Home » Devices

The files on the flash drive turned into shortcuts. What to do?

ATTENTION! Do not under any circumstances open any shortcuts or files on a flash drive - you can launch a virus on your PC.

Hi all! Today I encountered the following problem: I open a flash drive, and instead of files there are shortcuts on it. The question immediately arose: how can this be cured, and is there any chance of recovering damaged data? At first I was even a little scared, since the flash drive contained very important documents and photographs with videos. But in the end I managed to restore them, and now I’ll tell you how I did it.

As I guessed, if all the files or folders on the flash drive become shortcuts, it means a virus has worked there, and this can only be the reason. Some folders may disappear, and the volume of the flash drive itself and the occupied memory does not change and remains at the same level. Also, some may have other files and folders with the “lnk” extension.

Treating a flash drive with one BAT file

If you are too lazy to do all of the above, you can create a file that will do all this for you. For this:

Read also:  Meizu M5 Note review – a great smartphone not for gamers
  1. On your desktop or any other area of ​​your computer, right-click and create a text file.
  1. You can call it whatever you want - it doesn't matter. Now go inside and write 4 lines:

attrib -s -h /s /d rd RECYCLER /s /q del autorun.* /q del *.lnk /q

  1. Click "File" and "Save."
  1. Now close it, right-click and select “Rename” from the list.
  1. Instead of "txt" enter "bat". There must be a period before this. Confirm the change by clicking "Yes".

Now it has turned into a launchable “BAT” file. To activate it, double-click. After that, through the console, he will do all the same actions that you did a little earlier: make the folders visible, delete the folder with the virus and shortcuts.

NOTE! If this method does not help, then most likely the virus’s folder is called something else, so you need to use manual removal.


Getting missing folders back

The next step is to return the folders that have become shortcuts on the USB drive. This is where the fun begins. The fact is that depending on the modification, the method by which the virus hid the directories may be different. In the simplest case, just go to the flash drive. There you will see hidden folders (we included their display above). You just need to right-click on each of them, open its properties and uncheck “Hidden”.

But if a more advanced malware has worked, then most likely this checkbox will be unavailable and you will not be able to easily remove the “hidden” attribute from the folder after the virus.

In this case, right in the root of the flash drive, create a text file in which you need to copy this line:

attrib -h -r -s -a /D /S

Close the text editor and change its extension from *.TXT to *.BAT. Right-click on the file and select “Run as Administrator” from the context menu.

After this, the folders should become visible. If something is not clear, watch the video instructions:

Automated option

For those who do not like to do everything manually, preferring to rely on scripts, there is also a great way. It consists in the fact that you need to again create a BAT file on a removable drive, open it with Notepad and copy the following code there:

:lable cls set /p disk_flash=”Input USB Drive Name: » cd /D %disk_flash%: if %errorlevel%==1 goto lable cls cd /D %disk_flash%: del *.lnk /q /f attrib -s -h -r autorun.* del autorun.* /F attrib -h -r -s -a /D /S rd RECYCLER /q /s explorer.exe %disk_flash%:

Close the text editor and save the changes. We launch the script for execution. At the beginning, he will ask you to indicate the letter under which the flash drive is displayed in Explorer. After that, it will delete the RECYCLER folder, the autorun file autorun.inf and return the attributes to the folders that have become shortcuts. This option works great in most cases with a bang. But if you suddenly come across a more cunning modification of such a virus, then you still have to roll up your sleeves and work with your hands.

Checking the system for virus autorun commands

In some cases, viruses register themselves in the system startup. Manually check the following registry branches (regedit.exe) for suspicious entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    – these programs run when the computer boots
  • HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
    programs that automatically start when the current user logs in

Delete all suspicious entries and unfamiliar programs (you won’t do anything bad, and even if you disable the startup of some necessary program, you can always launch it manually after logging in).

Read also:  Apple Watch Series 3: still the same smart watch, but now with LTE

Other ways to autostart programs on the system are described in the article.

Removing the virus

The shortcuts launch the same file. Right-click on any shortcut and click properties. In properties, click on the shortcut tab and look at the object item.

The object item is quite long, but it is easy to find the path to the virus in it, most often it is something like 456325.exe in the Recycle folder on the flash drive itself. We delete it along with the folder and now clicking on the shortcut is not dangerous.

Cleaning a flash drive from a virus

First you need to enable the display of hidden files and folders on the flash drive. To do this, go to the explorer properties in the view tab. If you have Windows 10, of course. For older versions, this is done in the control panel: personalization tab - settings - view.

We went into properties, now let’s take a couple of simple steps:

  • Uncheck the “hide protected files” box.
  • Check the “show hidden” box.

Done, now you need to finally clean the flash drive from the virus. In order not to format the entire flash drive, which may still not work, you can look at what these shortcuts launch. According to the standard, they all open this virus. Just go to the shortcut properties and see for yourself by detecting double launch. The first opens a folder, the second a file with a virus.

This is shown in the "Object" line. There you will see the name of the folder with the virus, where the name of the virus itself will end in “.exe”. Now you need to find among the shortcuts the name of the folder that was registered in the “Object” line. There is a virus file there. We send this folder to Hades along with the virus (Delete button).

Now you need to restore your folders, and the remaining shortcuts can be deleted. All folders on the flash drive are now hidden, you can tell by their transparency. Now you can’t just uncheck the boxes; you need to turn to the greatest intelligence: the command line.

There are two ways to solve the problem. First:

  • Open the command line. To do this, press the Win+R key combination and enter cmd in the search, and write the following two commands there
  • cd /df:\ (the letter f here is the letter of the removable disk, that is, a flash drive, yours may be different)
  • Press Enter and enter the following command
  • attrib -s -h /d /s
  • Enter again, and now your folders will return to their original form.

The second way is also not difficult, but here instead of the command line, you will need to create a batch file on a flash drive. He does everything the same.

  • Create a text file on your flash drive
  • Write into it the command you already know attrib -s -h /d /s
  • Now save it by adding .bat to the name
  • Run the file and wait for the recovery to complete. Ready.

If you have a lot of files on your flash drive, the recovery process may take a little longer, no matter which path you choose. The main thing is don't worry, everything will be fine, just wait.

When the process is finished, change all the values ​​in the Explorer properties. That is, what we did at the very beginning, only in reverse.

After the entire procedure, do not forget to check your flash drive for infected objects with antivirus or Windows Defender, just in case. It's better to scan the entire computer.

Solving problems and other methods of virus removal

The above two methods are the best, in my opinion, for fighting the shortcut virus. However, problems can arise in the form of an "Access Denied" error - often on a drive with the NTFS file system and rarely on FAT and FAT32.

  1. In Fixfolder, make sure you change the letter to match your drive letter.
  2. At the command prompt, make sure you type the command correctly, including spaces.

If you do everything correctly, you still see the error:

Read also:  Alcatel POP 4, POP 4 Plus and POP 4S - review, specifications, comparison with Idol 4S, price, buy
  • Run a CHKDSK check using the command line (see) and try everything again.

I could end the article here, since I think that the methods I indicated above are sufficient. But still, if it didn’t help someone, here are some useful programs that can also fight the “shortcut” virus:

Content:

  1. How does virus infection occur?
  2. How to avoid infection?
  3. What happens when infected with viruses?
  4. How to get rid of viruses on a flash drive?
  5. How to get rid of a virus on your system hard drive?
  6. How to remove a virus from startup

Malware and virus software can have different effects on the operating system.

Some viruses delete data or steal important files from your computer. Others create shortcuts to arbitrary files or shortcuts with dubious advertising and Internet resources.

In addition, recently a high activity of viruses has been noticed, making shortcuts from important files through which it is impossible to open data .

Such viruses can be found on a hard drive or located on removable media , interfering with comfortable use or even replacing any connected device with a useless shortcut.

Recovering files on a flash drive

Now we can safely remove all the shortcuts. But our files are still hidden and system files (they are transparent). You can't just remove these attributes. There are several ways to restore the initial attributes of our files:

First way

Open “Start” - “Run” - Enter the CMD command - press ENTER. A black command line window will open in which you need to enter the following commands:

  • cd /df:\ press ENTER, where f:\ is the letter of our flash drive (may differ from the example)
  • attrib -s -h /d /s press ENTER - this command will reset the attributes and the folders will become visible.

Second way

1. Create a text file on a flash drive.
2. Write the command
attrib -s -h -r -a /s /d , rename the file to 1.bat and run it.
3. .
Unpack the archive → copy the “1.bat” file to the USB flash drive → run this file. If there are a lot of files on the flash drive, then the process of removing attributes can take up to 15 minutes. To prevent virus infection, we strongly recommend using anti-virus programs. Check your computer for viruses. After connecting the flash drive, check it for viruses. You can check the flash drive with Kaspersky antivirus. You can read how to use Kaspersky legally and for free in this article Journal keys for Kaspersky 2020

Removing virus executable files on a USB flash drive

The first step is to get rid of the virus executable files. This can be done using any antivirus (fortunately, there are a lot of free or portable versions, such as Dr.Web CureIt or Kaspersky Virus Removal Tool), but if it is not there, you can try to find and neutralize the virus manually. How to find the files of a virus that has infected a USB flash drive?

In this example, RECYCLER\e3180321.exe is the same virus. Those. The virus file named e3180321.exe is located in the RECYCLER folder. We delete this file, or maybe the entire folder (I recommend checking the presence of this folder both on the infected flash drive itself and in the system directories C:\windows, C:\windows\system32 and in the profile of the current user (more about them below)).

  • on Windows 7, 8 and 10
    - C:\users\username\appdata\roaming\
  • in Windows XP
    - C:\Documents and Settings\username\Local Settings\Application Data\

If these directories contain files with the extension " .exe"

", then most likely this is the executable file of the virus and can be deleted (on an uninfected computer there should be no .exe files in this directory).

In some cases, such viruses are not detected by antiviruses, because they can be created in the form of .bat/.cmd/.vbs script files, which, in principle, do not perform any destructive actions on the computer. We recommend that you manually check the flash drive for files with such permissions (their code can be viewed using any text editor).

Now clicking on a shortcut is not dangerous!

Rating
( 2 ratings, average 4.5 out of 5 )
Did you like the article? Share with friends:
You may also be interested
How to hide shortcuts, files and folders on the desktop
Folders settings
How to recover hidden files. Restoring the previous appearance of folders on a flash drive. What to do if the “hidden” attribute is not unchecked
windows desktop
What to do if all the shortcuts have disappeared from your desktop - there is a solution!
ransomware virus
A virus has encrypted files on your computer, what to do, how to cure and fix it?
Allow installation from unknown sources if the file cannot be opened on Android
What should I do? Downloaded files cannot be opened. How to open a file on Android
Windows command window
Does not download files from the Internet. Why Yandex browser does not download files and how to fix it
How and with what to check, scan a flash drive for viruses online and clean it of viruses without deleting files: methods
EML files. What are these files and how to open them
Shortcuts and programs do not launch: instructions for restoring normal PC operation
How to recover files deleted by Windows Defender?
Control Panel
How to customize Windows appearance! Shortcuts, desktop background, theme
Complete file deletion | How to delete files completely?
For any suggestions regarding the site: [email protected]
Для любых предложений по сайту: [email protected]