≡ Menu

How to Manually Remove Virus From USB Flash Drive without Formatting

Note: The method will work on a system which is not affected by viruses. Otherwise you may not be able to delete virus files.

Indication of Virus

1. When you plugin a drive, Some Autoplay feature polls you to select a option. If you see a folder like icon that reads open using the program provided on the device. Does not select that. Also does not select Open folder to view files using Windows Explorer. Since the virus can execute with these options. Cancel it.

Note: Windows 7 has disabled the Autorun Option for Flash Drives, since the autorun source is usually unknown.


2. You will also see a folder like icon instead of Flash Drive Icon in my computer


Removal of Virus

1. In Start Menu Click RUN and then type cmd. Type your Flash Drive Letter followed with colon. Here


type attrib -r -a -s -h *.* and press enter.

This will unhide all files.

2.  Correct Way of Opening Flash Drives

Note: Do not open the Flash Drive by double clicking the icon in my Computer or By Right clicking and then Open,Explorer

Open the USB Drive by using Folders Icon. image

Click on the Folders icon then select your Flash Drive


You can select Your Flash Drive by using the Address Bar in Windows Explorer.


Type your Drive letter in the Address Bar


3. After Opening the drive. Select Details View using this icon image

You can now see what the virus does with your Flash Drive. The Virus does disguises itself as folder. You can see that system file icon as illustrated here is similar to folder icon. You actually click on the file.

Actually you click on those virus file thinking of them as folder and the virus executes. In the detailed view you can clearly see that the system file has a Type description of Application and the system folder has a Type description of Folder.

Delete all such files. Carefully do not delete the folders.

4. Delete the Autorun.inf file


5. You can also delete these files using 7-ZIP. Since it shows such virus files as having application file icon.

Download 7-ZIP from here.

Or you can get PowerExes Pack that includes it.

[download id=”286″]

Open 7-ZIP and Type your Flash Drive Letter in the Address Bar. Here J:\


6. Delete all the folders and files you think that you did not saved them.

The folders could have names like Recycler,System Volume. Delete them also.

You can also see the Recycle Bin like icons delete them too.

In this illustration these files are virus files



7. Now Scan your Flash Drive with some Anti-Virus to delete exe infecting viruses. This is because some application files (which can be some programs like Adobe Reader Setup or else) be affected with exe virus.

If you do not have a proper Anti-Virus then Click on Search and select All files and Folders

In the All or part of file name field type *.exe

In the Look In field select Your Flash Drive

In the More Advanced options select Search System Folders and Search Hidden files and Folders.


When search is complete delete all files

Comments on this entry are closed.

  • Mahnoor Saad April 11, 2010, 1:35 pm

    My computer has been a target to viruses when I plug in some infected flash but i hope this will not happen again in future. thanks for such an informative n useful stuff!

  • Muhammad Abdullah April 11, 2010, 3:55 pm

    Mahnoor Saad, by following the correct technique to open Flash Drive your system will be safe

  • Russell April 22, 2010, 9:31 pm

    What I do is turn off autoplay, that way the virus can’t jump to my PC. Start, run, type gpedit.msc, hit enter, Computer configuration, administrative templates, System, Turn off Autoplay, Enable, turn off on all drives. Do the same for User configuration.

  • JK III June 15, 2010, 3:36 am

    It will be better to remove autorun file through command prompt.

    In Start Menu Click RUN and then type cmd. Type:

    J: [press enter]
    attrib -r -a -s -h autorun.inf [press enter]
    del autorun.inf [press enter]
    [close the window]

    If after line 2, a message appears “file not found” it means that your Flash Drive does not contain the autorun file and you can open your Flash Drive without any fear. Be sure to type the commands correctly and not make any spelling mistakes.

  • Krugger October 15, 2010, 2:27 pm

    you can also try this for unhiding system and read only files

    attrib j:\*.* /d /s -s -h -r

    this can also help you recover folders hiden by a “virus”

  • sidhu November 20, 2010, 10:05 am

    hi guys;;
    new way to protect the removable disks.
    create folder as autorun.inf
    right click that folder mark as hidden and read-only.
    that’s all….
    now your any removable disk is protected…

  • Babatunde November 26, 2010, 4:43 am

    my external harddisk was infected and my folders changed to 1KB shortcuts BUT BY FOLLOWING THE STEPS and using attrib -h -r -s /s /d g:\*.* , the drive was cleaned up and all my folders and files restored.
    Your steps works thanks.

  • atoi December 18, 2010, 12:16 am

    thanx man.. it really help

  • Jose January 31, 2011, 11:10 am

    G:\>attrib -h -r -s /s /d g:\*.* , le disque a été nettoyé et tous mes dossiers et fichiers restaurés.
    MERCI c vraiment gentil de votre part thanks a lot

  • Aila February 5, 2011, 10:27 am

    A lot of thanx.it is very informative & it helped me 😉

  • zaldhie March 1, 2011, 5:16 pm

    Ok..guys i have a simple tip about this autorun viruses..all you need to do is disabled the autoplay when you insert your USB/CD here’s how

    go to RUN then type gpedit.msc ENTER

    Expand Administrative Templates >Windows Components >Autoplay Policies in order.Then double click “Turn off Autoplay”

    Click Enabled, and then select All drives so that you can disable Autorun on all drives.Click Ok at last.

    After restarting your computer, you have done all the needed work to disable Auto Play in Windows 7.

    in Windows XP..in Group Policy

    go to System double click Turn Off Autoplay choose enabled..All Drives…whoolla restart and your done. 😛 easy right

  • nurin March 22, 2011, 5:53 am

    how about Mac OS? is that any tips to remove shortcut virus manually… 🙁

  • zak April 13, 2011, 11:26 am

    I have follwed all steps but I am still seeing my files have folder arrows & short cut is writtten with them.
    Whats the problem?
    Some body plz me?

  • zaldhie April 13, 2011, 11:31 am

    Zak i already encountered such virus…ok the first thing you need to do is show all files and folders and PLEASE DELETE all the files that has an ARROW icon in your USB/HDD..and delete the variant it’s a .EXE files that used to be hidden for some reason…

  • harmit April 26, 2011, 4:18 pm

    Step1: Use task manager and stop “service196.exe” 196 could be any random number.
    Step2: Locate this exe file in windows folder and delete it
    Step3 : Remove all registry entry for this exe file. Normally uses name “Adobe Reader Speed Launcher”. exact location can be found at


    Step 4: Delete autorun.inf and recycle folder from external pendrives etc.
    To recover file folder run below given command from command prompt.
    attrib -h -r -s /s /d F:\*.*
    F could be any external drive. Folders are are just hidden.

  • eliakim June 20, 2011, 3:25 pm

    hi, how do i enter a computer without using a password?

  • Lp June 21, 2011, 2:31 pm

    Thankx guys, I was realy worried about how to get rid of this…

  • Economists July 18, 2011, 2:05 am

    Use this software to remove all dirty worms…

    put software on desktop every time when you connect your usb drive to your computer run it..

    it will remove all virus including shortcut virus and will show hidden files.

    Usb Master Red cap v1.0

  • Edbenavidez September 10, 2011, 8:21 am

    Thanks, very helpful information…