Every Computer user has came across a pen-drive that is badly affected by a virus that creates shortcuts in pen-drive and hides the rest of the file after creating autorun.inf in the root of pen-drive or USB removable disks. Usually such files are marked with attribute : hidden, read-only, system files.
The files in root are usually of the names autorun.inf, newfolder.exe, regsvr.exe and more.
To remove such virus follow the steps
- Open administrative command prompt.
- Go to your pen-drive drive letter. Suppose your USB disk is G:. Type G: and press Enter
- Now type the below command to remove system file, hidden read-only attribute
attrib -s -h -r /s /d *.*
- Delete Autorun.inf from USB – Disk.
- This makes all files visible and you are now able to delete them . Usually there are hidden folders which contain your files, cut them and paste at secure location like in your computer and delete those hidden shortcuts and hidden folders.
- Now to remove the executable and shortcuts from pen-drive , Check the size of any one such virus file and search for the files in windows explorer for the files of same type and same size, all be same.
- Delete suspicious files, on errror check task manager for process with same name or any suspicious process and end it.
- Open Explorer and right Click on Pen-drive , Click Open.
- Search with Advance Search for all files of same size in Pen-drive.
- Select All and Delete
NOTE 1: This is based on your understanding to remove all such files, like sometimes in Windows XP era file types of .exe .lnk .scr and more were created by the virus . So take a note to delete all such files by the step 5, step7, step 7.
NOTE 2: Never Open Removable disk by double click, Disable Autorun Of Disks For Your Computer.
NOTE 3: Its a benefit for Linux user to use such pen-drives without fear as these wont affect Linux system since executable of windows and Linux are different, so if you use one such system with Dual boot or Linux only , prefer opening first on Linux only to avoid infection.