Top Tip! How to remove Virus from USB Drives
One of the ways by which a virus can infect your PC is through USB/Pen drives. Common viruses such as ’Ravmon’ , ‘New Folder.exe’, ‘Orkut is banned’ etc are spreading through USB drives. Most anti virus programs are unable to detect them and even if they do, in most cases they are unable to delete the file, only quarantine it. Here are the things which you can do if you want to remove such viruses from your USB drives
Whenever you plug a USB drive in your system, a window will appear similar to the one shown below
Don’t click on Ok , just choose ‘Cancel’. Open the Command Prompt by typing ‘cmd‘ in the run box. In the command prompt type the drive letter: and press enter . Now type dir /w/a and press enter.
This will display a list of the files in the pen drive. Check whether the following files are there or not
- Autorun.inf
- Ravmon.exe
- New Folder.exe
- svchost.exe
- Heap41a
- or any other exe file which may be suspicious.
If any of the above files are there, then probably the USB drive is infected. In command prompt type attrib -r -a -s -h *.* and press enter. This will remove the Read Only, Archive, System and hidden file attribute from all the files. Now just delete the files using the command del filename. example del Ravmon.exe. Delete all the files that are suspicious. To be on a safer side, just scan the USB drive with an anti virus program to check whether it is free of virus or not. Now remove the drive and plug it again. In most of the cases, the real culprit turns out to be the “Autorun.inf” file which mostly gets executed when someone clicks Ok in the dialog window which appears above. Thus the infections can spread
Security Tip
Disable the Autoplay feature of USB drives. If you disable the Autoplay feature of USB drives, then there are lesser chances of the virus spreading. A tool which can perform such a function is Tweak UI. Download it from here install it.
Run the program. Now you can disable the Autoplay feature of the removable drives as shown above. By following the above steps, you can keep your USB drives clean. If there are any other methods which you use, then share it with me through comments.
If you are having issues running virus scanners whilst your computer is turned on, try to start into ‘Safe Mode’.
If you’re using a version of Windows, you’ll be able to do this. (Windows XP, Windows Vista & Windows 7)
Safe Mode:
Turn computer off
Turn computer on whilst tapping F8. When prompted select ‘safe mode with networking’
When prompted, click Yes & start into Windows as normal.
Grtt tip. But just 1 tiny problem, when i insert ma usb stick ma system does not bring up a window!!!! SO WAT SHUD I DOOOO PLZZ HELP. I’ve gt very important files on ma usb nd cant afford 2 loose dem HELP PLEASE some1
.It really worked out…Nice Tip…..
all my folders in the pen drive are shown as square box and @. i was able to retrieve the folders as well the files inside it thru a utility called undelete. however is it possible to restore my pendrive to its original self.
[...] this fix: How to remove Virus from USB Drives Reply With Quote + Reply to Thread « Previous Thread | [...]
tahnk you
Hi,
Nice solution. Though the last option (to disable autorun) is not a solution but a workaround. If somebody cannot delete autorun.inf or whatever file, they are supposed to disable the autorun feature. This turn the users pc into a zombie. Less and less features and functionality will be available if you handle viruses this way. You might as well choose to throw your harddrive away if it got infected. You have to counter the virus, not block paths!
it is very nice tip to remove virus from usb.
All my Files Folder was make a shorcut file. How do i do. I’ve gt very important files on ma usb nd cant afford 2 loose dem HELP PLEASE some1..
Hai! I tried as per ur tips. but in the cmd prompt it shows that, the process cannot access the file becz it is being used by another process. for this wt can i do? plz give a solution.
Hi Jhulz,
Open your usb via address bar in your my computer.(purpose of opening your drive via address bar in your computer is this will not able to run a virus in your usb if you have. The safest way to open drives is via address bar not to click it.)
When you’re in your usb click tools above and find if there is folder options. Click folder options > Click View Tab> click show hidden files ad uncheck hide protected operating system files. Then click apply and OK. (Doing this procedure can reveal all hidden files in your computer.)
Now right click your mouse and refresh. If you see in your usb that have folders that are not visible enough this means that is your original folder hidden cause by a virus attack. To unhide it use this steps.
Click start menu> Run > type cmd
In command line locate your usb drive ex: your usb drive is E
C:\Docs and Settings\user> E:
when the drive becomes E type this:
E:\attrib -r -h -s “foldername” (put “” in every folder name)
The hidden folder will be visible. then you can delete shortcut folders watever etc.
@suresh
Find the process name and kill it. You can kill it via command line.
type taskkill /IM processname.exe /F (IM and /F should be capitalized)
Here is my tool originally created by me and using a command line tool from A-Squared a2cmd (thanks a-squared).
This tool is like USB anti-virus but it’s not just USB anti-virus you think. This USB anti-virus what I have uses real AV scanner from the top company of anti-malware know as A-Sqaured.
Functions:
Deletes autoruns and finds virus application written in autorun script.
Auto AV scan if removable device is inserted. (In case if a virus doesn’t use autorun)
Deletes Flash Disinfector Autorun.inf folder.
Repair Registry attack by viruses.
Recover hidden folders cause by virus attack (This tool called Hide and Seek)
Reload Windows Explorer if you are experiencing explorer.exe high performance.
Supports scan objects using AV scanner from a-sqaured.
Download: http://hotfile.com/dl/62612128/0566890/Mighty_Autorun_Computer_Shield_Setup.msi.html
If ask for activation code please don’t hesitate to e-mail me for activation code I will give it free for beta test. Although this program has a Free and Pro Edition Function.
If any bugs please help me by reporting the bugs thru my e-mail bluserver@gmail.com
My pen drive is infected with w32/mabezat virus and most of my folders can’t be found,i downloaded rmmabez.exe how do i run it on the drive to delete the virus.
@Faith
Hi, your problem will be solved if you download the program I made that I post earlier. That program is specialized for USB drives infected by a virus. It has a real AV scanner that most professional IT used, the command line AV scanner made by A-Sqaured and it’s free. The program has a tool to repair registry and reveal all hidden folder caused by a virus but it seems that the admin of this site AKA MADHUR doesn’t want to help you. So there’s nothing I can do hes the god not me.