Top Tip! How to remove Virus from USB Drives
One of the ways by which a virus can infect your PC is through USB/Pen drives. Common viruses such as ’Ravmon’ , ‘New Folder.exe’, ‘Orkut is banned’ etc are spreading through USB drives. Most anti virus programs are unable to detect them and even if they do, in most cases they are unable to delete the file, only quarantine it. Here are the things which you can do if you want to remove such viruses from your USB drives
Whenever you plug a USB drive in your system, a window will appear similar to the one shown below
Don’t click on Ok , just choose ‘Cancel’. Open the Command Prompt by typing ‘cmd‘ in the run box. In the command prompt type the drive letter: and press enter . Now type dir /w/a and press enter.
This will display a list of the files in the pen drive. Check whether the following files are there or not
- Autorun.inf
- Ravmon.exe
- New Folder.exe
- svchost.exe
- Heap41a
- or any other exe file which may be suspicious.
If any of the above files are there, then probably the USB drive is infected. In command prompt type attrib -r -a -s -h *.* and press enter. This will remove the Read Only, Archive, System and hidden file attribute from all the files. Now just delete the files using the command del filename. example del Ravmon.exe. Delete all the files that are suspicious. To be on a safer side, just scan the USB drive with an anti virus program to check whether it is free of virus or not. Now remove the drive and plug it again. In most of the cases, the real culprit turns out to be the “Autorun.inf” file which mostly gets executed when someone clicks Ok in the dialog window which appears above. Thus the infections can spread
Security Tip
Disable the Autoplay feature of USB drives. If you disable the Autoplay feature of USB drives, then there are lesser chances of the virus spreading. A tool which can perform such a function is Tweak UI. Download it from here install it.
Run the program. Now you can disable the Autoplay feature of the removable drives as shown above. By following the above steps, you can keep your USB drives clean. If there are any other methods which you use, then share it with me through comments.
Popularity: 100% [?]
Related Posts
Very good tip! Thanks to this, I can finally remove the stuff. Now to scout for some PC to do the stuff….
Nice Tip.. Our IT told us also that when you plugin your computer you have to press shift until it finish reading..
Good tip !
I regularly scan my USB drive with anti-virus software and that works fine !
Thanks.
Hey nice tip, Madhur.
Now I can even remove virus from my IPod as well.
Thanks….
Great post.
..because of the reasons you mentioned above i never autoplay any USB drive plugged into my computer…just to be on the safer side.
[...] Kapoor – How to remove Virus from USB Drives One of the ways by which a virus can infect your PC is through USB/Pen drives. Common viruses such [...]
This is really a nice tip regarding USB drives as mostly viruses come from these USB drives.
Glad you liked the post guys.
Hi Madhur ……..
It’s a nice tip you gave but it has one problem. If the autorun virus is attached with some file inside the USB, then you cannot remove the autorun virus. Like if there’s a file named “ankit.jpg” (which is not suspicious), & this is the file that writes data in the autorun.inf file, then even if you perform the above mentioned steps, autorun virus will keep coming till the time you find ANKIT.JPG & manually clean it !!!
Cool tip Madhur. My system admin friends who work for a college will surely benefited from this article.
[...] How to remove Virus from USB Drives by Madhur. [...]
Nice trick buddy. A query : How to keep your pen drives clean? Lots of computers in my hostel don’t have good antiviruses. How can i keep my drive clean all the time. Just don’t tell me to don’t use the drive on such computers. lol
Waiting for a reply.
@Ashfame
First of all dont use the Autorun feature of the pendrive. After using the pen drive in your friends PC and before putting it back on your PC, just check whether there are malicious files listed above are present or not. I also distribute my pen drive in hostels but before using them on my pc, i take care to check it for viruses. Sometimes, even Anti virus are unable to detect anything.
[...] How to remove Virus from USB Drives by Madhur. [...]
[...] How to remove Virus from USB Drives by me. [...]
Recently my System also got infected by a pendrive
thank god i ahve backup , else my prize possesion would have gone by (song collection)
first of all disable ur autorun feature of pendrive, then when you attempt to open your drive, dont double click on your drive just right click on ur drive and then click on explore. doing this no virus will effect ur pc from pendrive
i have a virus called explorer.exe, autorun.inf and isetup.exe in my pendrive i did all possible things to delete these virus but cant delete it. so how to delete these virus form my pendrive
[...] How to remove Virus from USB Drives by Madhur. [...]
[...] How to remove Virus from USB Drives by Madhur. [...]
They should have calle it a USB condom.
[...] Fonte: Madhur Kapoor’s Blog [...]
[...] How to remove Virus from USB Drives by Madhur. [...]
the present virus in form is funny ust scandal .avi
how to remove that frm pendrives??madhur, the one u gave prevously was good.give me a solution for this!!!
i insert my USB drive then i click start then run and type cmd then type dir/w/a its more .exe file. example fotoku.exe,MicrosoftPowerPoint.exe, astry.exe, [.Trashes]
i type del fotoku.exe but it show Could not find H:\fotuku.exe
so what i do
help me
plz
Thanks it is nice idea to keep USB clean and fine.
nice idea for keeping usb clean
thanks to this i got rid of the RavMonE.exe virus.. bu i cant seem to delete “autorun.inf” .. how will i do this? and can you give me tips on how i can prevent viruses to infect my flash disk? thank you sir
we can use flash disinfector to remove most common pen drive virus check out http://digitracker.blogspot.com/2008/01/remove-most-common-pendrive-virus-and.html
to download it
Hi Madhur, i have a problem. i cant view hidden files in folder. when i go to options it shows smoe language very alien.. please advise.. thank you. adrian
If the virus files are not getting deleted, then please start the pc in safe mode and try these steps. Also i recommend using Nod 32 anitvirus. It successfully detects many of these viruses.
@adrian
That can be due to Ravmon virus . Search the net for its Removal tool and then run it in safe mode. Hope it helps.
My USB device is not functioning becuase of the virus win.exe. The autorun is not functioning also. I am having a hard time removing the virus. Can you help me?
Appreciate if you could advise/ instruct me how remove below kind of virus on my USB…. thanks in advance ….
S3UUPDATED64.dll.vbs
Hi Madhur..i Hav got a virus in my pen drive but it is a folder..I m not able to delete that..cud u pls help!
tks
Hi Madhur..i Hav got a virus in my pen drive but it is in a folder..I m not able to delete that..cud u pls help!
tks
thanks
i was facing problem with USBs
either not a valid win32 application or when clicking the icon of the disk it wont open and ask me the program to open it thanks these steps solve my problem without format
i insert my USB drive then i click start then run and type cmd then type dir/w/a i found kinza.exe file
i type del kinza.exe but it show Could not find i:\kinza.exe
so what should i do
help me
plz
realy super tip… from now onwards i can work with virus free usb
my usb drive has no virus, but sometimes the files cannot open…..what sholud I do?
hello madhur,
how do i remove the virus from my pen drive, ipod without it entering into my system?? since i just formatted my system and if i insert the pen drive am afraid of it coming in again.. thanks!
@madhu
disable the auto run feature of pen drive and then insert it.
If anyone is unable to delete a file on USB drive , try performing the steps in the Windows Safe Mode
[...] If you are still suspicious about the existence virus files on your pen drive, you can remove virus from your pen drive through command prompt by the method suggested by Madhur here in this article [...]
hey thanks , i cud remove kinzaa.exe through ur advice.
I have done as you suggested, but it will not allow me to delete kinza.exe and autorun.inf
Can you please help me?
Thank you
I deleted the file from the command prompt, but when i scan it using the AV, it still appears in the Quarantined List.How can this be solved?
I havent got the solution as the describe method.
it can not remove Microsoftpowerpoint.exe and also autorun.inf
KIndly suggest me the solution with screen shots.
@Dianna
Try performing the above steps in Safe Mode. IF ti doesnt work, then format your USB drive. Hope it helps
@inferano
Sometimes, when the AV quarantines it file, file cannot be deleted. Or some viruses replicate pretty quickly . Try formatting the drive
@Darshan
Perform the above steps in Safe mode.
hi,
i tried to remove the New Folder.exe virus folder from my pen drive according to your steps but not success.when in cmd i m giving dir/w/a it is showing this virus folder but while deleting it is showing folder not founded so please give me some solution. from last 1 vk m suffering……
i still couldnot remove any files
I have a virus called “asry.exe” its usually spreads through USB.plz tell me how to romove this virus
http://www.techtola.com/2008/01/ways-to-prevent-70-virus-malware.html
Check out software restriction policy in that post…
You can prevent many viruses
PLease PLease give me ur comments to improve that article
http://www.techtola.com/2008/01/ways-to-prevent-70-virus-malware.html
Check out software restriction policy in that post…
You can prevent many viruses
Please give me ur comments to improve that article
Good morning,
1. Thank you for sharing your experience with us. We removed RavMonE.exe from my usb flashdrive. We followed the steps you’ve mention and it works. Thank You for sharing your inputs to us.
2. I still have one (1) usb left 4gb. I’m sure that there are virus in it, because the computer cannot detect my 4gb usb but i can see or it is appearing on my computer. I followed the tip you’ve mention. I opened start button, then go to “RUN” and type CMD. After that i changed the drive to my flashdrive, but the computer cannot detect my flashdrive (“cmd.exe – no disk”). How can I open my flashdrive? Please help me to remove the virus? Kindly email me the steps on how my computer can detect my usb flashdrive. (TAKE NOTE THAT, I CAN SEE “REMOVABLE DISK” ON MY COMPUTER, BUT THE COMPUTER WILL SAY “PLEASE INSERT DISK ON DRIVE D:”
Please help me. Thank You very much in advance!
hey man
my usb drive was infected with some unknown virus
i scanned it with updated antivirus softwareS but no result
than i searched on google and found ur post
i did ur trick and still cant belive it was gone
amazing U
amazing ur TRICK
thanx a lot
the suspicious names were
fotoku.exe
tikno.exe
and plenty of them were there
i had the same problem like u
u shd try this
insert ur pen drive
press cancel when asked for autorun (as madhur said)
click on safety remove to open the SAFETY REMOVE box
now dont remove pen drive
go to it select the bad files (fotoku astry etc)
shift+delete
u r done
try n reply
i am having a pen drive after some time it again appears earlier it was empty but two days ago i found there were two folders named application and love when i delected those files it was deleted but after 3or 4 seconds it again appeared i formatted my pen drive but still it is showing those two files help me out gettin rid of those two files plzzzzzz and yes thanx in advance
@karthik
Thanks, will try that too
@rajat
Try the above mentioned steps in Safe mode and definitely remove the Autorun.inf file
see madhur ihave tried what u hav suggested
evrything worked but at the fianl stage i.e. at deleting for example:”if i type del newfolder.exe” it gives me a back answer saying cannot find new…
and i hav another problem too
i hav an net connecion and whenever i download any file from IE the download box appears but the download does not start
and
any change i make in my pc gets reseted by itself
pleaseeee help me
see madhur ihave tried what u hav suggested
evrything worked but at the fianl stage i.e. at deleting for example:”if i type del newfolder.exe” it gives me a back answer saying cannot find new…
and i hav another problem too
i hav an net connecion and whenever i download any file from IE the download box appears but the download does not start
and
any change i make in my pc gets reseted by itself
pleaseeee help me
[...] How to remove Virus from USB Drives by Madhur. [...]
I haven’t read this tip before…A bit late but this is what I’ve been looking for. Opening USB drives from command prompt is new for me. I’ll practice it. Thanks.
Thanks man!!!!
i haven’t been able to some of my files stored on my ipod – i’ve removed the autorun.inf and was able to access the files – do you think the drive is clean now?
Great article 10/10
ur advice about the anti virus are really very helpfull,,
i will definitely follow them while attaching a storage device to my system.
keep giving such advices on other topics also.
[...] of the ways by which a virus can infect your PC is through USB/Pen drives. Common viruses such as ’Ravmon’ , â€New Folder.exe’, â€Orkut is [...]
Tnaks sir its damn gud idea to remove virus from USB pen drive. its really works very well. also keep giving ideas to removw viruses from PC’s from command prompt..
Hi Madhur,this is Sridhar.I gt a new kingston 4gb driven when i had struck wid virus in pendrive i used the technique u said but its nt working,after seeing the contents in the pendrive iam unable 2 del them,they r nt going from the pendrive …..
i had typed “del autorun.inf” and “del TunerSetup.exe” many times but those two files were nt deleted .so what shud i do ….plz help out me
by the way when i plug the drive and double click it is saying “some files could not be created ,please close all applications,reboot windows and restart this application”,here in this error if i click “ok” its showing like some thing is being “extracted”,but when i right click and open (or) explore iam able 2 see all the contents in drive …still i dont wat 2 c that popup msg …..plz help me out ….. i think i had got this error due 2 TunerSEtup.exe virus
plz plz tel me hw 2 del that both the viruses by tomorrow…..
Urs frnd Sridhar
Hello Friend
Can u suggest solution for removing bloodhound.packed.jmp
Thanks….Urs is a great site
there is one more method i used for this
first go to command prompt
and go to c:
then type the below command
cd config
and
attrib -s -h *.*
del *.*
cd spring
attrib -s -h *.*
del *.*
before doing all these thing open task manager and search for svchost.exe that running on the current user and stop that process and do the process once more and nod32 antivirus is detecting it and also removing it
if the regedit, taskmanager also disable download the file from here and see the readme.txt for more help
Download Link:
http://w16.easy-share.com/1700126716.html
hey Thanks Madhu Bro..
Hope more from u always..
I have a problem.. the memory of my new 2gb pendrive show only 256 mb what’s the proble…
Plz some one help me plz plz plz …..
I got this exe in my thumb drive named Shahrokh.exe along with 2 hidden files named autorun.exe and autorun.inf
If I delete these files, they get created again. How can i heal my infected drive?
PS: The Task Manager is disabled and making changes in the registry to enable it does not work.
i’ll make a tagalog version of your article for my friends…
…
BTW tweakUI can also be found on microsoft download center. It is a part of the Windows Xp powertoys
nice work dude!!!
can u tell me how remove {trojan} virus permanently….from my p-c,,its creating problem and could not be deleted by my anti virus{bit-defender}0:-
Thanks Madhur,
I’ve used a few antivirus programmes on different machines which detect a virus on my USB device, but never get rid of it. Hours of rumaging around on their websites revealed no informaton as to how to remove the damn thing. After reading your site, it took a couple of minutes to remove an autorun.inf file.
Keep up the good work!
[...] and the english version:http://www.whoismadhur.com/2008/01/26/how-to-remove-virus-from-usb-drives/ Technorati tags: usb virus, remove ravmon, remove virus from [...]
[...] to remove Virus from USB Drives One of the ways by which a virus can infect your PC is through USB/Pen drives. Common viruses such as ’Ravmon’ , â€New [...]
i tried alll the said method to remove MicrosoftPowerPoint.exe from my pen drive but its still there and cmd says could not find MicrosoftPowerPoint.exe. kindly sugest me how to remove this.
Also when ever i scan my system with AVG. if virus found that perticular folder changes its attributes and i will found it only when to burn any cd.
OMG thank you soooo much!!! Your article really helped! The USB virus gave me such a headache when it infected my portable hardrive! I was beginning to think there’s no hope for saving it. But luckily I found this!!!
Thanks heaps.
[...] know how to do this? My friend Madhur shows you how to disable the USB autorun feature manually or using Microsoft’s Tweak UI [...]
gr8 stuff daa,thanks !
First thank you very much but i can’t remove the virus .I read it and tray to remove but it dosn’t rmove please if you have other semple way hellp me . I have doucoments in my USB SO PLEASE.
There is a backdoor bot in my pendrive that creates a folder named RECYCLER which has a sub folder. This subfodler contains a copy of the spoolsv.exe.
Now my system is infected. How can this be removed?
Thanks friend ,
you made my job easier…..
Thanks again ……:)
Many Thanks for the useful info – helped me clear my ipod of autorun.inf & svchost.exe
Thank you for your assistance Sir Madhur Kapoor. Am now able to remove these nugging viruses from my PCs. Thank you for sharing your knoeledge. In IT no one is the best we learn through sharing. IT is a dynamic and diverse field of study thus we should learn from each other. If I get something new I’ll share it with you.
My IPOD is not read by any computer. Some one can help me. It can be virus, but how can i remove while not reading.
attrib -r -a -s -h *.* command does not work, I’m using XP.It says the command is not recpgnized
Hello,
I recently got an attack of kinza.exe. My usb drive has no files at all(no hidden files, I am sure, for ‘view hidden file’ is always enabled). The USB was completely blank after a previous quick format. Yesterday when I inserted it into my pc it took very long than usual to open. After It opened i found kinza.exe and autorun.ini automatically created. And my antivirus program reporting a virus on usb. But it could not delete the files. I tried to delete manually in normal mode but without any success.
Later I deleted files from RHEL5 and thought it is removed from the system. So feeling safe I inserted my iPod nano and alas; it got infected too. That means my pc is already infected with the virus.
Can you please tell me what is the source of kinza.exe? is it internet? if so what sort of sites? adult sites?
The pc I use is a shared pc installed at work place.I found somebody has accessed some x-rated adult sites from that pc. can this be a cause?
The virus causing lot of problem for I need to carry work-stuff to home via pen-drive every day.
Can you please suggest how to get rid of kinza.exe and what precautions to be taken so that this does not happen again.
Many thanks in advance
Thanks so much
Hey!!!
The one of the best way to keep virus away from your PC through your pen drive is, Juss neglate the Autorun option(i.e. cancel ).Open my computer.After that right click on your pen drive Drive and select explorer which list the file inside your pen drive and if the hidden file till hidden then go to <> <> <> select <> click <> . Now it show the hidden files on your pen drive(i.e. virus usually stay in hidden form). Juss select the suspicious file and Press Shift+Del for deleting the virus from your pen drive.This is a manual process for remove viruses from your pen drive.
ENJOY!!!!!!
Hey Dear Mukul chaudhuri!!
I got your post for the kinza virus.Hey man It is catagorized as spyware not virus it make a cheat mail on which it record all the typed word from your keyboard and send it to the some emailaddress(I dont want to flash it). This virus left various type of its clone on the infected pc so it is hard to remove,if once removed then the clone activated and again it started to work.so if you want to remove the kinza virus from your system then here is the URL for downloading its removal tools.
ENJOY!!!!
The URL is
http://fewanet.com.np/download.htm
and clck on KinZa Removal Tools to download.
After download run the tools and restart your pc. now you r free from KinZa virus..
hai friend mukul chaudhry
iam suffring from a serious problem. my system was infected from any virus since december till then i have used many anti viruses but they are unable to remove it. only kaspersky has detected as autorun in my all the drives but he is also unable to remove it.nod32 also detect some viruses but is unable to remove them. my computer has become very slow.and i found very difficulty in running internet on it .now iam unable to update my antivirus softwares. problem is i did not want to format my computer. please give me some advise.
najeeb ahmad
Hello Everybody,
There is a batch file for kinza removal. Using this is very easy.
I have lost the original source so I have placed the original pacakge to my server.
Download the file from here
http://www.stalagmitedev.com//div_template/kinza.zip
and follow the Instructions written here
http://solution-world.blogspot.com/2008/02/kinzaexe-removal.html
hey man
nice tip but one of my laptop has been affected. what do i do to remove the virus (which came from my usb) in my laptop??
tell me!!
Okay wait.. The name of the virus is the name of the folder ie. if the folder is CrisRonaldo, there will be a CrisRonaldo.exe file in the virus. After clicking it, it links to My Documents. It affects My Documents only. I got an Internet Explorer file with it too which had some 5 laws. It was in some other language but one of them had: stop sex slave, prostitution.
If anyone can reply, please help me by replying back!!
Thanks Mukul, for deleting the virus in my USB but I need to delete it in my computer.
Any help? Suraz?? Pawan?? Jaldi [fast]!!
Dear gavin,
I Got your blog with problem. the nature that you describe above is, i think it is a trojan horse.Which make the copy of itself, or copy of some folder that is infected to the system.You can mannually delete those problem.Either use of latest updated Antivirus or with your mannual process(i.e:antivirus may include).Once try it removing with your Latest antivirus like NOD,AVG,Macafee etc, If it is not working then you can try it with your mannual process.Let me tell you some mannual process for removing the viruses(i think some are mentioned above).For mannual process the antivirus SAVCLI is important for removing all suspicious vbs,exe,dll formats file from your system.1st install a copy of SAV32CLI to your system and restart your system on safe mode.after that open command run SAV32CLI. dont panic it will remove all the suspicious file from your system. I think it will work. or try goog about SAV32CLI and using about it.
EnJoy
!!!!!!
hi madhur,
i tried ur trick but it didn’t work…after following the same all u said when i typed dir /w/a the same virus RECYCLER FOLDER and an autorun.inf file was there ……
plz help me out!
hi,
i tried it again and this time i entered in the recycler folder and deleted the autorun.exe file now after applying this command in dos it is displaying
autorun.inf [RECYCLER]
1 file 201 bytes
i dir 19…………bytes free
what does it mean, am i now free of virus or it is again here?????
plz help…
The idea given by you for removing virus New folder.exe is not working. It will show the file Newfolder.exe but if you give del New Folder.exe it shows G:New not recognised. So pleasegive me solution.
The easiest way to remove these kinda viruses is to download live one care.
go to http://www.killviruses.net to delete these virsues. And It has the free trail on the website.
I had a Brontok.E worm and i killed it with CompactAv and Brontok Washer.. Everything is fine now…
Thanks suraz!!
my friend faces a problem with NewFolder.exe i think. It disables his Command Prompt and TweakUI…
how do i delete the virus if i cant go to command prompt in his pc
and my usb is affected even when i cancelled the autoplay option tho it was installing some new hardware…
any help??
is this brontok or kinza or what?????
Thanks a lot fellas for helping me!
verdikt
Try this URL to download the software,,,
http://fewanet.com.np/download.htm
The software you can download to use is Hijackthis. Once download the software run the software and remove the setting that is disable by virus. kinza disable the Task manager but it wont disable the Command prompt so that it is other virus on your system. Hijackthis is the software which delete the registry setting (i.e setting disable by virus like command prompt task manager).
Enjoy!!!!!!!!!!!
Turn off autoplay for good…
Start>>run>>”gpedit.msc”
On the tree to the left…
Computer Configuration>>Administrative Templates>>System
Search the items on the right for
“Turn off Autoplay”
Double Click
What you do next is based on your intelligence
i wll ask from mother and then i will download this fill.
Hi there guys, I’m facing a big problem with my Norton AV which I can’t open for quite some time. The pop-up keeps saying that windows cannot find the ccApp.exe file in the Symantec Shared folder, even when I browse that folder manually and finds it there, and clicking on that exe file itself also doesn’t start up my AV.I can’t seem to be able to turn on my Norton from anywhere, that start menu, my desktop shortcuts, etc… Am i facin a new bout of virus attacks? Would appreciate any help of any kind!!! Thank you so very much!
Astry virus spreads through pendrives. Open the pen drive and go to edit-select all. If it says there are hidden files , it is astry virus and your pen drive will become unusable.
It is difficult to even format the pendrive. Hence–start the machine and keep pressing F8 to start in “safe mode with command prompt only” Type the following:
Format H: (assuming H is the pendrive letter)
It will ask “Do you want to force dismount?”
Type Y for yes and formatting will be completed
Immediately remove pen drive
The virus will enter again if u use the infected machine. Try to follow instructions in symantec website
http://www.symantec.com/security_response/writeup.jsp?docid=2007-111500-1533-99
To change registry entries, go to a clean PC and note down the readings, which may help
Mcafee cannot protect agains this virus, )I use an updated version)
I have a Lexar jumpdrive USB, which shows up as a green arrow in the right/bottom icon menu on the screen. The drive does not show up as an icon in the My Computer window. Right click on the arrow icon shows the device to be working properly (but I can’t locate it).
I suspect this means I have a virus, but how can I remove it?
i already used these formulas but unsuccessful.
in my pendrive these(autorun.inf,isetup.exe,explorer.exe) files exist .i formatted my pendrive 4 to 5 times but unable to remove thise files.formate will compleate successfully.these files shows again & again while chacking on cmd prompt. and antivirous detectes these files.please if u have any solution give me.
Regards
–
virender
my pen drive has become write protected when i copied nero software files individually from the software cd(supplied with the dvd writer sony 835A) and even changing attribute in cmd commands i am unable to change the attribute(using attrib -r -a -s -h). i don’t think there is any virus but i cant add or delete data from my pen drive.please help.
Hey Suraz…..! I know you are a talented person but that doesn’t means that you expose it to whole world by sending BLOG’s in this web site…. so keep your mouth shut or keep your mind closed to others……
@Wilson
I think your Norton installation is corrupted, you should reinstall it
@Virender
There is a chance that your PC may be infected, try formatting your Pen drive i another PC and see. And don’t perform Quick format, perform a full format
@Jacques
This can also happen when there is some problem with the USB drivers or Pen Drive itself.
Hi friends i read all comments on this autorun issue
i always believed in preventing rather than letting my PC get infected.
well talking to point i would just like to inform you about a utility
i made to remove or disable any autoruns
you can download my utility freely from
sujeet.saraf.googlepages.com
and can also find other interesting utilities as well
you are welcomed to send any bug reports or suggestions.
Thanks.
[...] How to remove Virus from USB Drives by Madhur. [...]
hi
i m using 4gb pen drive and effected Ravmon and every times its shows a “new folder.exe”. But now it remove without loss any data for blessing of TweakUiPowertoySetup.exe.very powerful software. Thankx for your valuable support.
Thanks, you just saved me a lot of hassle!
Hi friends i read all comments on this autorun issue
i always believed in preventing rather than letting my PC get infected.
well talking to point i would just like to inform you about a utility
i made to remove or disable any autoruns
you can download my utility freely from
sujeet.saraf.googlepages.com
and can also find other interesting utilities as well
Thanks.
In my computer i have a virus.When i tried to hide any folder or document or picture etc.When it hide it become always hide.So, sent me an email how to remove virus .Please..
hi Raju
i have also faced the same problem earlier, probalby it happens due to some viruses that makes you folder a superhidden one.
all you can do is to go to run then type regedit and search for superhidden registry key and set it to 0 it will make all the hidden folders visible.
raju this is how you can nevigate to the supper hidden key type regedit in run the nevigate through this in the regeistry editor
: HKEY_CURRENT_USER\Software\Microsoft\Windows \CurrentVersion\Explorer\Advanced.
but raju plz do it carefully supperhidden files are made to prevent it from by-chance deletion of windows precious files. so when you will be able to find your folder change its attributes to read and archive then again reset this superhidden key to 1.
Could some help me in formating my ipod as i am unable to format it and also i am not able to copy any songs into it.
Waiting for reply Asap.
hillo..but another net solution…
1. Open “My Computer”
2. In the menu above, click Tools –> Folder Options –> File Types
3. Find VBS, click it and click delete. Find VBE, click it and click delete.
4. Now, click View tab. Tick “Show hidden files and folders”
5. Click apply and ok.
6. Now, go to your partitions (your drive c:\, d:\, e:\, etc.).
7. Open each drive. You should see COOL USEP SCANDAL.vbs in each drive. Click it and hit delete in your keyboard.
8. Don’t forget to empty your recycle bin.
9. Open again your drives, you should see SOWAR.VBS and AUTORUN.INF. Delete these two and don’t forget to empty recycle bin. If you can’t see these two, restart you computer.
10. Now the next step is to download and install a program called HIJACKTHIS –> http://download.hijackthis.eu/...
11. Once installed, open it and click DO A SYSTEM SCAN ONLY.
12. In the end of each line, find and check these in their box:
a.) Long Live Sowar
b.) http://www.redtube.com... (do not open, this is a porn site from that virus)
c.) DisableRegedit=1
d.) SysRes.vbs
e.) Control Panel Present
13. Check those boxes and click FIX CHECKED. Do a restart. That’s all
thks….
but another way..
1.
Before inserting the USB drive into your computer, you must enable first the Show Hidden Files Option. How can you do this:
Go to My Computer and select the Tools tab, then Folder Options. After the Folder Option box appeared, click the View tab. As you have see the Files and Folders groups, under your Hidden Files and Folders please enable now the “Show Hidden Files and Folders” option and also uncheck the “Hidden protected operating system files (Recommended)” option. And click Apply then OK button to apply the setting you changed.
2.
Disable your Autoplay drive setting
Go to Start Menu then Run and type gpedit.msc, when the Group Policy appear go to Administrative Templates, then System, double click the Turn Off Autoplay and select the Enabled option and select All drives and click OK button to apply the setting you changed.
(Note: Either you can not do this step and you can move to step #3, but sometimes some viruses once you inserted your USB drive, the virus will executed in process of drives autoplay setting.)
3.
Insert now your USB drive, press Ctrl + R to open the Run, then type where your USB drive is, it maybe like this drive D:, E:, F:, or G: after you USB is open, delete the all unknown hidden files in your USB drives if they exist. Like example: copy.exe, svchost.exe, scvhosts.exe, New Folder.exe, Data Administrator.exe, smss.exe, FunnyUST Scandal.avi.exe, Autorun.inf, amvo.exe, kavo1.exe, kavo.exe, Temp1.exe, FS19831.vbs, Azkaban.vbs, Azkaban.bat and many more……
4.
Unplug your USB drive in Safety Removable method. And insert again to check if the virus was remove by using this steps.
OK you are done! Have a nice day! Hope this tips will help for everyone.
hello mam i cant see system file i.e(RECYCLER folder) on my c drive though my computer is not infected by virus but my other drive like d drive and e drive shows RECYCLER folder. so is there any way so that i can see RECYCLER folder
thankyou
hello madhur,
i cant see system file i.e(RECYCLER folder) on my c drive though my computer is not infected by virus but my other drive like d drive and e drive shows RECYCLER folder. so is there any way so that i can see RECYCLER folder
thankyou
hey mathur!!!wats up???thnks for the help…saved my usb…
Thanks to you, now my USB stick is clean.
I have a parasite fujack on my ipod. Will this work safely for me.
The autorun.inf virus has troubled me for months. i have formatted my pen drive about 20 times but again when i use it in a different computer the problem appears . And what to do to remove the virus from my computer . Is there any way to clean the computer without formatting my c: drive
u can press Shift Key continously before inserting and holding the shift key insert the pendrive
autoplay will not function
now scan with antivirus or manually delete using
Mycomputer–>Right click ur Drive[..]—>Open
…
simple
Manish
mercy and peace be upon you all.
Thanks for your tip.I have just removed kinza.exe as per your guidance and my flash memory is out of it. thanks again. keep your good work.
Great tip…
Type the following to recover missing folders on a flash drive after a virus infection: as above “attrib -r -a -s -h *.*” but ADD “/s /d” after the *.* to unhide the folders also.
Most times the folders and sub folders are simply hidden and not deleted…
Thank you for your tips
i follow ur trick but no file found, but i know there is virus. anything i put become empty.
tell me something.
Jerame,
I am using XP, I do not see any folder option-file types in My Computer. Are you using another OS? Thanks.
hillo..but another net solution…
1. Open “My Computer”
2. In the menu above, click Tools –> Folder Options –> File Types
tnx 4 ds nice tip. .
Jerame,
In my Windows XP when I open “My Computer”, this is what I can see under Tools ->
Map Network Drive…
Disconnect Network Drive…
Synchronize…
I do not see what you have written below:
1. Open “My Computer”
2. In the menu above, click Tools –> Folder Options –> File Types
What could be the problem? Thanks.
SoWar.VBS had just infected my usb and my pc. what should i do? i tried to delete autorun.inf from my usb but it kept on reappearing. a porn site has invaded my explorer. how do i get rid of them without reinstalling?
@jeatte
Check this
http://norton.lithium.com/norton/board/message?message.uid=10704
@chutz
That may be because of Virus infection. Try this
Go to Run –>gpedit.msc
User Configuration –> Administrative Templates –> Windows Components –> Windows Explorer
Enable and then Disable “Removes Folder Options menu from Tools menu”
Close all windows explorer windows and then open again.. Hopefully it will come back
Madhur, thanks much, very helpful.
For anyone needing a reminder of commands for prompt, I found helpful
http://www.ss64.com/nt/
awesome… solved my new folder.exe virus. thnx
I would like to join this site and have a membership ID.
I am in Tanzania working as IT specialist for 14 years, I have found this site is very useful.
Hi Madhur,
I have 4GB USB drive. I have bought it just 2 months ago. It was working fine before but now whenever I want to delete any file or folder from here then the message appear that USB is write protected and data can not be removed. I have tried to change the attribute from cmd as well but I’m not successful. I even try to format it but not succeeded. Pls suggest me what to do?
Thanks alot in advance.
@Sami
Try formatting the drive. Can you also check whether there is any tiny switch on your USB drive which you can slide up or down ?
Hi guyz, I have a problem with my usb. There are documents I cant delete: raiko.doc and autorun.inf. How can I delete this items? I think its a new type of virus since my old pc cannot detect it.
sir
there is a new folder on my pendrive name sandisk .and when i load some folder it create same foler on this folder.sir pls tell how can i remove this newfolder
im unable to delete the virus new folder. it says cannot find new
hi i am manjinder singh i m solb the this massage with ((USB)) all data drives as pen drive / hdd / mobile card /and other USB drives remove virus with NERO OPEN /DATA CD / ADD / FILES / IN WITCH DRIVE / DATA SEE U /PEN DRIVE HAS USE FILES BUT SOME FILES NOT USE HE WILL REMOVE IT YOUR VIRUS REMOVE IT AND NERO CLOSE AND REMOVE ALL USB DRIVE HE WILL AGAIN PLUG PEN DRIVE AND YOUR MASSAGE HAS GONE (((OK)))
I reccommend this is more easy jejeje: SOKX PRO 1.0
Official website: http://sokxpro-en.blogspot.com/
It is a software application whose function is to protect the USB devices of the autorun.inf file, which active the file .exe, .com or .bat that contains viruses that infect both the USB device as a PC desktop or a laptop into which they are connected.
SOKX PRO 1.0 works with USB flash devices without software pre-installed from the factory (eg U3), mp3 players, external USB hard drives and in general with any USB storage device.
It’s an apedemia of antivirus 2008 already as i see with my logs . Every user has this virus
Hi,
I have a virus on my flash called RESTORE.exe which i cannot remove. I’ve formatted my USB numerous times over and it just pops up again after a few seconds. It’s a hidden file so i cannot see it on pc’s that dont have their hidden folders visible, but when i run a scan using AVG 8 (freeware) and Sophos AV it see’s the file but does not detect it as a virus – just says that no threats were found. I tried this method you described but it always says “autorun.inf cannot be found” even though it shows up in command prompt. Please can you help?? I have all my thesis data on the flash and i’m scared to copy any of it to pc in case the virus gets copied too!!!
@Jerry
Have you tried the above mentioned opeations in safe mode. And please also check whether the hard drives in your computer also contain autorun.inf file or not.
nice tip you share.. i like the way you share your knowledge regarding of spreding the virus
great, i finnaly removed that junk from my usb stick. thank you for sharing your secrets with the world!
i insert my USB drive then i click start then run and type cmd then type dir/w/a its more .exe file. example fuck.exe,MicrosoftPowerPoint.exe, astry.exe,
i type del fotoku.exe but it show Could not find H:\fuck.exe
so what i do
help me
plz
Thank you so much! This was very helpful, now I can get some work done.
hi all,
i have 16gb pen drive. when i used first time it shwon virus in pen drive i have delet this virus and format the pen drive but after that it is not showing any file in pen drive and unable to format also, give some solution. how to format this pen drive .
I did what you suggested (and even consulted with several other sites) but I still can’t delete the autorun.inf file from my iPod and my USB device.
I removed attributes, force-deleted, and ran the antivirus on my iPod but the autorun.inf kept coming back just a few seconds after I deleted them. (which is weird because those methods usually worked.)
Any other suggestions/help would be greatly appreciated. Thanks!
I make a program that auto delete a virus who gets thru to my flash drive. It delete itself without prompting. I call it iShield. I am using sandisk U3 flash drive because this flash drive i can set my program to autorun whenever i plug it so that the virus cannot get inside. It 100% work in xp and vista. And if i can’t eject my flash drive to a infected pc i put some force eject program also.
To those who want just e-mail at bluserver@gmail.com
Please give me suggestion on these topics.
1.if there is virus named autorun.inf,newfolder.exe in the usb drive.Then please tell me to format usb drive & how to delete these virus.
2. if i copy some folders from my virus infected pendrive, then every copied folder contain another folder of same name in it
and it showing size of 603kb.if i open that folder nothing is there.
@Nitin
Try formatting the USB drive or scanning it with an AV
@bipin
Does the drive icon appears when you plug in the pen drive to your computer
Please give me suggestion on these topics.
1.if there is virus named autorun.inf,newfolder.exe in the usb drive.Then please tell me to format usb drive & how to delete these virus.
2. if i copy some folders from my virus infected pendrive, then every copied folder contain another folder of same name in it
and it showing size of 603kb.if i open that folder nothing is there.
Hello i think it’s brontok virus. You can use avg 7.5 it well delete that all. don’t use avg 8.0 it’s a crap anti-virus.
Formatting flash disk is the last option you have. But even thou you format it the virus is spreading because you already open your pendrive and you run it thru autorun.inf so the virus well back again. The safest way to open harddrive, pendrive etc. is not clicking the drive in my computer. Use the address bar above it won’t make the virus run.
Hi there, i was able to remove that virus in safe mode, so thanks a huge bunch!
. Tho now my usb no longer opens the way it used to i.e the autorun pop-up doesn’t pop up when i insert the device into the usb port. Instead it just open the folder on it’s own??? Any idea’s anyone?
In which you remove the virus? In the system and your pendrive, system only or pendrive only? Removing virus from your pendrive is useless when the virus is still running from your system. Try to remove the virus from your pendrive in non infected PC. Don’t open your pendrive instead go to command prompt. Locate your drive letter type attrib -r -h -s *.* this will show all hidden files.
Ex:
G:\attrib -r -h -s *.*
don’t delete yet the autorun.inf
type edit autorun.inf
it will show you the info of the name of the virus.
Ex:
[autorun]
open=asdf.exe
shell\open\command=adsf.exe
shell\explore\command=asdf.exe
so asdf.exe is the virus
now you can delete the virus name asdf.exe and autorun.inf
If you are infected of brontok virus you must go to every folder and look fo a look a like folder and point the look a like virus and look for the description in the left if it is application delete it. Well it’s a waste of time to search and delete this virus just use avg 7.5 it will detect and delete it all. ^_^
Hope this help..
Hi Madhur..
I hav one question..
My pen drive cannot format..
The autorun.inf makes my pendrive always working till cannot format… >.<
Please help me!!
Hello Sonic, I think it’s not the autorun.inf causes that you cannot format your flash disk. autorun.inf is not a program it’s a setup information use only to run programs he set thats why it’s called autorun. If you cannot format your pendrive the cause of these is there is a program running from your pendrive or an active virus want to infect your pendrive. To format your pendrive kill all the running programs that came from your pendrive or virus running from you PC because virus have a loop command. You can also format your pendrive in DOS mode using windows 98 fdisk.
That’s all hope this helps…
Madhur,
My pendrive got more virus..
But I can’t delete it.. it says
“Cannot read from the source file or disk”
What should I do to delete it?
The format problem also not solve yet..
Hi again Sonic, You can’t just delete the virus because virus are set to read only and hidden. Using simple commands such as delete or erase it can’t solve the problem. In my case I advice you to use a un-infected PC from virus or clean PC because deleting virus from infected PC is useless if you don’t know what virus you’re dealing with. Plug your pendrive on clean PC and press shift two or three times, make sure you’re using a clean PC.
Note: Once the computer detected your pendrive don’t open your pendrive.
There you can format your pendrive.
“Your PC is infected try to clean your PC”
Don’t just rely on any anti-virus because the’re sucks!! Anti-Virus rely only to the database what the developer gave them that’s why we need to update them. Try to be an ethical hacker this will solve all the virus problem.
Hello everyone,
For those not aware, The Right-Click “Open” method to open a Removable drive is no more safe. With a modification in autorun.inf , this method can be forced to run any application used in the autorun.inf file.
The best option I have been left with to open a USB drive would be
1. Windows default pop up “What do you want windows to do?” -> “Open folder to view files, using Windows Explorer”. That usually comes automatically when u plug in a drive.
OR
2. The Best I believe – Use the “Folders” u see above the address bar in Windows explorer and click on the drive u see on the left pane i.e. the TreeView of the My Computer.
Thanks for the help Blueserver ^^
I’ll try to format at clean PC.
Thanks alot ^^
[...] : Who is Madhur :hack email, Hack Facebook, hack Facebook password, hack Hotmail, hack Yahoo, hotmail com, [...]
very good,
thanks for this subject
Thanks
Hello sir,i used ur technique to remove virus from pendrive but it did not work,kindly give me some new tip on my I D.The virus inside my pendrive are namely New Folder.exe;regsvr.exe & system.exe;
i will be hoping to hear frm u
Thank u
hi
my cool disk had this virus
i download this program and install it but i dont know what should i do now?
please help me
Do you have any anti-virus? Co’z this virus is too old anti-virus will detect and erase them. Please reply me if this features of windows will work. ctr+alt+del or task manager, in start menu > run type cmd or regedit. Co’z mostly viruses disable this features to make them hard to get. In deleting virus you should kill the root virus runs from your pc to prevent them from spreading. Thanks i’ll wait your response..
hi! tnx der, I owe you, you’re the best.. tnx 4 ur concern about that info…u
Tip to become the most protected computer from virus.
1. Download Faronics software Deep Freeze latest version.
2. Download Windows Installer Ver. 3.0 you might need this later.
3. Download Net Framework 2.0 or higher.
4. The last download ArpanTech iKill.
Setup Tip.
Before Installing this programs you must have a partition first. Two or more partition.
Now your change your my documents target folder to any drive that don’t have windows system. Right click my doucments folder and look for target folder and change it what ever you want.
If you’re done do this. Install first Windows Installer 3.0 if you don’t have, next after windows installer install Net Framework 2.0 or 3.0 if you don’t have. “If you have this programs installed already in your computer no need to install them.” Now if you’re done install ArpanTECH iKill and when iKill finish installing configure it check all box and set 1 seconds refresh time. So the last install Faronics Deep Freeze and freeze only the system drive. Then restart your computer. “Do not freeze other drives for saving purpose.”
This tip will protect 100% for your PC.
Right now i am making a program that will protect your flash disk anywhere. I will post it if i’m finish. ^_^
Ooppss… Sorry im wrong. Right click my documents folder and select properties. In My documents properties look for Target Folder Location and change it for saving purpose.
Thank you so much! After spending hours with so called “pen drive virus removal tools” your tip worked for me. Kinza.exe is now a thing of the past. Thanks again dude, you rock!
thenkz alot…it really works….
plz view my blog
http://www.poliamkowts.blogspot
thank you!!!!!^_^
Hi, this a very nice solution to remove virus from the UB drive…. Thanks a ton…
Hi, try this it really works. It did work for my USB drive. the solution given above really works…
^_*
I developed a program that auto deletes the virus. The program runs as background of windows, when the virus enter to your usb flashdrive it will auto delete and it works fine but the program won’t run unless you run it by yourself. Well there is one thing to run automatically the program everytime you plug your flashdrive. In my case I am using U3 flashdrives. If you like my program please post a reply. Thanks..
how can u view the files of the USB from the “safe to remove” box?
Oh my GOD!!! Thank you so much for this post, my portable hard drive kept getting my computers viruses, thanks to your post i deleted them, thanks a million!!!!!!!!!!!11
dude that was awesome… u r awesome man,… fixed my hdd with ur technique… big help bro…
Hi Madhur – I have a virus called δ<ÉMSDOS.5.0 in my MP3player/USB drive. Please tell me how to remove it. Thanks
Could u plz send me this program which automatically deletes the viruses
m still not able to delete autorun.inf using cmd. If I delete it using the given procedures, it again comes
Plz help me It is really frustrating
What if I open the USB using ‘explore’ option and disabling the hidden option I copy only the required files. Will it still affect my PC I mean will virus be coppied now?
Deleteing virus using command prompt without killing the virus runs in your system is useless.. You can only delete it if all running virus is dead.
Opening USB using explore option. Take a look of this, this is what virus autorun script is:
[autorun]
open=virus.exe
shell\open\command=virus.exe
explore=virus.exe
shell\explore\command=virus.exe
shelldefault=1
So using Open or Explore options is wrong!
Best way to open is use the address bar above.
If you cannot remove the virus read the blog from the top you can find some usefull there. ^_^
THANK YOU!!!!!
usb kingston 8GB is a real shit. The information you save on it, then is altered and lost, so I recommend not to use kingston usb….they are a real shit. My previous usb boston 1GB never caused me problems, but Kingston is a shit, when you save information, you lose it when you try to read this information on another computer….Last 2 hours to save 400 MB from your computer to the memory…kinsgston is extremely a shit
Hello, I recommend USB PROTECT. remove and prevents the virus from usb. Is the best!!
download:
http://www.laesoft.com.ar/descargas/usbprotect.php
Is this USB Protect will be install in the PC or in thumb drive?
I tested your USB protect but it only delete the autorun.inf but does not delete the virus program. Deleting autorun.inf is preventing only for running the virus from opening the drives. If the virus program is not deleted you still carrying the virus. I recommend use iKill it deletes both autorun and virus. ^_^.
To remove virus from the memory usb…istall the FLASH DISINFECTOR program on your pc and run it with the memory usb plugged in your pc. Then you can open the files form your memory usb without any problem.
To remove virus from the memory usb…install the FLASH DISINFECTOR program on your pc and run it with the memory usb plugged in your pc. Then you can open the files form your memory usb without any problem.
About the kingston memory usb 8GB I talked about it was failed, so I bought a new one. The new one it’s ok. This memories seems to use only for USB 2.0 port, but it shouldn’t damage if you put in previous versions of usb port.
Again removing virus form memory stick while the virus is running in your PC is useless. Make sure you don’t have virus in your PC before using those tools. Otherwise it can cause damage your memory stick becuuse you cannot remove it so you will be force to pull it out from your PC. In this case if your memory cannot be removed from your PC
it’s better to shutdown your PC then remove your memory stick to avoid damage. Mr. Alfredo try use hiren boot cd and scan your 8gb kingston memory stick maybe it can fix it if the damage is not too bad. Kingston memory stick is good to me. Here’s what i can tell you no matter your memory stick is expensive or branded. It depends on how you use it.
To fix your kingston try reheat the memory IC of your kingston memory stick or use memory reseter to reset your kingston memory stick IC.
The first memory usb kingston 8GB I bought was failed, the information saved losts when I try to open it in another PC or in the same PC. I formated the memory many times. The problem remained the same. The memory was too slow , to save 1GB from the pc to the memory lasted 2 hours and some information was altered and lost. I bought a new memory kingston 8GB, the same model..The information is not lost. The new one works well…it’s not too slow like the first one. But my question is if the memory usb is USB 2.0, can I run the memory in old ports usb?, cause my pc have old usb ports. The first memory usb kingston 8gb I bought maybe was damaged because I used it in old ports usb, but I use old ports usb in this new one and I don’t have any problem. The new one works ok.
The first memory usb kingston 8GB I bought was failed, the information saved losts when I try to open it in another PC or in the same PC. I formated the memory many times. The problem remained the same. The memory was too slow , to save 1GB from the pc to the memory lasted 2 hours and some information was altered and lost. I bought a new memory kingston 8GB, the same model..The information is not lost. The new one works well…it’s not too slow like the first one. But my question is if the memory usb is USB 2.0, can I run the memory in old ports usb?, cause my pc have old usb ports. The first memory usb kingston 8gb I bought maybe was damaged because I used it in old ports usb, but I use old ports usb in this new one and I don’t have any problem. The new one works ok. So I want to know if I have to use this memory only in USB 2.0 ports.
When you buy a USB you must look first for the compatibility it is written in the case when you buy it. If your computer doesn’t have 2.0 USB port you can buy a PCI USB port 2.0 and install it inside in your PC.
Maybe the 1st 8Gb kingston USB you buy have a factory defect. You can change it by claiming your warranty if you have.
Some of these tips are nice. especially the removal tips. But, turning off autoplay just forces most people to do an even bigger mistake, double click the drive in my computer. there are actually 5 ways of getting these usb viruses through autorun.inf.
- autoplay
- first selection on right click menu
- double clicking drive
- u3
- physically clicking the infected file.
disabling autoplay actually corrals people into doing the dreaded double clicking of the drive and running a virus. You need to eliminate the access to autorun.inf altogether to thwart the spreading of the virus.
I work at a college with 1000+ computers and this usb virus had plaqued us for a short time. Students were walking around infecting machine after machine. The best solution that I have found is from these computerworld blogs.
http://blogs.computerworld.com/node/12946/print
http://blogs.computerworld.com/the_best_way_to_disable_autorun_to_be_protected_from_infected_usb_flash_drives
build a tester to test vulnerability then kill the access to autorun.inf with the reg key. Stop the infection from spreading.
This does not cure the infection on the computers (that is why these removal tips are great), but it stops the transmission of infection onto any of your computers.
still this way only stops 4 out of 5 of the possible ways to be infected. You can’t stop somebody from physically running the virus.
Dear. karthick
when u open commant promt then not type dir/w/a
1st u enter USB drives Like in my usb drive is I: enter. then u type dir/w/a then see ur in infetcted files then del it
Dear. karthick
when u open commant promt then not type dir/w/a
1st u enter USB drives Like in my usb drive is I: enter. then u type dir/w/a then see ur in infetcted files then del it.
Your method cannot work because i cannot see the folder ts root which has the virus named clock.exe what to do please reply as soon as possible. due to this virus a window automatically minimizes
My usb card is still broken.
Anyway, thanks for the info.
Everyone of us have different style to remove those virus. Just don’t stop exploiting. Hehehe..
everytime i plugin my flashdisk to my pc, an exe file is always created on every folder that’s on my flashdisk what will i do
It was a simply superb method. Thnx Sir.
heyyy that was verrrry nice tips plz send me some more secuity tips
Thanx for the tip!
Also check out PenProtect!It works fine
Mine is similar but the files are in another cd drive THAT DOESNT EVEN EXIST!!!! the files in the non-existing cd drive are… autorun.inf,go.vbe and PKIIntro.doc…I have tried all those tips and non seem to work it always says access denied. Please help also…The virus made my sandisk U3 contour 4gb but when i bought it it was 8gb and I am really weirded out.
[...] Delete the Autorun.inf and other suspicious exe files from your pen drive using this method. [...]
thank you for the very useful tip!
i have another problem. i have pendrive of 8GB which contain some data but i get write protected i don’t know how it get format the way u will provide is unable to del data of drive
first sorry for my english . this virus is very ” nice” if i may say. it is diferent on most of the computers that i have been on and unvirused them . there is no specific type of delete this virus . most of them have .exe in documents and user\”user” , recycler\ ” some numbers”; root of hdd c:, d:, ans so on . some times i had the simplest problem that i was not allowed to see the hidden files or folders. and the problems kept going . 1) boot in safe mode. 2) log in with administrator ( not other user , sucks if you use the administrator account for casual usage been there done that , so i know) 3) start > run > msconfig and enter , on the startup and services ( here hit hide all microsft …) check for unknown lines 4) unhide he hidden files on hdd. go to the documents and settings \ “what ever is your user name ” and delete all files except the ntuser files . repeat this for every user that is in your docs and settings. 5 ) delete the autorun.inf and any elese *.exe that have some name without a logics. ( trust me it will be obvios) 6) delete the recycler and if it is the case the recycled folders. 9 every time you delete a file or folder use the shift to delete permantli )now you can restart the computer
Very good article but unable to del files from pen drive through command prompt though scan it and files get quarantinned.
my symantec detects
w32.downadup.b in H:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
&
W32.Downadup!autorun in H:\autorun.inf
??? how to remove it madhur?? sorry….your method not working
How about the FU virus?
it affected my videocam! what am i supose to do?
Hello madhur, i badly need ur help. My pendrive is infected with virus and every time i plug it in i have to open it through my computer and when i double click on it, it tells me that the disk is not formatted and im asked to format it which i cant as it will delete all my files and my files are really important. Can u help me asap plz???
what if the computer has virus and i plug my phone using a usb.. i scan it first then i transfer a files from computer to my phone.. it will infect my phone? if yes.. is there any possible way not to infect my phone when i plug it to a computer with a virus?
To anju:
There is a recovery tool called hiren boot cd it is a complete tool for repairing disk and programs, i use it everytime my flash disk is going to crash to recover my files.
To jhoiz:
It depends the type of a virus.
Yes! and No!
Yes because If a type of a virus infect an mp3 of jpeg file and your phone have all of those files it will infect your phone.
NO! because if your phone doesn’t have those files it won’t infect your phone but the virus will spread it will goes to your phone memory and memory card.
HOW RETARDED OF MS TO LEAVE SUCH A VULNERABILITY (AUTO-RUNNING ANYTHING MENTIONED IN AUTORUN.EXE). THOSE RETARDS NEED TO BE TAUGHT A LESSON. I HAVE HAD SO MUCH TROUBLE BECAUSE OF THIS ‘FEATURE’
F.U. M$
Great Madhur
Hi i have tried but it shows the message “Access is denied”.
Hi ihave done this but it shows “Access is Denied”.. What should I do now
U CAN USE THE AUTORUN EATER TO REMOVE AUTORUN.INF
HI CAN ANYBOBY HAVE A SOLUTION FOR MY PENDRIVE PROBLEM!!
WHEN I AM INSERTING MY PENDRIVE ITS NOT SHOWING THE AUTORUN DIALOGUE BOX BUT INSTEAD DIRECTLY SHOWING IT IN THE I: DRIVE AND WHEN I AM TRYING 2 OPEN IT ,THEN ITS DISPLAYING A DIALOGUE BOX SAYING “INSERT A DISK IN THE DRIVE” & EVEN IT IS NOT ALLOWING ME 2 FORMAT OR SCAN THE PENDRIVE!!!!!!!!
CAN ANYBODY HELP ME FOR THS PROBLEM!!!!!
THANKS ALOT
Thank you very much for this fix – I had 3 USB pen drives all with the same issue. Each one had autorun.inf and MicrosoftPowerPoint.exe which were trojan and have now been removed. Great advice!
AARTI:
I have a feeling the pen drive has to be assigned to drive letter E: or F: to be recognised. Howvere I could be wrong on this. What is using E: and F: on your machine at the moment?
Hi All,
Can any one tell me how to remove some files infected in my USB Drive.
05/14/2054 10:09 PM 2,594,347,673 UUUUUUUU.UUU
01/16/1990 09:14 PM Ăż(8
09/16/2013 07:23 AM 3,159,249,262 â•h♦ô►Ç@Ă„.♀uâ©
09/21/2057 12:32 PM ╖▼╔ö⟠╬╙.óF↑
09/25/2045 01:42 PM 574,265,265 âż]UΦ+-(w.p♂±
3 File(s) 9,652,055,336 bytes
2 Dir(s) 4,015,681,536 bytes free
if i try to delet this above files i get a error message Disk is Write Proctet.
Simply download Autorun Protector to analyze, remove and protect USB Virus problem, in addition, it can prevent your PC & Device from infecting with USB Worms. Click for more information.
I have trouble using the HTML Code below, the link is http://raylin.wordpress.com/downloads/autorun-protector/ .
Testing HTML Code.
Download from
More information
Hi
I’m using avast antivirus in my laptop.I’ve a pendrive which consists of the virus file “Autorun.inf” and a malware “BV:AutoRun-G [Wrm]“.I’ve applied all the ways like disabling the autorun feature,using the Tweak s/w,freecommander s/w,using the command prompt to crack the virus in the pendrive.I got rid of it.When I changed another pen drive, the same virus entered in that pendrive also.
I’ve applied all the above mentioned ways to remove the virus from pendrive.
So, I request, can anybody help me in this regard!!
Thanks in advance.
Ramsay
Nice suggestions. Thanx man and i like the way to explained everything. hats off to U
hey dude…my computer and pen drive was invaded by ahsan’s virus firs thing i did is to format both of them my pc was successfully remove all the element of ahsan but through formatting but on my pen drive that ahsan virus still existing. how can i clean this sticky virus that stocked on my pen drive please help me.