How to remove the pen drive shortcut virus>
CASIR should help you here.( Common And Stubborn Infections Remover )
http://www.sergiwa.com/modules/mydownloads/singlefile.php?cid=2&lid=6
If that does not help, you can use Kaspersky Rescue Disk to scan and clean your computer while your windows is sleeping. Kaspersky Rescue Disk boots into a Linux Environment and then scans your Windows Installation. This way the virus which is active when windows is running, does not get a chance to interfere when the Kaspersky Rescue is cleaning your computer from a Linux Environment.
Related videos on Youtube
Cheeku
I like doing science. The way complex applications turn out from basic principles interest me. I am interested in making stuff, doing something different. To be more rhetorical, discovering something no one has ever seen.
Updated on September 18, 2022Comments
-
Cheeku over 1 year
Background: I have the common Pendrive Shortcut virus(creates a shortcut within the pendrive),
Question: How can I remove it?
Some additional info: There is a hidden .ini file included with the .lnk file in the drive folder. That's not exactly hidden, since it only shows on using the "ls" command at cmd. The file name is something like "~(random character string).ini", where random character strings are like "a3b$%N3a4"
-
tvdo over 10 years...if you remove that file, you break your system. How exactly did you "trace" anything to that file? You can verify and repair system files with
sfc /scannow
. -
Cheeku over 10 yearsHmm...The .lnk shows the path to that file.
-
tvdo over 10 yearsIf you have a shortcut that merely runs that file, it's not necessarily an indicator of an issue. Executing
rundll32.exe
with no arguments does absolutely nothing. It is certainly not a reason to dive in and delete it. Please provide more details - what makes you think this is a virus, and what is the entire shortcut target line? -
Admin over 10 yearsWith all due respect, I would recommend actually using an antivirus software rather than do detective work on your own, considering it's led you to the conclusion to delete crucial system files.
-
Cheeku over 10 years@Moses See edits, please! No, it's led me to that conclusion since there exists a malware that creates a file in your system by the name "rundll32.exe". I have faced it before, and deleting it solved the problem. It's just that it was never in system32 folder.
-
tvdo over 10 years@Cheeku If that file was modified,
sfc
should catch it and fix it. Deleting it would be a bad thing. Anyway, as you can see, it's not exactly an easy thing to modify - which makes it all the less likely. Disguising other programs under that name in other locations is (was?) a common tactic, but in the correct location it's a heavily protected core system file. Again, what's the full target of that shortcut? If there were no arguments after the executable name, it'll do literally nothing (apart from launching a program stub and then closing itself). Also, why are you against AVs? -
Cheeku over 10 years@Bob The argument is the .ini file which I mentioned in the question. More specifically, "%hoMEdrive%\WINDOWS\System32\rundll32.exe ~%QOFNPYRVHRSUNP.ini, lnk " is the path!
-
Rik over 10 years@Cheeku Mmm, after your edit it becomes much easier. Just remove the Shortcut-virus. You can follow instructions here or anywhere you find on the web googling for Pendrive+Shortcut+virus.
-
Cheeku over 10 years@Rik Obviously tried that! The command just displays the hidden folder created by the malware in the name "_" along with the .ini file. What help does it do to me? I could always open that folder by clicking on the .lnk. Now, I can directly open it. But the malware is still there. It's just a way around it, not a solution.
-
tvdo over 10 years@Cheeku Again -
sfc
should catch any modifications to%SystemRoot%\System32\rundll32.exe
. You can run it from an installer DVD if you want to be certain thatsfc
itself has not been tampered with. Otherwise, that is the correct path for that file - and what it does depends on the arguments. The first argument should be a DLL; a text file (e.g..ini
) is not a valid target from any of the documentation I've seen. Can you check the contents of that text file? -
Rik over 10 years@Cheeku You need to copy your real files off the pendrive and format it. After that copy your files back and the virus should be gone from the pendrive. Use a virusscanner to scan the rest of your harddrive.
-
-
tvdo over 10 yearsNO. NONONONONO. THERE IS ALMOST NEVER A GOOD REASON TO DO THIS. YOU ARE BETTER OFF REINSTALLING THE SYSTEM. I rarely shout like this, but... seriously?!?!
-
Cheeku over 10 yearsOkay! Made an edit!
-
Simiil over 10 yearswhy the downvote? i just answered his question (before he edited it), i never said it was a good idea...
-
ganesh over 10 yearsAs background for the OP: Compare the virus to a list which says "Get a knife from the kitchen drawer, then pry open a locked cabinet". As answer to that you are trying to remove all knives from the kitchen drawer, which is not the solution (and those knives are used for other things which will fail if you remove them). Instead remove the .lnk file.
-
Cheeku about 10 yearsI was thinking I better switch to Linux, as the virus is present but shows no effect there.