How to remove the pen drive shortcut virus>

...if you remove that file, you break your system. How exactly did you "trace" anything to that file? You can verify and repair system files with sfc /scannow.

Hmm...The .lnk shows the path to that file.

If you have a shortcut that merely runs that file, it's not necessarily an indicator of an issue. Executing rundll32.exe with no arguments does absolutely nothing. It is certainly not a reason to dive in and delete it. Please provide more details - what makes you think this is a virus, and what is the entire shortcut target line?

With all due respect, I would recommend actually using an antivirus software rather than do detective work on your own, considering it's led you to the conclusion to delete crucial system files.

@Moses See edits, please! No, it's led me to that conclusion since there exists a malware that creates a file in your system by the name "rundll32.exe". I have faced it before, and deleting it solved the problem. It's just that it was never in system32 folder.

@Cheeku If that file was modified, sfc should catch it and fix it. Deleting it would be a bad thing. Anyway, as you can see, it's not exactly an easy thing to modify - which makes it all the less likely. Disguising other programs under that name in other locations is (was?) a common tactic, but in the correct location it's a heavily protected core system file. Again, what's the full target of that shortcut? If there were no arguments after the executable name, it'll do literally nothing (apart from launching a program stub and then closing itself). Also, why are you against AVs?

@Bob The argument is the .ini file which I mentioned in the question. More specifically, "%hoMEdrive%\WINDOWS\System32\rundll32.exe ~%QOFNPYRVHRSUNP.ini, lnk " is the path!

@Cheeku Mmm, after your edit it becomes much easier. Just remove the Shortcut-virus. You can follow instructions here or anywhere you find on the web googling for Pendrive+Shortcut+virus.

@Rik Obviously tried that! The command just displays the hidden folder created by the malware in the name "_" along with the .ini file. What help does it do to me? I could always open that folder by clicking on the .lnk. Now, I can directly open it. But the malware is still there. It's just a way around it, not a solution.

@Cheeku Again - sfc should catch any modifications to %SystemRoot%\System32\rundll32.exe. You can run it from an installer DVD if you want to be certain that sfc itself has not been tampered with. Otherwise, that is the correct path for that file - and what it does depends on the arguments. The first argument should be a DLL; a text file (e.g. .ini) is not a valid target from any of the documentation I've seen. Can you check the contents of that text file?

@Cheeku You need to copy your real files off the pendrive and format it. After that copy your files back and the virus should be gone from the pendrive. Use a virusscanner to scan the rest of your harddrive.