How to remove Virus from USB Drives
One of the ways by which a virus can infect your PC is through USB/Pen drives. Common viruses such as ’Ravmon’ , ‘New Folder.exe’, ‘Orkut is banned’ etc are spreading through USB drives. Most anti virus programs are unable to detect them and even if they do, in most cases they are unable to delete the file, only quarantine it. Here are the things which you can do if you want to remove such viruses from your USB drives
Whenever you plug a USB drive in your system, a window will appear similar to the one shown below
Don’t click on Ok , just choose ‘Cancel’. Open the Command Prompt by typing ‘cmd‘ in the run box. In the command prompt type the drive letter: and press enter . Now type dir /w/a and press enter.
This will display a list of the files in the pen drive. Check whether the following files are there or not
- Autorun.inf
- Ravmon.exe
- New Folder.exe
- svchost.exe
- Heap41a
- or any other exe file which may be suspicious.
If any of the above files are there, then probably the USB drive is infected. In command prompt type attrib -r -a -s -h *.* and press enter. This will remove the Read Only, Archive, System and hidden file attribute from all the files. Now just delete the files using the command del filename. example del Ravmon.exe. Delete all the files that are suspicious. To be on a safer side, just scan the USB drive with an anti virus program to check whether it is free of virus or not. Now remove the drive and plug it again. In most of the cases, the real culprit turns out to be the “Autorun.inf” file which mostly gets executed when someone clicks Ok in the dialog window which appears above. Thus the infections can spread
Security Tip
Disable the Autoplay feature of USB drives. If you disable the Autoplay feature of USB drives, then there are lesser chances of the virus spreading. A tool which can perform such a function is Tweak UI. Download it from here install it.
Run the program. Now you can disable the Autoplay feature of the removable drives as shown above. By following the above steps, you can keep your USB drives clean. If there are any other methods which you use, then share it with me through comments.
I haven’t read this tip before…A bit late but this is what I’ve been looking for. Opening USB drives from command prompt is new for me. I’ll practice it. Thanks.
Thanks man!!!!
i haven’t been able to some of my files stored on my ipod – i’ve removed the autorun.inf and was able to access the files – do you think the drive is clean now?
Great article 10/10
ur advice about the anti virus are really very helpfull,,
i will definitely follow them while attaching a storage device to my system.
keep giving such advices on other topics also.
[...] of the ways by which a virus can infect your PC is through USB/Pen drives. Common viruses such as ’Ravmon’ , ‘New Folder.exe’, ‘Orkut is [...]
Tnaks sir its damn gud idea to remove virus from USB pen drive. its really works very well. also keep giving ideas to removw viruses from PC’s from command prompt..
Hi Madhur,this is Sridhar.I gt a new kingston 4gb driven when i had struck wid virus in pendrive i used the technique u said but its nt working,after seeing the contents in the pendrive iam unable 2 del them,they r nt going from the pendrive …..
i had typed “del autorun.inf” and “del TunerSetup.exe” many times but those two files were nt deleted .so what shud i do ….plz help out me
by the way when i plug the drive and double click it is saying “some files could not be created ,please close all applications,reboot windows and restart this application”,here in this error if i click “ok” its showing like some thing is being “extracted”,but when i right click and open (or) explore iam able 2 see all the contents in drive …still i dont wat 2 c that popup msg …..plz help me out ….. i think i had got this error due 2 TunerSEtup.exe virus
plz plz tel me hw 2 del that both the viruses by tomorrow…..
Urs frnd Sridhar
Hello Friend
Can u suggest solution for removing bloodhound.packed.jmp
Thanks….Urs is a great site
there is one more method i used for this
first go to command prompt
and go to c:
then type the below command
cd config
and
attrib -s -h *.*
del *.*
cd spring
attrib -s -h *.*
del *.*
before doing all these thing open task manager and search for svchost.exe that running on the current user and stop that process and do the process once more and nod32 antivirus is detecting it and also removing it
if the regedit, taskmanager also disable download the file from here and see the readme.txt for more help
Download Link:
http://w16.easy-share.com/1700126716.html
hey Thanks Madhu Bro..
Hope more from u always..
I have a problem.. the memory of my new 2gb pendrive show only 256 mb what’s the proble…
Plz some one help me plz plz plz …..