Download a program to remove viruses from USB. What viruses and how most often affect removable USB drives? Method #3: manually removing viruses
class="eliadunit">
Record ID: 32 does not exist!
Nowadays they have gained enormous popularity Flash drives information or, as they are popularly called, flash drives. Virus writers rushed to take advantage of this circumstance. The simplicity of recording on a flash drive has made it easy to transfer modern viruses from computer to computer. The funny thing is that not every antivirus program detects a virus in malicious files, this fact undoubtedly upsets you and me, ordinary users. In this short article, I will try to describe the principle of moving viruses from computer to computer using flash drives, and also give a couple of tips on combating malware. It should be noted that this article was first published on another site and has since been developed, that is, from time to time I have to supplement it. This time the article has a small addition, which touches on the Autoruns program, the main task of which is to work with autorun programs for the Windows operating system.
The operating principle of the viruses described above is the same. The virus is written on the disk in the form of several separate files. One of which is called autorun.inf, the main task which indicate the path to executable file on disk. To make it a little clearer, I’ll give an example.
Let's say we have drive C. On which there are two files: autorun.inf and autorun.exe. If we open the first file with standard program Notepad, we can read approximately next text:
OPEN=AUTORUN.EXE
ICON=icon.ICO
What does this mean? A means the following: when you open drive C, the autorun.exe file should automatically start, which is presumably a virus. In fact, to destroy it, it is enough to delete these two files. However, not all so simple.
The problem is that the virus files have the status of hidden or system files. That is, when viewed in standard Windows Explorer, they are not visible. Many people may know that in the Windows operating system it is possible to display hidden and system files. However, after the first launch of the virus, this option usually becomes unavailable.
What to do in such cases? How to remove a hated virus? One option is to install an antivirus software and sit at the computer in the hope of solving the problem. As experience shows, this method does not provide a 100% guarantee of the destruction of malware. For example, I just recently watched how the famous Kaspersky Anti-Virus simply did not notice anything suspicious on the disk, despite the fact that there was a firm belief that the virus was on the flash drive.
By the way, flash drives are not the only habitat similar programs. These viruses necessarily settle on the computer’s hard drive. And they launch successfully when you enter your favorite drive C.
We will begin the fight against viruses by finding out the following: does a virus exist on our computer or is it just a figment of our imagination.
It is very easy to find out if there is something suspicious on a flash drive or computer hard drive. If we want to determine, for example, the presence of a virus on drive C, then open My Computer, move the mouse cursor over drive C and click right click. Will open context menu. If the first item on top is “Open”, then you can breathe a sigh of relief. However, if there is something like “Autorun” (this does not apply to those cases when there is a completely legal distribution kit with autorun on the flash drive), “Auto” or some kind of gobbledygook, I recommend concentrating, because from now on we are declaring war on viruses.
The problem with the appearance of the viruses described above is that once they settle on the computer’s hard drive, it becomes impossible to open local disks and flash drive simple double click. This circumstance really gets on the nerves and puts many novice users into a state of panic.
Let's start by removing the virus files. One way is to use one of the file managers. Due to the fact that I have been a fan of the program for some time now Total Commander, I suggest using it. IN currently I use Total Commander Ultra Prime, but everything written below will apply to other versions of this wonderful file manager.
The Total Comander toolbar contains a button that allows you to enable/disable
view hidden and system files
By default Total Commander is the same as standard Windows Explorer will be blind to viruses, but it is enough to turn on the display of hidden and system files to see: the autorun.inf file is conveniently located on drive C or a flash drive. Before deleting, let's open it using Notepad. We see something like this:
OPEN=AUTORUN.EXE
ICON=icon.ICO
That is, autorun.inf tells us that the true root of evil is AUTORUN.EXE. Now you can destroy both autorun.inf and autorun.exe without hesitation. By the way, autorun.exe may be replaced by a completely different file. For example, setup.exe.
It happens that when you delete these two files, after some time they magically appear again on the disk. This indicates that the virus is working and monitoring the state of the disk. In this case, let's try to turn off all suspicious processes in random access memory computer.
This is done simply. Simultaneously press CTRL+ALT+DELETE on the keyboard, which will open the Manager Windows tasks. Go to the Processes tab. We begin the shutdown first with the processes that run on your behalf. This will be reported in the column called “Username”. If the value in it is not equal to “System”, rest assured - this process works on your behalf.
To disable, click the button at the bottom of the “End Process” window.
If the autorun.inf and autorun.exe files no longer appear mysteriously on your disk, then you have finally reached the desired process, which is actually a virus and destroyed it from the computer’s RAM.
There are times when there is no file manager at hand and at first glance it is not possible to remove the unfortunate virus files. What to do in such a situation?
And we will solve this problem using the search function standard conductor. The fact is that Windows search allows you to search not only regular files, but also hidden and systemic.
Open any folder and at the top of the window click on the Search button. A window will appear on the left side of the screen where we select Files and Folders as the search object. Now we lower our eyes and click on the item Extra options. And there we check the box next to “Search in hidden files and folders.” And finally, we will enter autorun.inf into the text field.
Then you just have to wait until the computer finds the desired file. At the end of the search, all we have to do is open the autorun.inf file and, guided by its contents, find the virus file itself. You can do this in exactly the same way, using a standard search.
The last stage of our fight against the virus will be working with autoloading. If your operating system located on drive C, you can open the following utility C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe For drive D and others, the path will change accordingly.
There we go to the startup tab and uncheck the boxes. suspicious files. The best option is to uncheck all the boxes. I have rarely encountered programs for which there is a need to autostart with the operating system.
After the above operation, you will need to restart your computer.
Autoruns program
Often the capabilities built into Windows utilities MsConfig turns out to be not enough. It does not allow you to remove many hidden processes from startup, as a result of which our virus is launched in the most remarkable way at system startup. To solve the problem of program autorun once and for all, we will turn to the autoruns program; you can download Autoruns from our website.
A special feature of the program is that it does not require installation, which turns it into an excellent anti-malware tool. After downloading the archive with the program, we unpack autoruns to any folder, go to the directory with the program and run the autoruns.exe file.
After launching the program, we will see a huge list of programs running on the system, various libraries and other components. We can, of course, spend another year studying what starts in our system and finally find out: what starts when our operating system starts. However, we will take a simpler route. We will trust our intuition and logic.
But first, let's take a quick look at the autoruns program and what it is. At the top is the main menu, below are tabs with unclear names on English language. In fact, switching to each of these tabs will open us to a specific startup section.
So, in particular, switching to the “Services” tab will open to us a list of those launched in Windows Services(small programs, each of which is responsible for a specific function in the system). Switching to the "Everything" tab will reveal to us full list all programs, libraries and other components that are automatically launched when the operating system starts Windows systems.
The program list is displayed in the form of a table, where each column has its own name.
Autorun Entry- this is, in fact, the name of the program or process that runs when the system starts. The name can tell us a lot. Very large percentage viruses have dissonant names. If you see something like klfdghri.exe in the list of programs, it makes sense to remove such a miracle from autorun.
Description– short description programs, as a rule, it is written here what purposes this program serves.
Publisher– the author of this program. This information is often useful when searching for malware. As it turns out, many virus authors have a peculiar desire to become famous, so this may very well be the pseudonym of the virus writer.
Image Path– the path on your computer’s hard drive to the corresponding program. This is also an important line. For example, if the path to the program you found looks like this: “C:\Documents and Settings\admin\Local Settings\Temp”, then it makes sense to think about whether the program is useful for the system if it is launched from the temporary folder where it is usually stored all sorts of software junk? Upon careful examination, it is often this column Opposite the name of the program you can see the inscription “ File not found”, which translated into Russian will mean “File not found”. In such cases, it also makes sense to remove the program from startup.
A summary of information about a specific object is displayed when you highlight the program at the bottom of Autoruns (circled in red)
To remove a program from startup, simply uncheck the box next to its name. Here I would like to give advice: be careful - write down all your actions. Inept user actions can be worse than any virus.
The most popular threat to flash drives is Trojans that spread from using Autorun (automatic start ). It is transferred to a flash drive from your computer as soon as the media is inserted and hides your folders and files. Turns them into shortcuts and thereby blocks access.
Deal with it to the average user problematic, especially if deletion is required without data loss.
Typically, such viruses are harmless in themselves. They simply hide files and spread to other media.
You can remove a virus from a flash drive using almost any antivirus program, and infection most likely occurs due to its absence. This also applies to the memory card.
Here are a number of signs that your device is infected:
- Labels instead of folders.
- Missing information.
- Can't open flash drive ( but most likely another reason).
- Unknown files with .exe extension.
- File autorun.
- Hidden RECYCLER folder.
Remember that these problems can occur not only if the virus is on a flash drive, but also on a computer or other device. Other unpleasant things can also happen. In this instruction I will show 2 ways to remove this virus, but of course the fastest and easiest way is this. Only suitable if you do not have valuable information on it.
Manual removal method
The virus disguises itself as system file (hidden by default) and therefore you need to enable and then switch to the USB flash drive. Here you need to delete the RECYCLER, autorun and exe file. Their names may differ.
Usually this is enough, but the virus may appear again if it is located in another location. If the situation repeats, go to the next method.
Removal by antivirus
It's worth checking your computer and flash drive with any free or shareware free antivirus. For example, try downloading NOD32 ( 30 days free). After trial period you can continue to use it, but without updates. I myself actively use it.
Perform a detailed scan of your computer. All viruses will be automatically removed when found. Once completed, you can view the report.
Problems after removing the virus
Most likely, the virus will make all data hidden. Instead, there will be shortcuts that will show an error when opened. After all, they pointed to a virus that had already been removed. They can be safely deleted.
You need to make the files visible. Using them on other devices will be inconvenient because you will always have to enable the display of hidden folders, and sometimes even this will not be possible.
To fix this, go to the folder properties and uncheck the “hidden” attribute as in the image below ( show hidden folders must be enabled).
If the attribute is not available ( highlighted in gray), then download the executable .bat file, which will automatically fix everything.
Move it to the USB flash drive and run ( on behalf of administrator). Specify the carrier letter and click Enter key. You can see the letter by going to My Computer.
If this doesn't help, use free program USB Hidden Recovery. Download it from the official website and install. Run and scan the flash drive, and then start recovery.
If a virus constantly appears, it means it is on the computer ( or another device) and constantly infects the flash drive after its removal. Look for it using an antivirus.
This information should be sufficient to solve this problem. If something doesn’t work out, I’ll be happy to answer in the comments.
How did you get rid of a virus on a flash drive?
Poll Options are limited because JavaScript is disabled in your browser.
Perhaps only those who practically never use a USB drive have not encountered such a problem as viruses on a flash drive. Many users know that no matter how hard you try to prevent this problem, but sooner or later it appears, and usually quite unexpectedly. Malicious programs can not only damage files that are on the flash drive itself, but also transfer to your computer, in which case the damage can be much greater. Therefore, if you find a virus on a flash drive, do not forget to check. Let's try to figure out how to clean a flash drive from viruses without deleting files in order to perform the operation as quickly and efficiently as possible.
Main signs of infection
Almost the most common malware is the Trojan. It is usually written in boot file autorun.inf systems. The presence of a virus of this type can be indicated by the presence of files such as autorun.exe, etc. on a flash drive.
In addition, the following signs may indicate that a USB drive is infected:
- The files that are on the flash drive disappear somewhere by themselves,
- Flash drive won't open
- When you click on left button nothing happens to the mouse
- The Recycler folder appears, possibly hidden,
- It is not possible to safely remove the device, a message constantly appears indicating that it is busy,
- When starting work, an error window, etc. opens.
Viruses can appear various reasons. Typically this is to use it on an infected computer. It is also possible that the malware “attacked” your USB drive because you do not use antivirus software. Currently available on the software market huge selection different
Virus removal methods
Now let's see how to fix this situation. In order to get rid of the virus, you will need to connect the infected flash drive to a computer with good antivirus. Then there are several options for the development of events.
A virus that gets onto a flash drive writes to it specific file, which is activated when it starts. As a rule, antivirus programs neutralize it, as a result of which the flash drive does not open. It follows that you need to treat the USB drive without opening it on the computer.
Perhaps the simplest of them is to format the device. However, you will need to do a similar procedure before the flash card is opened, otherwise there is a risk of infecting the entire computer. To do this, you must first disable Autorun. Then we click My Computer and right-click on the device name. In the menu that appears, click Format. But it is worth remembering that in this case all information will be lost from the drive, which is not always desirable. In this case, you can use other methods. You should also understand that after formatting it is not always possible to completely restore all the data, but it is still possible. Read this about how to recover data after formatting.
For example, using antivirus software. After you connect the flash drive to the computer, depending on the settings, the antivirus can independently find new equipment and offer to scan it. If this does not happen, then you will have to start scanning manually. To do this, go to My Computer. Here, right-click on the flash card icon. In the drop-down menu, you need to select Scan selected files using..., then click the name of your antivirus program.
There are some utilities that allow you to clean your flash drive from viruses online. They usually do not replace the main antivirus program, but only complement it. When checking, there are two options for developing actions. The program either immediately removes viruses, or each time asks the user which command to execute: “Create” or “Delete”.
You can get rid of malware using antiviruses. However, the best option is to minimize the possibility of a virus getting onto the flash drive. To do this, you should use the USB drive less often on unfamiliar computers that may be infected or do not have an antivirus program installed.
08.11.2014 04.03.2015
A flash drive is an irreplaceable device for storing and transferring information; almost every personal computer user has it.
To ensure the safety of your computer, you need to take care of protecting your flash drives from infection by viruses, and also prepare your computer to prevent viruses located on an already infected flash drive from entering.
Which malware can they get onto a flash drive?
A flash drive is the same storage medium as HDD, mobile only. For this reason, the flash drive may contain the same viruses as those on the computer. In the “WiKi antivirus” section you can see information about the main computer viruses.
The main way to infect a computer via a flash drive is to autorun when the flash drive is connected, using the Autorun.inf file. You can see how to protect a flash drive from changing this file.
Let's look at another way to protect a flash drive from viruses - using programs. The programs presented below will help protect the flash drive from infection, and in cases where the flash drive is already infected with a virus, it will not necessary files, or the virus has hidden its contents, will help fix these problems. After this, we will analyze programs to protect your computer from infected flash drives.
Anyone can check a flash drive for viruses. antivirus scanner from this page. When starting the scanning utility, you need to select the letter of our drive and start scanning. If the scanner finds viruses, delete them and use the recommendations on this page to avoid infecting your flash drive with viruses in the future.
Protecting and cleaning flash drives from viruses.
1.The easiest way to protect a flash drive from infection by viruses is to prohibit writing any information on it. A small utility will help us with this. The program starts only with external drives, and has only de buttons - “lock” and “unblock”
2. - another little thing to protect flash drives. The principle of protection is this: when it starts, the program creates a dummy.file file on the drive, which takes up everything free space, and virus programs simply do not have the physical ability to get onto your flash drive. To get back the used space, simply delete this file.
3. - using the program, you can create non-deletable files on a flash drive, which are most often created by viruses, and thus prevent the flash drive from becoming infected with viruses.
4. an irreplaceable program for recovering files that were hidden by viruses. There are viruses that, when saving themselves to a flash drive, make all the files on it invisible, and sometimes they can be restored old look these files can be quite problematic.
The program requires installed package NET Framework 3.5.
5. Like the previous program, it helps to return the attributes of files that have been changed by viruses. When launched, the program will scan all connected flash drives and display all hidden folders and files in the window. The user will only have to indicate which files to restore and which do not need to be restored. The program is capable of automatically recovering files when flash drives are connected.
6. - a utility for cleaning flash drives from debris and virus residues. What it does: restores hidden files and folders; deletes autorun.inf files; deletes exe files pretending to be folders; deletes Recycled folders; deletes temporary office files.
We protect your computer from virus flash drives.
Almost any modern antivirus can protect your computer from viruses on flash drives, but the antivirus cannot always respond to new type a virus for which there is no signature yet in virus database antivirus. Therefore, it is necessary to produce a series additional actions to prevent automatic infection through external drives.
You can protect your PC from viruses located on a flash drive using the Windows operating system itself or using special programs.
Disable autorun using the Windows registry
We launch the registry editor, the key combination Win + R, or “Start - Run - Regedit - Ok”
Go to the end of the thread HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer and change the value of the binary parameter " NoDriveTypeAutoRun", instead of "95" (or "91") we write "FF".
But, most users prefer not to delve into such system tools as the registry editor, console, security policies, etc. So let's look at simple, but at the same time powerful programs to protect your computer from viruses that spread through flash drives.
1. - a reliable system protector against infection threats from USB drives. The program allows you to disable autostart of connected drives; deletes the autorun file and the files it launches; allows you to safely open and remove flash drives; protects the flash drive from infection.
2. - simple portable program, which makes it easier to disable autorun external devices. Just run the program, select which devices you want to disable autorun for and click “Disable Autorun”.
3. - disables autorun of all connected drives and neutralizes autorun viruses.
4. - in addition to its main responsibility, disabling autostart of connected devices, the program has a number of additional features.
Data protection - blocking usb connections devices, which can prevent leakage of user data.
Disk Cleanup - deleting temporary files; restoring the system to its previous saved state; and the “startup list” tool will show which programs are launched along with the system.
5. - a simple utility that will block everything in one click USB ports on the computer, thereby blocking access to viruses and users to our computer. By the way, USB keyboards and the mouse will work properly when locked.
Perhaps we’ll end here, if you’ve mastered so many letters, you’re a great fellow, and if it also helped you, then you didn’t waste your time in vain.
Removable USB devices for storing information in the form of the most common flash drives are no less susceptible to viruses than hard drives with operating systems installed on them. And often identifying the presence of such a threat or neutralizing it can be quite problematic. We will talk further about how to remove a virus from a flash drive and restore files (hidden or infected). To do this, you can use several basic methods. However, before using them, it is necessary to find out what the user is dealing with. As they say, you need to know your enemy by sight!
What viruses and how most often affect removable USB drives?
In general, the threats that are most often based on removable drives, not so much.
Most often, flash drives are affected by encryption viruses and Trojans, which simply hide the files and folders located there from the user. However, this category of threats is, in general, the most harmless, since information in the physical sense is not destroyed and does not disappear from the media. Thus, instead of the usual picture with all the files and folders recorded on the drive, it either sees only shortcuts that came from nowhere, or sees nothing at all.
Symptoms of infection
Removing a virus, shortcuts and related components that have settled there from a flash drive is quite simple (we’ll dwell on this separately). But first, let's look at how to actually determine that a virus has entered the drive. Please note right away that shortcuts may not always appear instead of files and directories. Sometimes access to the drive may be blocked due to the fact that the operating system does not see it. But this is rare. In the case when viewing the contents of a flash drive is possible, first of all, in the most common “Explorer” from the view menu, turn on the display of hidden objects.
If there is a virus on the storage medium, as a rule, it will be present invisible file Autorun.inf, an executable EXE object whose name most often consists of a meaningless set of letters and symbols, as well as hidden folder RECYCLER (it may not always be present).
To be sure, before connecting the device to a computer or laptop, in the autorun section located in the “Control Panel”, for removable media from the list, select “Do not take any action”, which will save you from the threat immediately penetrating a stationary device.
How to remove a virus from a flash drive using the simplest method?
First, let's look at the simplest solution that immediately comes to mind for all users without exception. Let's assume that on removable device there is no important data, the user does not need the files, and their copies or originals are available on the hard drive or other media. How to remove a Trojan virus from a flash drive? Elementary! To do this you just need to do full formatting, for which they are even suitable regular means Windows systems.
Portable scanners
But let's see how to remove a virus from a flash drive without losing data if the information stored on the drive is extremely important. It is clear that the formatting option is clearly not suitable. So what to do? You can, of course, try to delete several of the objects described above yourself, but it is far from certain that files and directories will be restored after infection (meaning that shortcuts are displayed instead). It is logical to assume that to neutralize the threat you need to use appropriate antivirus software. And the best way to do this is not standard protection tools (although you can use them), but portable utilities, among which Dr. is considered the most powerful. Web CureIt! and KVRT. Immediately pay attention to the settings of such programs. In them, the action to be performed when a virus is detected should be set to not deleting infected objects, which may affect important files user, and, if possible, treatment.
How to manually remove a virus that creates shortcuts from a flash drive?
Now a few words about what you can do if you don’t have a single suitable tool at hand. How to remove a virus from a flash drive in this case? This will require manual intervention. Some users find this a very difficult and tedious procedure. But actually it is not. First of all, through the RMB menu, check the properties of a folder that is shown as a shortcut. Here on the shortcut tab, pay attention to the “Object” field - there may be a long way, in which the name of the previously mentioned RECYCLER directory (or some other) can be entered with the addition of the name of the EXE file. The specified folder try to remove it yourself. If this proves impossible, use Unlocker utility. After that, just in case, go to the AppData directory of the user directory on your hard drive, then check the Roaming folder, since the virus can migrate there, and after removing it from the removable media, copy it spontaneously to the flash drive again.
Actions with file and folder attributes
But that's only half the story. How can I completely remove the virus from a flash drive so that the information returns to its previous form? Now you will need to perform some actions with the attributes of hiding files and directories, which cannot be removed in the properties of any of these objects (the corresponding field with a check mark on it will be inactive and marked in gray). In this case, you can use the most common Notepad to create an executable batch BAT file and enter as text the content shown in the image below.
You can do it even easier by using the tools command console, which should be run as administrator. It contains two commands, pressing the enter key after each of them (we assume that the flash drive in Explorer is designated by the letter “F”):
- cd /d f:\;
- attrib -s -h /d /s.
Note: no punctuation is needed at the end after entering the commands shown!
Recovering media using third-party utilities
Finally, if you do not like or are not suitable for the methods of removing attributes and restoring information described above, you can use special utilities third party developers.
If we talk about how to remove a virus from a flash drive in this case, this would be a good idea small program USB Hidden Recovery, in which you must first set a full scan and then perform a recovery.
If the flash drive was nevertheless formatted, no matter what anyone says, you can use R-Studio application, the use of which may not give the desired result unless only in the case of low-level formatting.