How to remove Virus from USB Drives
By Madhur Kapoor on Jan 26, 2008 in Tutorials
One of the ways by which a virus can infect your PC is through USB/Pen drives. Common viruses such as ’Ravmon’ , ‘New Folder.exe’, ‘Orkut is banned’ etc are spreading through USB drives. Most anti virus programs are unable to detect them and even if they do, in most cases they are unable to delete the file, only quarantine it. Here are the things which you can do if you want to remove such viruses from your USB drives
Whenever you plug a USB drive in your system, a window will appear similar to the one shown below
Don’t click on Ok , just choose ‘Cancel’. Open the Command Prompt by typing ‘cmd‘ in the run box. In the command prompt type the drive letter: and press enter . Now type dir /w/a and press enter.
This will display a list of the files in the pen drive. Check whether the following files are there or not
- Autorun.inf
- Ravmon.exe
- New Folder.exe
- svchost.exe
- Heap41a
- or any other exe file which may be suspicious.
If any of the above files are there, then probably the USB drive is infected. In command prompt type attrib -r -a -s -h *.* and press enter. This will remove the Read Only, Archive, System and hidden file attribute from all the files. Now just delete the files using the command del filename. example del Ravmon.exe. Delete all the files that are suspicious. To be on a safer side, just scan the USB drive with an anti virus program to check whether it is free of virus or not. Now remove the drive and plug it again. In most of the cases, the real culprit turns out to be the “Autorun.inf” file which mostly gets executed when someone clicks Ok in the dialog window which appears above. Thus the infections can spread
Security Tip
Disable the Autoplay feature of USB drives. If you disable the Autoplay feature of USB drives, then there are lesser chances of the virus spreading. A tool which can perform such a function is Tweak UI. Download it from here install it.
Run the program. Now you can disable the Autoplay feature of the removable drives as shown above. By following the above steps, you can keep your USB drives clean. If there are any other methods which you use, then share it with me through comments.
Very good tip! Thanks to this, I can finally remove the stuff. Now to scout for some PC to do the stuff….
Ashwin | Jan 27, 2008 | Reply
Nice Tip.. Our IT told us also that when you plugin your computer you have to press shift until it finish reading..
Dexter | Techathand.net | Jan 27, 2008 | Reply
Good tip !
I regularly scan my USB drive with anti-virus software and that works fine !
Thanks.
Aseem Kishore | Jan 27, 2008 | Reply
Hey nice tip, Madhur.
Now I can even remove virus from my IPod as well.
Thanks….
Rakshit | Jan 27, 2008 | Reply
Great post.
..because of the reasons you mentioned above i never autoplay any USB drive plugged into my computer…just to be on the safer side.
Shashank | Jan 27, 2008 | Reply
This is really a nice tip regarding USB drives as mostly viruses come from these USB drives.
Abhishek Kumar | Jan 27, 2008 | Reply
Glad you liked the post guys.
Madhur Kapoor | Jan 27, 2008 | Reply
Hi Madhur ……..
It’s a nice tip you gave but it has one problem. If the autorun virus is attached with some file inside the USB, then you cannot remove the autorun virus. Like if there’s a file named “ankit.jpg” (which is not suspicious), & this is the file that writes data in the autorun.inf file, then even if you perform the above mentioned steps, autorun virus will keep coming till the time you find ANKIT.JPG & manually clean it !!!
Ankit Mahanot | Jan 28, 2008 | Reply
Cool tip Madhur. My system admin friends who work for a college will surely benefited from this article.
Syahid A. | Jan 28, 2008 | Reply
Nice trick buddy. A query : How to keep your pen drives clean? Lots of computers in my hostel don’t have good antiviruses. How can i keep my drive clean all the time. Just don’t tell me to don’t use the drive on such computers. lol
Waiting for a reply.
Ashfame | Jan 31, 2008 | Reply
@Ashfame
First of all dont use the Autorun feature of the pendrive. After using the pen drive in your friends PC and before putting it back on your PC, just check whether there are malicious files listed above are present or not. I also distribute my pen drive in hostels but before using them on my pc, i take care to check it for viruses. Sometimes, even Anti virus are unable to detect anything.
Madhur Kapoor | Jan 31, 2008 | Reply
Recently my System also got infected by a pendrive
thank god i ahve backup , else my prize possesion would have gone by (song collection)
Watch hindi movies | Feb 1, 2008 | Reply
first of all disable ur autorun feature of pendrive, then when you attempt to open your drive, dont double click on your drive just right click on ur drive and then click on explore. doing this no virus will effect ur pc from pendrive
bikash chhetri | Feb 2, 2008 | Reply
i have a virus called explorer.exe, autorun.inf and isetup.exe in my pendrive i did all possible things to delete these virus but cant delete it. so how to delete these virus form my pendrive
bikash chhetri | Feb 2, 2008 | Reply
They should have calle it a USB condom.
Rapidshare search | Feb 3, 2008 | Reply
the present virus in form is funny ust scandal .avi
how to remove that frm pendrives??madhur, the one u gave prevously was good.give me a solution for this!!!
bharat | Feb 7, 2008 | Reply
i insert my USB drive then i click start then run and type cmd then type dir/w/a its more .exe file. example fotoku.exe,MicrosoftPowerPoint.exe, astry.exe, [.Trashes]
i type del fotoku.exe but it show Could not find H:\fotuku.exe
so what i do
help me
plz
Karthick | Feb 8, 2008 | Reply
Thanks it is nice idea to keep USB clean and fine.
Prabhat KumarJha | Feb 11, 2008 | Reply
nice idea for keeping usb clean
siva | Feb 12, 2008 | Reply
thanks to this i got rid of the RavMonE.exe virus.. bu i cant seem to delete “autorun.inf” .. how will i do this? and can you give me tips on how i can prevent viruses to infect my flash disk? thank you sir
bunta fujiwara | Feb 18, 2008 | Reply
we can use flash disinfector to remove most common pen drive virus check out http://digitracker.blogspot.com/2008/01/remove-most-common-pendrive-virus-and.html
to download it
vamsi | Feb 18, 2008 | Reply
Hi Madhur, i have a problem. i cant view hidden files in folder. when i go to options it shows smoe language very alien.. please advise.. thank you. adrian
adrian | Feb 22, 2008 | Reply
If the virus files are not getting deleted, then please start the pc in safe mode and try these steps. Also i recommend using Nod 32 anitvirus. It successfully detects many of these viruses.
@adrian
That can be due to Ravmon virus . Search the net for its Removal tool and then run it in safe mode. Hope it helps.
Madhur Kapoor | Feb 24, 2008 | Reply
My USB device is not functioning becuase of the virus win.exe. The autorun is not functioning also. I am having a hard time removing the virus. Can you help me?
Shasha | Mar 2, 2008 | Reply
Appreciate if you could advise/ instruct me how remove below kind of virus on my USB…. thanks in advance ….
S3UUPDATED64.dll.vbs
Francis | Mar 10, 2008 | Reply
Hi Madhur..i Hav got a virus in my pen drive but it is a folder..I m not able to delete that..cud u pls help!
tks
Kanishk Malick | Mar 11, 2008 | Reply
Hi Madhur..i Hav got a virus in my pen drive but it is in a folder..I m not able to delete that..cud u pls help!
tks
Kanishk Malick | Mar 11, 2008 | Reply
thanks
i was facing problem with USBs
either not a valid win32 application or when clicking the icon of the disk it wont open and ask me the program to open it thanks these steps solve my problem without format
rehab | Mar 13, 2008 | Reply
i insert my USB drive then i click start then run and type cmd then type dir/w/a i found kinza.exe file
i type del kinza.exe but it show Could not find i:\kinza.exe
so what should i do
help me
plz
Bhimani | Mar 15, 2008 | Reply
realy super tip… from now onwards i can work with virus free usb
shahulhameed | Mar 15, 2008 | Reply
my usb drive has no virus, but sometimes the files cannot open…..what sholud I do?
Rodney | Mar 16, 2008 | Reply
hello madhur,
how do i remove the virus from my pen drive, ipod without it entering into my system?? since i just formatted my system and if i insert the pen drive am afraid of it coming in again.. thanks!
madhu | Mar 19, 2008 | Reply
@madhu
disable the auto run feature of pen drive and then insert it.
If anyone is unable to delete a file on USB drive , try performing the steps in the Windows Safe Mode
Madhur Kapoor | Mar 20, 2008 | Reply
hey thanks , i cud remove kinzaa.exe through ur advice.
Anubhav | Mar 21, 2008 | Reply
I have done as you suggested, but it will not allow me to delete kinza.exe and autorun.inf
Can you please help me?
Thank you
Dianna | Mar 31, 2008 | Reply
I deleted the file from the command prompt, but when i scan it using the AV, it still appears in the Quarantined List.How can this be solved?
inferano | Apr 1, 2008 | Reply
I havent got the solution as the describe method.
it can not remove Microsoftpowerpoint.exe and also autorun.inf
KIndly suggest me the solution with screen shots.
Darshan Patel | Apr 1, 2008 | Reply
@Dianna
Try performing the above steps in Safe Mode. IF ti doesnt work, then format your USB drive. Hope it helps
@inferano
Sometimes, when the AV quarantines it file, file cannot be deleted. Or some viruses replicate pretty quickly . Try formatting the drive
@Darshan
Perform the above steps in Safe mode.
Madhur Kapoor | Apr 1, 2008 | Reply
hi,
i tried to remove the New Folder.exe virus folder from my pen drive according to your steps but not success.when in cmd i m giving dir/w/a it is showing this virus folder but while deleting it is showing folder not founded so please give me some solution. from last 1 vk m suffering……
rakhi | Apr 2, 2008 | Reply
i still couldnot remove any files
rithesh | Apr 2, 2008 | Reply
I have a virus called “asry.exe” its usually spreads through USB.plz tell me how to romove this virus
Faisal | Apr 3, 2008 | Reply
http://www.techtola.com/2008/01/ways-to-prevent-70-virus-malware.html
Check out software restriction policy in that post…
You can prevent many viruses
PLease PLease give me ur comments to improve that article
Rajavanya | Apr 4, 2008 | Reply
http://www.techtola.com/2008/01/ways-to-prevent-70-virus-malware.html
Check out software restriction policy in that post…
You can prevent many viruses
Please give me ur comments to improve that article
Rajavanya | Apr 4, 2008 | Reply
Good morning,
1. Thank you for sharing your experience with us. We removed RavMonE.exe from my usb flashdrive. We followed the steps you’ve mention and it works. Thank You for sharing your inputs to us.
2. I still have one (1) usb left 4gb. I’m sure that there are virus in it, because the computer cannot detect my 4gb usb but i can see or it is appearing on my computer. I followed the tip you’ve mention. I opened start button, then go to “RUN” and type CMD. After that i changed the drive to my flashdrive, but the computer cannot detect my flashdrive (”cmd.exe - no disk”). How can I open my flashdrive? Please help me to remove the virus? Kindly email me the steps on how my computer can detect my usb flashdrive. (TAKE NOTE THAT, I CAN SEE “REMOVABLE DISK” ON MY COMPUTER, BUT THE COMPUTER WILL SAY “PLEASE INSERT DISK ON DRIVE D:”
Please help me. Thank You very much in advance!
anthony | Apr 7, 2008 | Reply
hey man
my usb drive was infected with some unknown virus
i scanned it with updated antivirus softwareS but no result
than i searched on google and found ur post
i did ur trick and still cant belive it was gone
amazing U
amazing ur TRICK
thanx a lot
the suspicious names were
fotoku.exe
tikno.exe
and plenty of them were there
thanx a lot!! | Apr 7, 2008 | Reply
i had the same problem like u
u shd try this
insert ur pen drive
press cancel when asked for autorun (as madhur said)
click on safety remove to open the SAFETY REMOVE box
now dont remove pen drive
go to it select the bad files (fotoku astry etc)
shift+delete
u r done
try n reply
hello karthik | Apr 7, 2008 | Reply
i am having a pen drive after some time it again appears earlier it was empty but two days ago i found there were two folders named application and love when i delected those files it was deleted but after 3or 4 seconds it again appeared i formatted my pen drive but still it is showing those two files help me out gettin rid of those two files plzzzzzz and yes thanx in advance
rajat verma | Apr 11, 2008 | Reply
@karthik
Thanks, will try that too
@rajat
Try the above mentioned steps in Safe mode and definitely remove the Autorun.inf file
Madhur Kapoor | Apr 13, 2008 | Reply
see madhur ihave tried what u hav suggested
evrything worked but at the fianl stage i.e. at deleting for example:”if i type del newfolder.exe” it gives me a back answer saying cannot find new…
and i hav another problem too
i hav an net connecion and whenever i download any file from IE the download box appears but the download does not start
and
any change i make in my pc gets reseted by itself
pleaseeee help me
ARJUN REDDY | Apr 14, 2008 | Reply
see madhur ihave tried what u hav suggested
evrything worked but at the fianl stage i.e. at deleting for example:”if i type del newfolder.exe” it gives me a back answer saying cannot find new…
and i hav another problem too
i hav an net connecion and whenever i download any file from IE the download box appears but the download does not start
and
any change i make in my pc gets reseted by itself
pleaseeee help me
ARJUN REDDY | Apr 14, 2008 | Reply
I haven’t read this tip before…A bit late but this is what I’ve been looking for. Opening USB drives from command prompt is new for me. I’ll practice it. Thanks.
Jacklin | Apr 17, 2008 | Reply
Thanks man!!!!
i haven’t been able to some of my files stored on my ipod - i’ve removed the autorun.inf and was able to access the files - do you think the drive is clean now?
Marwan | Apr 17, 2008 | Reply
Great article 10/10
Kaseeve | Apr 21, 2008 | Reply
ur advice about the anti virus are really very helpfull,,
i will definitely follow them while attaching a storage device to my system.
keep giving such advices on other topics also.
minaxi | Apr 23, 2008 | Reply
Tnaks sir its damn gud idea to remove virus from USB pen drive. its really works very well. also keep giving ideas to removw viruses from PC’s from command prompt..
Parvesh | Apr 24, 2008 | Reply
Hi Madhur,this is Sridhar.I gt a new kingston 4gb driven when i had struck wid virus in pendrive i used the technique u said but its nt working,after seeing the contents in the pendrive iam unable 2 del them,they r nt going from the pendrive …..
i had typed “del autorun.inf” and “del TunerSetup.exe” many times but those two files were nt deleted .so what shud i do ….plz help out me
by the way when i plug the drive and double click it is saying “some files could not be created ,please close all applications,reboot windows and restart this application”,here in this error if i click “ok” its showing like some thing is being “extracted”,but when i right click and open (or) explore iam able 2 see all the contents in drive …still i dont wat 2 c that popup msg …..plz help me out ….. i think i had got this error due 2 TunerSEtup.exe virus
plz plz tel me hw 2 del that both the viruses by tomorrow…..
Urs frnd Sridhar
sridhar | Apr 26, 2008 | Reply
Hello Friend
Can u suggest solution for removing bloodhound.packed.jmp
Thanks….Urs is a great site
SS MIshra | Apr 29, 2008 | Reply
there is one more method i used for this
first go to command prompt
and go to c:
then type the below command
cd config
and
attrib -s -h *.*
del *.*
cd spring
attrib -s -h *.*
del *.*
before doing all these thing open task manager and search for svchost.exe that running on the current user and stop that process and do the process once more and nod32 antivirus is detecting it and also removing it
if the regedit, taskmanager also disable download the file from here and see the readme.txt for more help
Download Link:
http://w16.easy-share.com/1700126716.html
kmkmahesh | May 1, 2008 | Reply
hey Thanks Madhu Bro..
Hope more from u always..
I have a problem.. the memory of my new 2gb pendrive show only 256 mb what’s the proble…
Plz some one help me plz plz plz …..
khadka | May 3, 2008 | Reply
I got this exe in my thumb drive named Shahrokh.exe along with 2 hidden files named autorun.exe and autorun.inf
If I delete these files, they get created again. How can i heal my infected drive?
PS: The Task Manager is disabled and making changes in the registry to enable it does not work.
inferano | May 7, 2008 | Reply
i’ll make a tagalog version of your article for my friends…
…
BTW tweakUI can also be found on microsoft download center. It is a part of the Windows Xp powertoys
Anjelo del Carmen | May 8, 2008 | Reply
nice work dude!!!
can u tell me how remove {trojan} virus permanently….from my p-c,,its creating problem and could not be deleted by my anti virus{bit-defender}0:-
muqeem | May 13, 2008 | Reply