Wednesday, January 30, 2008

How to remove virus from USB drive

The most popular media to spread virus is USB drive and it is faster to spread virus and very effective. But do you know, if you know how to remove the virus in your USB drive, you can save not even your computer but the whole organization. What is the most important thing is at the moment you open your USB drive.

Opening USB

Usually we always just double click the USB drive but after this you need to open it using adress bar. Address bar is on the top of your window at about 1.5 cm from the title bar. But if there is no address bar, you can enable it by click view> toolbars> address bar. By opening your USB drive using this way, you can prevent the virus from autorun.

After you open your USB drive, you need to enable hidden and super hidden file. To do this, click on Tools> Folder Options.
Click on view tab and scroll down and thick on Show Hidden Files and Folders radio button and uncheck the Hide protected operating systems and Hide extensions for known file type. After that click apply. After this step you will see all the hidden and super hidden in your computer but remember, don't remove blindly files in other drive because some of it is important systems file.

After that, if your drive is infected, you can see a file named autorun.inf. Double click the file to know what the virus file. In my USB drive the files contain:

[autorun]
Open = wscript.exe \VirusMawar.js
shellexecute = wscript.exe \VirusMawar.js
shell\Open\command = wscript.exe \VirusMawar.js
shell\Explore\command = wscript.exe \VirusMawar.js -Clicked
shell\AutoPlay\command = wscript.exe \VirusMawar.js
shell\Scan for Viruses\command = wscript.exe \VirusMawar.js
shell\Scan with Norton AntiVirus\command = wscript.exe \VirusMawar.js
shell\Scan with AVG\command = wscript.exe \VirusMawar.js
shell = Explore
The suspected virus is VirusMawar.js and find the virus in you USB drive and hightlight the virus file and press shift+delete to permanently remove the file. Now you can be a hero. :) Hopefully you enjoy this tutorial.

6 comments:

Anonymous said...

thank for your info.

Quakeboy said...

This is another good way too .. nice

Anonymous said...

Good post and this mail helped me alot in my college assignement. Gratefulness you for your information.

Anonymous said...

I tried shift+delete, and my computer said that it the directory pathway was somewhat faulty, and I've tried searching VirusMawar.js in my computer for several times and there's no result. Does that mean it has been cleared from my computer?

example010 said...

i dont want to give you safe answer by saying "yes" because there are possibility that the virus had changed their names because there are some variant of this malware.. but as long as you dont have the side effect such as cannot access regedit after you already recover it, it shows that you have the possibility not infected..

Jasmine said...

Really useful blog.Good work keeping this updated! USB Boot Drive Thanks a lot!