How to remove Virus from USB Drives
One of the ways by which a virus can infect your PC is through USB/Pen drives. Common viruses such as ’Ravmon’ , ‘New Folder.exe’, ‘Orkut is banned’ etc are spreading through USB drives. Most anti virus programs are unable to detect them and even if they do, in most cases they are unable to delete the file, only quarantine it. Here are the things which you can do if you want to remove such viruses from your USB drives
Whenever you plug a USB drive in your system, a window will appear similar to the one shown below
Don’t click on Ok , just choose ‘Cancel’. Open the Command Prompt by typing ‘cmd‘ in the run box. In the command prompt type the drive letter: and press enter . Now type dir /w/a and press enter.
This will display a list of the files in the pen drive. Check whether the following files are there or not
- Autorun.inf
- Ravmon.exe
- New Folder.exe
- svchost.exe
- Heap41a
- or any other exe file which may be suspicious.
If any of the above files are there, then probably the USB drive is infected. In command prompt type attrib -r -a -s -h *.* and press enter. This will remove the Read Only, Archive, System and hidden file attribute from all the files. Now just delete the files using the command del filename. example del Ravmon.exe. Delete all the files that are suspicious. To be on a safer side, just scan the USB drive with an anti virus program to check whether it is free of virus or not. Now remove the drive and plug it again. In most of the cases, the real culprit turns out to be the “Autorun.inf” file which mostly gets executed when someone clicks Ok in the dialog window which appears above. Thus the infections can spread
Security Tip
Disable the Autoplay feature of USB drives. If you disable the Autoplay feature of USB drives, then there are lesser chances of the virus spreading. A tool which can perform such a function is Tweak UI. Download it from here install it.
Run the program. Now you can disable the Autoplay feature of the removable drives as shown above. By following the above steps, you can keep your USB drives clean. If there are any other methods which you use, then share it with me through comments.
after inserting my pen drive ,antivirus detected 2 virus files and repaired it….after that i cannot able to delete or copy files to usb drive…it tells “requires administrator permission to perform the action”..and with other pen drives also same problem occurs…i cant able to format pen drive also…i cant able to understand….please help to come out of this problem….
@sarvana
It is because you don’t have administration right or you have got some virus in your pc, so it has disabled your administrator rights, so the thing you need to do it that connect your pen drive with some uninfected pc, copy your data and then format your pen drives.
It’s the most easy way, i have told you above but if you want how to get access as administrator on your system and if you’re not using an administrator and your administrator accounts is disabled to long then use this process to active your administrator account on your system.
Many ppl ask me why there is no built-in Administrator account available in Windows Vista and 7 like previous Windows versions? Why can’t we use the default Administrator account? The answer is “Yes! The default Administrator account is created in Vista and 7 but its disabled by default for security purposes.”
You might want to enable it for troubleshooting or to get rid of the annoying UAC prompts while tweaking your system. So here I’ll describe a few methods to enable / activate the hidden or the disabled Administrator account in Windows Vista and 7 and you can also use the same process for windows xp, if your accounts is disabled.
1st Method:
1. Right-click on My Computer icon on Desktop and select “Manage”, it’ll open “Computer Management” window. ( You can also open it by giving “compmgmt.msc” command in RUN dialog box or Startmenu Search box).
2. Goto “Local Users and Groups -> Users”. In right-side pane double-click on “Administrator” account. It’ll open its Properties. Deselect “Account is disabled” option and Apply it.
2nd Method:
1. Type “secpol.msc” in RUN dialog box or Startmenu search box, it’ll open “Local Security Policy” window.
2. Goto “Local Policies -> Security Options”.
3. Double-click on first option “Accounts: Administrator account status” and select “Enabled” and apply it.
3rd Method:
1. Click on “Start button -> All Programs -> Accessories“. Right-click on “Command Prompt” and select “Run As Administrator“. If you are prompted to enter password, enter the password and continue. You can also open Command Prompt in Administrator mode by typing “cmd” in Startmenu Search box and press “Ctrl+Shift+Enter“.
2. Now provide following command:
net user administrator /active:yes
3. Thats it. The Administrator account will be enabled. If you want to disable it again, simply replace “yes” with “no” in above command.
NOTE: Never activate the hidden Administrator account until required. Its better to use other general accounts for better security. Also the Administrator account has no password, so if you enable it then don’t forget to set a strong password for it.
When i type attrib-r-a-s-h*.* the command says that it doesnt recognized the command but when i typed attrib -r-a-s-h *.* it says that it is invalid switch. what should i do? Thanks
@rochelle
You should take sit back and enjoy that moment.
Well, there are many command through you can talk a look of your hidden file, and this command enable your hidden file to become view-able.
If you want to see the hidden file then you can also use this command.
D:\>dir/ah
But if you want them to become view-able then the command you have written in your msg is the perfect one and the original command is
attrib -r -a -s -h *.*
Don’t forget to put the space between them all carefully…
My computer would always hang because of the virus what will I do?
How to delete a trojan virus in my computer windows Xp….
thank you for the reply….
Hi
my external hard disks are infected with RECYCLER, $RECYLCE.BIN, autorun.inf, found.ooo, System volume Information viruses. I have followed the process mentioned by Madhur Kapoor. but still the viruses remain like before. I have even tried formatting my devices, which didnt helped me removing the viruses.
Can someone tell me a possible way to remove these viruses.
The situation is getting worse. I am unable to use any of my hard disks. because whichever the external device i connect to my computer these viruses are spreading to them.
Thank you
@sagar
I think you got something wrong while reading the comment of this blog..
Here we’re talking about how to get rid to the USB virus, we’re not talking about how to get rid of an infected pc.
Actually, your PC has been infected to some virus and whenever you try to connect your external H.D.D to it, doesn’t matter it’s virus free or it has some virus in it but the virus that is in your pc, is do his work when you do connect it to your system.
The thing that you need to do is to connect your H.D.D to an uninfected pc or a virus free pc, backup your all data and format your H.D.D. It’s a very simple step to get rid to those kind of viruses.
Now we are talking about how to get rid to the system viruses..
Basically, you need a good antivirus to give you system protection to those viruses and nowadays, here are a lot of antivirus, so the thing you need to do is to choose a right antivirus for your system..
I’m not gonna give you any guarantee here about the antivirus i’m gonna tell you that it will remove the current virus from your system because it’s already infected and we don’t know that your windows files are still safe or broken but these days i have found that one is the best for PC.
Norton internet security 2012.
You can use this one and if you’re using some system like “core 2 duo” it’s fine for your system but if you’re using some old system it’s little heavy then.
Now here is a question “How to remove that antivirus to your system”
If you just want to clean your system files to the virus or torjan that is in your pc, you need to install the above mentioned antivirus in your system.. Scan all your drives and when it will alert you about the files that are infected in your system take the details to know about the virus..
Search for that virus or torjan tool on Norton site. If it’s available there, i must say you’re lucky then. Otherwise you need to install a new windows in your system. don’t use any softwares that are already saved in your system after the installation of new windows. Install any antivirus you like to use in your windows or the one i’ve mentioned above.
You will need to install the VGA driver via the manufactured CD because if you will use that antivirus without installing your VGA driver, it will slow your system too much.
Scan all the drivers and If you’re getting some message to remove some of your software, don’t bother to think yourself, why.. It’s already infected, I want you to be brave here, take a long breath, don’t loose that advantage to your hand before the antivirus take the joy of it, shift+del that software by yourself.
After all these steps or process you can connect your externel H.D.D again to your system and for sure, then there won’t be any complaints about some bacteria infection.
i did th removal of virus but again when i put my usb the same virus files were there:( please help
Bluserver says:
December 17, 2009 at 1:49 pm
A little advice on how to aware and get rid of new folder.exe or virus that looks like folder.
How to know them that they are virus.
1. Click Start > Run type EXPLORER
2. In explorer click Tools > Folder Options
3. In Folder Options > General
“Make sure that Click Items as Follows is set to Double click to open an item.”
4. In Folder Options Click on View.
5. Uncheck Hide extensions for known files.
“This makes the file extension appear in every file”
With this you can see that the look alike folder virus is an exe file.
If you want another way to know then move your cursor on the folder and keep your cursor on it as long as your not viewing the details for that folder, If it tells you about the folder, is an application then definitely it’s a virus and the best thing before to use your USB drive is to take a look via Command prompt through a simple command
I.e C:dir/ah
change the drive letter with your pen drive or USB drive letter through this command
C:/> write (Drive letter) then :and then press enter
Shaani Ali says:
January 8, 2011 at 10:15 pm
There are lots of other ways to fix it and now i’m going to share my personal experience to you. Don’t worry guys, am also an administrator.
If you just want to enable your command prompt and Taskmanager.
1 – Search for a software at Google name “Auto run killer.” It will work good for autorun virus at your system and will be enabled again the command prompt and the task manager.
If you really want to remove the Autorun virus from your pen drive or from your USB.. Use these steps because i’m sure, nothing is better than the steps below;
1 – Open command prompt and before to open it check and note your Pen or USB drive name i.e C: , d: , E: or etc..
2 – For example, if your USB or pen drive name is f: write the command “CD f:” and press enter button.
3 – Now write this command ” dir/ah” and press enter button again. IT will show you the all the files that is hidden in your pen or USB drive.
4 – If you’re seeing any thing like name.exe “name is an example word” there could be anything and “Autorun.inf” this file must have been there too. Now write all the names in a win-word or a notepad file and save it. Note that If you’re seeing there System volume information folder, Recycler folder, Recycled folder or System32 folder, then Shift+del them all. If you can’t see the hidden file because your computer has already been infected by this virus, “for those who can’t delete the folders and can’t see the hidden files. Idiot write the name of that folder in the explorer bar of my computer and press enter. Click on the folder button that is right up and now you’re able to delete that folders.
5 – Now choose a PC that is not infected and protected with some antivirus because you can only be able to remove this Autorun virus, when you’re using an uninfected system OR if you want that your system should also be clean to this virusthen use the software that i have mentioned above OR format your C: drive and install a fresh windows.
Step for those who want to clean their USB or Pen Drive to this virus.
1 – Open command prompt and before to open it check that what’s your Pen or USB drive name i.e C: , d: , E: or etc..
2 – For example, if your USB or pen drive name is f: write the command “CD f:” and press enter button.
3 – Now write this command ” dir/ah” and press enter button again.
4 – If you’re seeing any thing like name.exe “name is a example word” there could be anything and this file must have been there too “Autorun.inf”. Now write all the names in a win-word or a notepad file and save it. Note that If you’re seeing there System volume information folder, Recycler folder, Recycled folder then Shift+del them all. “I’m mentioned above that how to delete those folders.”
4 – Search those extensions in your windows drive “C” that you have found in your pen or your USB drives. Copy the required extensions, Note that just copy all that extensions into a new folder and here you have to use those name, you wrote at your win-word or notepad.
5 – If you have found some newfolder.exe in your pen or USB drive then search for *.exe extension at C: drive or in windows folder because there you have all the extensions. When you find the same extensions, like taskmanager.exe, Create a new folder and copy it there and to the same steps for all the other extensions.
6 – Take the properties of all the files and unchecked the hidden box, Apply, Okay.
7 – Rename all the extensions, copy it and replace them all to your pen drive or to your USB drives and delete them all…
Step for those who want to clean their computer to this virus.
1 – Format your C: drive and install a fresh windows. After the windows installation, leave your PC as it is and don’t install any other softwares and even drivers too.
2 – Now start the same procedure to the second step of clean your USB.
3 – Check all the drives one by one. Replace files and then delete it.
4 – When you get finished, Install an antivirus and scan all the softwares that are saved in your drives before to run them because i’m sure that they will also be infected.
Thank you guys and sorry to Idiots
Shaani Ali says:
February 24, 2011 at 4:46 pm
Sorry to everyone for answer after very long because i was very busy with my work..
@Tkyo, I’m not sure but what you’ve told me above about the problem with your usb, according to my experience, there could be two things possible.
1 – It might be possible that the USB port of your system has got some rust in it and for it, If you can then you need to shutdown your system and then you need some rust remover for your USB port Or the best this is that you can use thinner for it.
2 – It might also be possible that your usb has been damaged. If you want to checkyour usb driver then connect your usb with a windows 98 system, You will have need to install the software in windows 98. If your usb driver works there then format it on Fat32 and then try to connect back at any update version of the windows. If it doesn’t work in the windows 98 the your USB has been damaged.. May GOD gave her rest in peace.
As in my first post, i told you people that if you just need to enable your Task manager and your command prompt then the best thing for it is, Autorun killer that you can download through google.
But if there having any problem with to delete some folder or some file. The best thing for it that you can do is, try to connect your usb drives in an uninfected system and then format is using Fat32 file system..
If you can get access to any folder then check the file system of your usb driver..
When we can’t get access in a folder, sometimes, because we are using NTFS file system and you all know about human that is always try to get enter on a place that is a restricted Area.
So there is some rules by Microsoft that you can get access in some system processing folder using NTFS file system, better to format your usb on Fat32 file system and then check…
I hope that this will work for all..
Thank you so much guys..
Also learn to you when you tell me about the problem
I hope that
Shaani Ali says:
March 28, 2011 at 6:18 pm
Sure, It also works the same way as USB.. If you want to connect it to your pc then surely you can but don’t open it directly..
Use the option explorer and don’t click on any folder directly, use to click on all the folders through explorer..
Then it won’t be able to infected your PC but if you’re still about to connect it to your PC then try to connect it on some uninfected PC and then scan it via some update antivirus like Norton 360 or Norton Internet Security.
Shaani Ali says:
March 29, 2011 at 1:44 pm
If your system has already been infected by some virus then it’s not possible but if you want to clean your H.D.D to some virus or to some “Torjan” then better to connect it with some other uninfected PC and try to clean your drive to there..
If you connect your infected H.D.D to another PC which is not infected then you can also use the above procedure for your infected H.D.D..
Basically, Autorun virus is a script (File name “Autorun.inf”) and when we double click on any infected H.D.D drive or USB drive then it’s read your double click as a command for it and then it creates different kind of folders I.E “New folder.exe”.
When we double click on any infected drive then the command shows the file to create the same folder in which you had the virus or the torjan.
Shaani Ali says:
May 29, 2011 at 4:59 pm
@Jagan your folders are hidden in your USB drive. Actually, the virus that you have in your USB that hides all the folders and makes their shortcuts in the USB, so don’t worry about your data. It’s still in your USB and saved.!
I’m collecting all the software about USB viruses and about autorun, so will take lil time then will share a link with you. You all will get some kind of read me file there, so you can better understand what’s important for you.
Until then take much care of your USB drives and also of you .
Nick, I think it’s all enough for you to get rid to this problem and Instead of going through to all the procedure if you want an antivirus, which can solve your problem then I can give you but be sure that you don’t have any virus in your Pc.
bluserver says:
August 20, 2011 at 5:15 pm
I’m back!
@matthew.. use kaspersky tool here is the link
“http://support.kaspersky.com/viruses/utility” find and download salitykiller.
This is I use when I get infected of sality. It can cure infected files. This is why I loved kaspersky the other anti-virus brand is piece of crap.
Jagan says:
August 31, 2011 at 1:34 pm
@regz91 — Use command prompt to copy all the data to another drive…
Eg:- xcopy source destination /E /C
This command will copy all the source data including sub folders and will create the these sub folders on destination drive…
you are done…..
tx
Shaani ali says:
October 5, 2011 at 12:51 pm
@sarvana
It is because you don’t have administration right or you have got some virus in your pc, so it has disabled your administrator rights, so the thing you need to do it that connect your pen drive with some uninfected pc, copy your data and then format your pen drives.
It’s the most easy way, i have told you above but if you want how to get access as administrator on your system and if you’re not using an administrator and your administrator accounts is disabled to long then use this process to active your administrator account on your system.
Many ppl ask me why there is no built-in Administrator account available in Windows Vista and 7 like previous Windows versions? Why can’t we use the default Administrator account? The answer is “Yes! The default Administrator account is created in Vista and 7 but its disabled by default for security purposes.”
You might want to enable it for troubleshooting or to get rid of the annoying UAC prompts while tweaking your system. So here I’ll describe a few methods to enable / activate the hidden or the disabled Administrator account in Windows Vista and 7 and you can also use the same process for windows xp, if your accounts is disabled.
1st Method:
1. Right-click on My Computer icon on Desktop and select “Manage”, it’ll open “Computer Management” window. ( You can also open it by giving “compmgmt.msc” command in RUN dialog box or Startmenu Search box).
2. Goto “Local Users and Groups -> Users”. In right-side pane double-click on “Administrator” account. It’ll open its Properties. Deselect “Account is disabled” option and Apply it.
2nd Method:
1. Type “secpol.msc” in RUN dialog box or Startmenu search box, it’ll open “Local Security Policy” window.
2. Goto “Local Policies -> Security Options”.
3. Double-click on first option “Accounts: Administrator account status” and select “Enabled” and apply it.
3rd Method:
1. Click on “Start button -> All Programs -> Accessories“. Right-click on “Command Prompt” and select “Run As Administrator“. If you are prompted to enter password, enter the password and continue. You can also open Command Prompt in Administrator mode by typing “cmd” in Startmenu Search box and press “Ctrl+Shift+Enter“.
2. Now provide following command:
net user administrator /active:yes
3. Thats it. The Administrator account will be enabled. If you want to disable it again, simply replace “yes” with “no” in above command.
NOTE: Never activate the hidden Administrator account until required. Its better to use other general accounts for better security. Also the Administrator account has no password, so if you enable it then don’t forget to set a strong password for it.
Shaani ali says:
October 7, 2011 at 4:32 pm
@rochelle
You should take sit back and enjoy that moment.
Well, there are many command through you can talk a look of your hidden file, and this command enable your hidden file to become view-able.
If you want to see the hidden file then you can also use this command.
D:\>dir/ah
But if you want them to become view-able then the command you have written in your msg is the perfect one and the original command is
attrib -r -a -s -h *.*
Don’t forget to put the space between them all carefully…
Shaani ali says:
October 13, 2011 at 2:22 pm
@sagar
I think you got something wrong while reading the comment of this blog..
Here we’re talking about how to get rid to the USB virus, we’re not talking about how to get rid of an infected pc.
Actually, your PC has been infected to some virus and whenever you try to connect your external H.D.D to it, doesn’t matter it’s virus free or it has some virus in it but the virus that is in your pc, is do his work when you do connect it to your system.
The thing that you need to do is to connect your H.D.D to an uninfected pc or a virus free pc, backup your all data and format your H.D.D. It’s a very simple step to get rid to those kind of viruses.
Now we are talking about how to get rid to the system viruses..
Basically, you need a good antivirus to give you system protection to those viruses and nowadays, here are a lot of antivirus, so the thing you need to do is to choose a right antivirus for your system..
I’m not gonna give you any guarantee here about the antivirus i’m gonna tell you that it will remove the current virus from your system because it’s already infected and we don’t know that your windows files are still safe or broken but these days i have found that one is the best for PC.
Norton internet security 2012.
You can use this one and if you’re using some system like “core 2 duo” it’s fine for your system but if you’re using some old system it’s little heavy then.
Now here is a question “How to remove that antivirus to your system”
If you just want to clean your system files to the virus or torjan that is in your pc, you need to install the above mentioned antivirus in your system.. Scan all your drives and when it will alert you about the files that are infected in your system take the details to know about the virus..
Search for that virus or torjan tool on Norton site. If it’s available there, i must say you’re lucky then. Otherwise you need to install a new windows in your system. don’t use any softwares that are already saved in your system after the installation of new windows. Install any antivirus you like to use in your windows or the one i’ve mentioned above.
You will need to install the VGA driver via the manufactured CD because if you will use that antivirus without installing your VGA driver, it will slow your system too much.
Scan all the drivers and If you’re getting some message to remove some of your software, don’t bother to think yourself, why.. It’s already infected, I want you to be brave here, take a long breath, don’t loose that advantage to your hand before the antivirus take the joy of it, shift+del that software by yourself.
After all these steps or process you can connect your externel H.D.D again to your system and for sure, then there won’t be any complaints about some bacteria infection.
It is the final time I’ve collected all of the past comments for you and if anyone want to know about it again then please this blog is filled with a lot of information, don’t try to be a lazy one while asking something to someone and expecting that you will get the answer here, so you can follow and can get rid of that thing easily. Sorry, if I’m offending someone here but I have seen people just looking for the current information and talking about the same matter that has already been posted and closed.
By disabling autorun you will pospone virus start till you click on usb icon by youself. http://safe-comp.net/safe_usb_cd.html