shows such virus files as having application file icon.
Download 7-ZIP from here.
Or you can get PowerExes Pack that includes it.
[download id=”286″]
Open 7-ZIP and Type your Flash Drive Letter in the Address Bar. Here J:\
6. Delete all the folders and files you think that you did not saved them.
The folders could have names like Recycler,System Volume. Delete them also.
You can also see the Recycle Bin like icons delete them too.
In this illustration these files are virus files
0o.com,system.exe,2m66sr.exe,abk.bat
7. Now Scan your Flash Drive with some Anti-Virus to delete exe infecting viruses. This is because some application files (which can be some programs like Adobe Reader Setup or else) be affected with exe virus.
If you do not have a proper Anti-Virus then Click on Search and select All files and Folders
In the All or part of file name field type *.exe
In the Look In field select Your Flash Drive
In the More Advanced options select Search System Folders and Search Hidden files and Folders.
When search is complete delete all files
Comments
19 responses to “How to Manually Remove Virus From USB Flash Drive without Formatting”
My computer has been a target to viruses when I plug in some infected flash but i hope this will not happen again in future. thanks for such an informative n useful stuff!
Mahnoor Saad, by following the correct technique to open Flash Drive your system will be safe
What I do is turn off autoplay, that way the virus can’t jump to my PC. Start, run, type gpedit.msc, hit enter, Computer configuration, administrative templates, System, Turn off Autoplay, Enable, turn off on all drives. Do the same for User configuration.
It will be better to remove autorun file through command prompt.
In Start Menu Click RUN and then type cmd. Type:
J: [press enter]
attrib -r -a -s -h autorun.inf [press enter]
del autorun.inf [press enter]
[close the window]
If after line 2, a message appears “file not found” it means that your Flash Drive does not contain the autorun file and you can open your Flash Drive without any fear. Be sure to type the commands correctly and not make any spelling mistakes.
you can also try this for unhiding system and read only files
attrib j:\*.* /d /s -s -h -r
this can also help you recover folders hiden by a “virus”
hi guys;;
new way to protect the removable disks.
step1:
create folder as autorun.inf
step2:
right click that folder mark as hidden and read-only.
step3:
that’s all….
now your any removable disk is protected…
my external harddisk was infected and my folders changed to 1KB shortcuts BUT BY FOLLOWING THE STEPS and using attrib -h -r -s /s /d g:\*.* , the drive was cleaned up and all my folders and files restored.
Your steps works thanks.
thanx man.. it really help
G:\>attrib -h -r -s /s /d g:\*.* , le disque a été nettoyé et tous mes dossiers et fichiers restaurés.
MERCI c vraiment gentil de votre part thanks a lot
A lot of thanx.it is very informative & it helped me 😉
Ok..guys i have a simple tip about this autorun viruses..all you need to do is disabled the autoplay when you insert your USB/CD here’s how
go to RUN then type gpedit.msc ENTER
Expand Administrative Templates >Windows Components >Autoplay Policies in order.Then double click “Turn off Autoplay”
Click Enabled, and then select All drives so that you can disable Autorun on all drives.Click Ok at last.
After restarting your computer, you have done all the needed work to disable Auto Play in Windows 7.
in Windows XP..in Group Policy
go to System double click Turn Off Autoplay choose enabled..All Drives…whoolla restart and your done. 😛 easy right
how about Mac OS? is that any tips to remove shortcut virus manually… 🙁
I have follwed all steps but I am still seeing my files have folder arrows & short cut is writtten with them.
Whats the problem?
Some body plz me?
Zak i already encountered such virus…ok the first thing you need to do is show all files and folders and PLEASE DELETE all the files that has an ARROW icon in your USB/HDD..and delete the variant it’s a .EXE files that used to be hidden for some reason…
Step1: Use task manager and stop “service196.exe” 196 could be any random number.
Step2: Locate this exe file in windows folder and delete it
Step3 : Remove all registry entry for this exe file. Normally uses name “Adobe Reader Speed Launcher”. exact location can be found at
http://www.threatexpert.com/report.aspx?md5=af5ec168d7729de093655472f5bcc5c8
Step 4: Delete autorun.inf and recycle folder from external pendrives etc.
=================
To recover file folder run below given command from command prompt.
attrib -h -r -s /s /d F:\*.*
F could be any external drive. Folders are are just hidden.
hi, how do i enter a computer without using a password?
Thankx guys, I was realy worried about how to get rid of this…
Use this software to remove all dirty worms…
put software on desktop every time when you connect your usb drive to your computer run it..
it will remove all virus including shortcut virus and will show hidden files.
Usb Master Red cap v1.0
Thanks, very helpful information…