A shortcut virus hides your files and folders and then replaces them all with shortcuts that look the same. See how you can remove it.
Viruses are dangerous and harmful programs, but the Shortcut Virus is probably one of the most insidious viruses on the internet. It can infect your device and then trick you into downloading further malware. Let's look at it in a little more detail.
What is a shortcut virus?
A shortcut virus is a type of Trojan and worm that hides all your files and folders and then replaces them with shortcuts that look like the originals.
When you start one of these fake shortcuts, you end up running malware that copies the virus and further infects your system, leading to personal data theft, poor system performance, and all sorts of other malware-related side effects.
Shortcut viruses mainly affect physical file transfer devices such as USB flash drives, external hard drives, and SD memory cards, but can be transmitted to computers when exposed to an infected device that exploits Autorun or Autoplay in Windows.
Many shortcut viruses go undetected by antivirus software, so running a security suite with a virus scanner is usually not enough. Fortunately, the process of manually removing a shortcut virus is relatively simple and painless.
How to remove a shortcut virus from a USB drive
If you have a USB flash drive, external hard drive, or SD memory card that is infected with a shortcut virus, the infection will spread every time you connect it to a Windows computer.
Unfortunately, if you only have one Windows computer, you will need to connect the device, remove the virus, and then remove the shortcut virus from your computer as well.
Here's how to remove the infection from the external device:
1. Connect the infected external device.
2. Open File Explorer (Windows key + E) and look under the Devices and Drives section to find the external device. Note the letter of the external drive (eg E :).
3. Start a command prompt with administrator privileges by opening the User Power menu (Windows + X keys) and selecting "Command Prompt (Administrator)".
4. Insert the command line holder into the external drive by typing the drive letter you noted in step 2, and then press Enter: E:
5. Delete all shortcuts on the device with this command: del * .lnk
6. Restore all files and folders on the device with this command: attrib -s -r -h / s / d *. *
The attrib command is an inherent Windows function that changes the attributes of a particular file or folder. The other parts of the command specify which files and folders to change and how they should be changed:
- -s removes the "system file" status from all corresponding files and folders.
- -r removes read-only status from all corresponding files and folders.
- -h removes the "hidden" status from all corresponding files and folders.
- / s commands to be applied retrospectively to all files and folders in the current directory and to all subdirectories - basically the entire device in this case.
- / d makes the command also apply to folders (usually attrib only handles files).
- *. * means that the command interferes with all file and folder names.
After doing all this, consider copying all your files from the external device, formatting the external device completely to wipe it, and then moving your files back to it.
How to permanently remove a shortcut virus from your computer
If your computer is infected with a shortcut virus, then every time you connect another external device, the infection will spread to that device.
Here's how to remove a shortcut virus using CMD (on a Windows computer):
1. Open Task Manager (keyboard shortcut Ctrl + Shift + Esc).
2. On the Processes tab, search for wscript.exe or wscript.vbs, right-click on it and select End Job. If you see both, go ahead and do the same for both.
3. Close Task Manager.
4. Open the Start menu, type regedit, and start Registry Editor.
5. In the Registry Editor, go to: HKEY_CURRENT_USER / Software / Microsoft / Windows / CurrentVersion / Run
6. In the box on the right, look for any strange keynames, such as odwcamszas, WXCKYz, OUzzckky, etc. For each one, do a Google search to see if it is related to Shortcut Virus.
7. If yes, right click on them and select Delete. Do it at your own risk! Always make sure you know what a key does before deleting it. Accidentally deleting an important key can make Windows unstable, so check everything.
8. Close the Registry Editor.
9. Open the Run command (Windows + R keys), type msconfig, and then click OK to open the System Configuration window.
10. On the Startup tab, look for any .EXE or .VBS programs, select each one, and click Disable.
11. Close the System Configuration window.
12. Open the Run command (Windows + R keys), type% TEMP%, and then click OK to open the Windows Temp folder. Delete everything inside. (Do not worry, it's safe!)
13. In File Explorer, go to the following folder:
C: \ Users \ [username] \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ Startup
14. Look for any strange .EXE or .VBS files and delete them.
If all of the above does not work, you can also try using USBFix Free. It is technically intended for cleaning USB drives and other external devices, but you can install it on regular system drives and it will clean them as well.
Works well as a shortcut virus removal tool. Many have seen success with this, but we can not be held responsible if it fails and you lose data. Always back up your data!
If the infected drive or partition is the same as your Windows system (for most users, this means drive C :), there is no easy way to clean up all the fake shortcuts. Fortunately, in Windows 8.1 and 10, you can choose to reset or refresh Windows. In Windows 7, you will need to reinstall the operating system.
Avoid malware in the future
A shortcut virus is a very bad type of malware, but that does not mean it is impossible to detect or fix. Now you know how it works and what to do when you become infected with it.