USB Shortcut Virus

USB Shortcut Virus Removal guide
USB Shortcut Virus is a malware that spreads through removable USB devices and turns files into shortcuts

USB Shortcut Virus, is a malicious program that messes up with files on the disks. It is a rather old type of threat, that targets to mischief the user, rather than get any profit. There could be several ways to solve the issue – manual as well as with the use of specialized software.

What is USB Shortcut Virus?

USB Shortcut Virus is a type of malware that makes the data look as lost, turning all the files into shortcuts. The virus modifies the file structure on a USB drive, replacing real files and folders with shortcuts with the same icons and names. This tricks the user and causes the virus to launch when they try to open the file. However, the original files are usually hidden or moved to a hidden partition.

USB Shortcut Virus Infection Chain

The virus spreads primarily through USB devices and automatically copies its executable file to the device. This file is usually saved in the root directory of the USB drive and disguised as a safe, familiar file using common icons and names such as “My Documents” or “Recycle Bin”. It also actively uses the autorun functionality via the Windows registry. This allows it to run malicious code as soon as the device is connected to the computer. The .lnk files are a key element of this process, as they can be executed automatically and mask the launch of the malicious executable.

Some users want to re-use old drives, that potentially contain this malware. But for many, it is a risk to plug it into their current computer and infect it. And that leaves the question: how to safely recover files or format a hard drive?

Question on forum
Question from a user on a Reddit forum.

How Is USB Shortcut Virus Dangerous?

USB Shortcut Virus poses a serious threat to users who regularly use removable media. The main dangers associated with this virus include:

  • The worst part is that the virus can also hide or delete the original files on the USB drive. This often results in the loss of important information that may be difficult or impossible to recover.
  • USB Shortcut Virus easily and stealthily spreads from one device to another, infecting all USB devices connected to the infected computer.
  • USB Shortcut Virus can function as a Trojan by collecting user’s personal data such as passwords, financial information and other sensitive data.
  • Once on system disks, the virus can disable or compromise a computer’s security, making the system more vulnerable to other malicious attacks.

How to remove USB Shortcut Virus?

USB Shortcut Virus removal requires a careful approach to not only get rid of the virus but also to restore access to the original files.

Step 1:

To prevent the virus from automatically starting when USB devices are connected, disable USB device autorun:

  • Open “Registry Editor” (press Win + R, type regedit and press Enter).

regedit

  • Navigate to the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer path.

Registry Editor

  • Create or modify a DWORD value named NoDriveTypeAutoRun and set the value to 0xFF to disable autorun for all disk types.

DWORD value

Step 2:

Since the virus can create registry entries to run automatically, you need to clean the registry:

  • Open “Registry Editor” (press Win + R, type regedit and press Enter).

regedit

  • Navigate to
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    and
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Registry Editor

  • Remove any suspicious values that may run malicious files on system startup.

suspicious value

Step 3:

Several commands can be used to manually remove USB Shortcut Virus via Command Prompt, including cleaning malicious files:

  • Open “Command Prompt” (Type cmd in the search box and click “Run as administrator” to open elevated Command Prompt.).

cmd in the search box

  • The virus often hides the original files and replaces them with shortcuts. To display them:
    attrib -h -r -s /s /d G:\*.*
    “G:\” – the drive letter of your USB device.
  • First, remove any shortcuts that the virus has created. These shortcuts may be the source of the infection:
    del G:\*.lnk
  • Next, remove malicious executable files that are usually hidden in the USB root or system folders:
    del G:\*.exe

Step 4:

Check the C:Windows\, C:Windows\System32\, and C:\Users\[username]\AppData folders for malicious files and delete them.

Be very careful when using the command line, especially when working with uninstall commands and registry editing. Incorrect actions may cause damage to the system.

Use a Reliable Antivirus

To remove USB Shortcut Virus, one of the most effective approaches is to use specialized antivirus software that can detect and remove complex malware. One of the recommended tools for this task is Gridinsoft Anti-Malware.

Gridinsoft Anti-Malware features fast scanning speeds and the ability to detect various types of malware, including USB Shortcut Virus. It also provides in-depth system and USB device scanning. This allows you to detect and remove hidden and standalone viruses that may not be noticed by standard antiviruses.

USB Shortcut Virus

By Stephanie Adlam

I write about how to make your Internet browsing comfortable and safe. The modern digital world is worth being a part of, and I want to show you how to do it properly.

Leave a comment

Your email address will not be published. Required fields are marked *