Modern antiviruses have already learned to block autorun.inf, which launches a virus when a flash drive is opened.
A new type of virus of the same family has been walking around the network and from flash drive to flash drive for quite some time, simply another Trojan. Infection with them can be immediately detected with the naked eye without any antiviruses, the main sign is this all folders on the flash drive turned into shortcuts.
If there are very important files on the flash drive, the first thing you will do is rush to open all the folders (shortcuts) one by one to make sure the files are present - This is not worth doing at all!
The problem is that these shortcuts contain two commands, the first is to launch and install the virus on the PC, the second is to open your precious folder.
If you have Windows XP, then go to: “Start-My Computer-Tools Menu-Folder Options-View Tab”:
On the “View” tab, find two parameters and execute:
If you have Windows 7, you need to go a slightly different path: “Start-Control Panel-Appearance and Personalization-Folder Options-View Tab”. 
You need the same options and need to enable them in the same way. Now your folders on the flash drive will be visible, but they will be transparent.
An infected flash drive looks like the image below: 
In order not to delete all files from the flash drive, you can see what any of the shortcuts launches (usually they launch the same file on the same flash drive). To do this, you need to look at the properties of the shortcut, there you will find a double launch - the first opens your folder, and the second launches the virus: 
We are interested in the “Object” string. It is quite long, but it is easy to find the path to the virus in it, most often it is something like 118920.exe in the Recycle folder on the flash drive itself. In my case, the double run line looked like this:
%windir%\system32\cmd.exe /c “start %cd%RECYCLER\6dc09d8d.exe &&%windir%\explorer.exe %cd%support
Here is the same path: RECYCLER\6dc09d8d.exe- a folder on a flash drive and a virus in it.
We delete it along with the folder - now clicking on the shortcut is not dangerous ( if you haven't run it before).
1. Delete all the shortcuts to our folders - they are not needed.
2. Our folders are transparent - this means that the downloader virus has marked them as system and hidden. You cannot simply disable these attributes, so you need to use the attributes reset via the command line.
There are 2 ways for this:
Open “Start” - “Run” - Enter the CMD command - press ENTER. A black command line window will open in which you need to enter the following commands:
1. Create a text file on a flash drive.
2. Write a command attrib -s -h /d /s into it, rename the file to 1.bat and run it.
3. If you are unable to create such a file, you can download mine: .
If there are a lot of files, it may take time to execute the command, sometimes up to 10 minutes!
4. After this, you can return to the first step and restore the previous appearance of the folders, that is, hide system hidden files.
If you suspect that it is your PC that is spreading this virus across flash drives, you can view the list of processes in the task manager. To do this, press CTRL+ALT+DEL and look for a process with a name similar to FS..USB..., instead of dots - some letters or numbers.
The source of this process is not removed by AviraAntivir, DrWeb CureIT, or Kaspersky Removal Tool.
I personally removed it with F-Secure with a trial version, but it is hidden in the form of a driver and you can find it using the utility Autoruns.
I’ll say right away that I didn’t have such a situation. I don’t know exactly how to treat it. I see three ways out of the situation:
You can download trial versions of these antiviruses for 1 month, update their databases and check your PC using them.
It seems like that’s it, contact me - I’ll always answer, sometimes with a delay.
“I can add that there are also viruses such as Sality (Sector XX - where XX numbers like 05, 15, 11, 12 are modifications, it is not clear who creates them) corrupts executable exe files... with such viruses I have invented my own way of fighting using the same Dr.Web CureIt! having in hand a WinXPE system recorded on a 700 meter CD-R... loading the system from disk and using not hard memory, but RAM.
Works great. The disk inserted loading from the disk, turned on, put in a flash drive with a pre-recorded “FRESH” CureIt!... and voila.. I ran the entire hard drive for the presence of muck. What’s most interesting is that during this process, as with the Life CD from the Web, the viruses “sleep”, i.e. The system is not loaded, and it’s somehow more convenient with the operating system.
Every storage medium can become a haven for malware. As a result, you may lose valuable data and risk infecting your other devices. Therefore, it is better to get rid of all this as soon as possible. We will look further at how you can check and remove viruses from your drive.
Let's start by looking at the signs of viruses on a removable drive. The main ones are:
In general, the media becomes slower to be detected by the computer, it takes longer for information to be copied onto it, and sometimes errors may occur. In most cases, it would be a good idea to check the computer to which the flash drive is connected.
To combat malware, it is best to use antivirus software. These can be either powerful combination products or simple, highly targeted utilities. We invite you to familiarize yourself with the best options.
Today this antivirus is considered one of the most popular in the world, and for our purposes it is perfect. To use to clean a USB drive, do the following:
You can also scan media through the context menu. To do this, follow a number of simple steps:
Right-click on the flash drive and select "Scan".
By default, Avasta is configured to automatically detect viruses on connected devices. The status of this function can be checked using the following path:
Settings / Components / File system screen settings / Scan on connection
And this is an option with less load on the system, so it is often installed on laptops and tablets. To scan a removable drive for viruses using , do the following:
You can set up automatic scanning when you connect a flash drive. To do this, follow the path
Settings / Advanced settings / Virus protection / Removable media
The free version of this antivirus will help you quickly scan any media. Instructions for using it to complete our task are as follows:
Don't forget to set up automatic scanning. To do this, go to settings and click "Examination". Here you can set the antivirus action when connecting a flash drive to a PC. 
For reliable operation of each antivirus, do not forget about virus database updates. They usually happen automatically, but inexperienced users can cancel them or disable them altogether. This is not recommended at all.
One of the best utilities for detecting viruses on your computer and portable devices. Instructions for use are as follows:
You can go the other way by simply right-clicking on the flash drive in "Computer" and selecting "Scan Malwarebytes".
A USB drive is a “tidbit” for viruses. There is even a separate category of “digital strains.” They are aimed specifically at external drives. Trojans and worms secretly penetrate a flash drive, install their elements (startup modules, startup file, shortcuts) and carefully disguise them, delete or damage user folders and files. They also disrupt the operation of a USB drive: they prevent you from opening a partition and individual folders, prevent you from safely removing the device, and imitate system errors (fake messages appear).
Let's look at how to clean a flash drive from viruses using various methods.
The first step is to secure the operating system of the computer on which the scan will be performed. Disable autorun in Windows. So that the virus, after connecting a USB flash drive, cannot automatically start and secretly penetrate the PC’s hard drive.
This procedure is performed as follows:
1. Press the key combination “Win” and “R”.
2. In the Run panel line, enter the directive - gpedit.msc.
3. Click OK.
4. In the Group Policy Editor window, select the “Computer Configuration” section.
5. Open the “Administrative Templates” subsection.
6. From the list of options, select Windows Components.
7. Go to “AutoPlay Policies” → “Disable AutoPlay” settings.
8. In the settings window that opens:
1. Right-click on the Windows icon on the taskbar.
2. Select “Find” from the context menu.
3. In the search bar, type - autorun.
4. Click in the search results - “Enable or disable autorun”.
5. In the “Computer and Devices” panel, go to the “Startup” section.
6. In the block on the left, set the value “Do not perform any actions” in the “Removable media” and “Memory card” fields.
Advice! If you want to completely disable the AutoPlay feature, click the slider at the top of the block to “Off.”
1. After disabling autorun, connect the USB flash drive to the PC.
2. Press "Win+E".
3. In the window that opens, right-click on the USB drive icon.
4. To check the flash drive for viruses, select “Scan…” from the list of options. (In this case it is ESET Smart Security).
5. Remove all malicious objects found.
Advice! You can perform cleaning using alternative anti-virus scanners - Dr.Web CureIT!, Free Anti-Malware or Kaspersky Virus Removal Tool. Before the scan is performed, do not forget to check the box next to the flash drive in the list of partitions.
(removing all data - virus and user files)
Note. This option is appropriate to use when there is no valuable information on the media or when it is not possible to remove the virus from the flash drive using other methods.
1. Make sure that AutoPlay is disabled on your computer. And then connect the infected media.
2. Press the “Win” and “E” keys simultaneously.
3. Hover over the USB shortcut. Click the right button. In the system menu, select “Format...”.
4. In “Formatting...” set the following values in the settings:
5. Click the "Start" button.
6. In the additional window, confirm the action: click “OK”.
7. When the procedure is complete, in the “Formatting...” window, click “OK” again.
8. In the settings window, click “Close”.
Now the flash drive is clean and ready for full use.
(for advanced users only)
This cleaning algorithm is advisable to use if you want to save as much useful data as possible located on an infected flash drive.
1. Enable Windows to show hidden files and folders:
2. Check the autorun setting. It must be disabled (see Method #1).
3. Connect and open the contents of the flash drive.
4. Analyze the files. Elements of the malware may look like this:
5. Right-click on each of them and view the “Object” setting in the properties (click → item in the “Properties” menu). In virus files, the “Object” usually displays the executable file of the “microbe” that attacked the USB drive.
6. Remove all malicious files and shortcuts, as well as the executable element of the virus to which they access (listed in the “Object” line).
A flash drive vaccine is a kind of software protection in the form of a special file (Autorun.inf). It prevents the virus from “settling” on the flash drive: it blocks its functions. Used exclusively as a prophylactic and warning agent on “healthy” USB drives. It is created manually and using special programs. We will get to know some of them better.
A utility from the famous antivirus company Panda. Has a volume of less than 1MB. However, very useful. Available free of charge on the official website. After launching USB Vaccine for the first time, in the panel, check the boxes next to “Hide tray icon...” and “Enable NTFS...”. And then click “Next”. Connect the USB flash drive and click the “Vaccinate USB” button in the application window.
Does not require installation. Runs in the MS-DOS console. At the request of the user, he can not only “vaccinate” the flash drive, but also disable autorun by changing the registry settings, and prohibit writing data on the media.
An efficient GUI tool. Activates USB storage protection in one click (and disables it in the same way). Carefully hides the presence of the “grafting” AUTORUN.INF on the flash drive.
Let your USB drives avoid viruses!
Read, how to remove a virus that converts files and folders into shortcuts. How to recover data that was lost as a result of such a virus. Have your files and folders on a USB flash drive or memory card become shortcuts? Does a USB flash drive or memory card appear as a shortcut after connecting to a computer? Are you looking for how to recover data and remove a virus that converts files and folders into shortcuts? Are you using an antivirus, but your computer is still infected? Unfortunately, not all antiviruses can protect you from such infections.
Today, there are two most common types of viruses that create shortcuts: the first create shortcuts instead of files and folders on a flash drive or memory card, others create shortcuts to removable drives instead of the flash drives themselves, external USB drives and memory cards.
Names of the most common viruses:
This virus duplicates your files and folders, then hides and replaces them. The virus is a combination of a Trojan and a worm. The danger is that you run a virus every time you want to open your file or folder. Once launched, the virus spreads itself to infect more and more files and often installs additional malware that can steal passwords and credit card information stored on your computer.
This is a purebred Trojan virus that hides any removable devices connected to the computer and replaces them with shortcuts for these devices. Each time you click on the shortcut, you again launch the virus, which searches for financial information on your computer and sends it to the scammers who created the virus.
Unfortunately, not all antiviruses can detect danger in time and protect you from infection. Therefore, the best protection would be not to use automatic startup of removable devices and not to click on shortcuts to files, folders or drives. Be careful not to click on shortcuts that you did not create yourself. Instead of double-clicking to open the disk, click on it right mouse button and select Expand in Explorer.
To reliably recover data deleted by this type of virus, use Hetman Partition Recovery. Since the program uses low-level disk functions, it will bypass virus blocking and read all your files.
Download and install the program, then analyze the infected flash drive or memory card. Perform data recovery before cleaning the media from the virus. The most reliable treatment option is to clean the flash drive using the DiskPart command; this will delete all information on it.
After recovering data from a flash drive, you can completely clear it using the DiskPart utility. Deleting all files and formatting the device may leave behind a virus that will hide in the boot sector, partition table, or unallocated area of the disk. Watch the video to see how to properly clean a flash drive.
This method does not guarantee to clean the flash drive from all types of viruses, but it can remove a virus that creates shortcuts instead of files. You will not need to download and install third-party utilities; removal is done using the tool built into any version of Windows.
The simplest and most reliable way to clean your computer from a virus is to completely reinstall Windows and delete the system partition.
But if you are an advanced user, you can try the following method:
A flash drive is a portable USB storage device that has rapidly gained popularity because it allows the user to quickly record and transfer important information. The USB drive is small in size, so it is easy to keep it with you at all times.
If a problem is detected, there is no need to rush to format all data
However, in some cases, a flash drive can spoil the user’s mood when once again it is necessary to write off information from it, and she “refuses” to provide it. It should be understood that the whole problem lies in a virus that penetrated the flash drive and hopelessly infected it. To help it restore its perfect performance, you should know how to remove a virus from a flash drive.
It is not at all difficult to recognize that a flash drive has been subjected to a virus attack and has been infected, since when working with it, signs begin to appear that have not previously been characteristic of it.
In particular, if a virus infection occurs, the USB drive may stop opening. If the user wants to take any action by calling up the context menu, the left mouse button will refuse to respond, or the context menu will open, but it will be impossible to read anything, since instead of the usual words, the user will see only some solid “hieroglyphs”.
A slightly different story may also happen, which almost provokes a shock in the user, since when opening a USB drive, the owner of the flash drive may not find a single document.
Indeed, there is a virus that, penetrating the drive, brings such “trouble.” However, it is important for the user to pull himself together, read the information on how to remove a virus from a flash drive, and then return all “lost” documents. In reality, not a single file disappeared; the virus code simply changed their status, turning them into hidden files.
Labels that appear on the flash drive instead of missing documents can also indicate the presence of a virus infection. In this case, experts recommend not to panic and not start frantically opening all the shortcuts, trying to detect at least some presence of important documents.
By clicking on the shortcuts, the user of the USB drive makes the situation even worse by continuing to infect the flash drive with virus code, since the shortcuts are directly linked to the malicious executable file.
In connection with the situation that has arisen, the right option would be to calm down, concentrate, and direct all efforts to studying information on how to remove a virus from a flash drive. Moreover, there is nothing complicated in the subsequent steps, and even a beginner can remove a virus from a flash drive, and then successfully display hidden files.
To clean a USB drive from virus code, it is best to use a computer that has powerful protection installed. It’s good if this antivirus program is a paid version, because in this case you can be sure that the antivirus databases in it will be up to date, and therefore such an antivirus program can easily deal with any malicious file.
Having such an excellent antivirus program at your disposal, it will be absolutely simple to understand how to remove a virus from a flash drive, since the process will practically occur automatically, with only a little user participation.
The USB drive should be inserted into the USB connector, the antivirus program will immediately prompt you to check the drive, the user can only agree with this. The antivirus program will perform all other actions independently, displaying the result of its work on the screen.
The antivirus program itself will be able to remove hidden viruses. After such cleaning, flash drives will be “healthy” and operational again.
Experienced users can remove a malicious file from a flash drive manually. This tactic is especially welcome when there is no nearby computer with a powerful antivirus program with updated antivirus databases.
To manually eliminate a malicious file, the user must initially display hidden files, since the execution file is in this status.
To show hidden files, you should open the “Control Panel”, go to the “Folder Options” tab, then “View”, among the listed options you should find and check the box for “Show hidden files and folders”. Now the user will be able to see everything that the virus tried to hide. The USB drive will contain RECYCLED and RECYCLER, if there is a file with the exe extension inside, it should be destroyed, since it is a malicious file.
Another option for removing malicious code is the formatting process, but it should be noted that after its completion, not only the virus and all its traces, but also all documents will disappear from the drive without a trace.
After you have successfully eliminated a malicious file, and only documents remain on the drive that are simply not visible because they are in the status of hidden files, it is important to perform a number of simple steps that will allow you to return the documents to their usual appearance.
The easiest way is to use a file manager, which includes Total Commander.
Having launched Total Commander, go to the “Configuration” tab, then “Panel Contents”, and then check the box next to “Show hidden/system files”.
Now the user will see all his documents. At this stage, you should select them, then go to the “Files” tab, then “Change Attribute”, and in the dialog box that appears, uncheck the “Hidden” and “System” boxes. This concludes the fight against the virus and the work of restoring documents.
So, when using a USB drive, you should be careful and not expose it to virus infection again. However, if such an infection does occur, it is important to remain calm and calmly eliminate the malicious object, not allowing it to “manage” the USB drive for a long period of time.
