Saturday, 4 January 2014

How to remove Shortcut Virus from Pen Drive, Memory card and PC

RemoveShortcutVirus.jpg
Now a days almost every computer user having a USB Flash drive (pen drive), which they uses for transferring data (movies, games, documents etc.) I think it’s not wrong if I say that USB, memory card etc. are just become a necessity of every computer user, because it is very easy to use and very handy also which makes it a good choice, Instead of carrying CDs or DVD’s. But Besides these advantages there is a disadvantage also, that when you using this kind of memory (Flash memory) then the risk of viruses is become high.


And now the days, a Virus widely known as Shortcut virus become headache of almost every computer users. It makes every user very frustrated when the data of their USB/Memory card changed into shortcut and become inaccessible. So here today I going to show you How get Rid from this Virus (actually a worm)… First of all we have to find out what is this Shortcut Virus Actually is...?

What is shortcut Virus and what does it do??

It is an small piece of code, usually coded in VBScript or in Batch/Shell Script, Which converts all the data of your Removable Drives (such as Pen Drive, Memory Card) into shortcuts and Hide the original data with “System Folder & Hidden folder” attribute. This type of viruses actually detected in Removable drive but sometime it also infects your PC too. 
Whenever you plug any pen drive or memory card to the infected system then this virus automatically get copied to your removable drive without your permission (just as Self-replicate virus). And converts all your pen-drive data into shortcuts and hides the original data.

Some technical Details...

It belongs to Win32 Worm: VBS/Jenxcus. This worm gives hacker‘s access and control of your PC. It usually can be installed in any of the following folders:
%APPDATA%, %ProgramData%
<startup folder>
 %TEMP%
%USERPROFILE% %windir%
For more technical details Visit here.

How to know that your PC get affected by VBS/jenxcus..?

You can easily detect it by its name. Just open the above given directories one by one is you can see it as “anything.VBS”(MICROS.Vbs,temp.vbs,crypted.vbs,do.vbs,system32.vbs etc.) and this file can’t be deleted.

How to Get Rid From This Virus

Method 1

First of all we unhide all the hidden files (Original Files) and delete all the shortcuts.For this
Open CMD (Command prompt) as Administrator privileges [Windows key + R].
Here I assume your pen drive letter as H: 
Enter this command.
attrib -h -r -s /s /d H:\*.*
ShowHiddenFiles.jpg
You can copy the above command >> Right click in the Command Prompt and
paste it. 
Note: Don't forget to replace the letter H with your pen drive letter.
Now press Enter.
That’s it!
Now open your pendrive..
Yeah..! :) now you can see all your files are there…now just delete all the shortcuts and specially DELETE “Anything.VBS”(it may with any name but its extension is .VBS) File.

Now Refresh the explorer by Right click>>refresh. If files again changed to shortcut it means your PC also infected by this virus. For solving this issue follow the below given steps Method 2.

Method 2

1) “Download & install” (only For Windows XP, & 7)
 MSE (only 13.5MB)-Click here.

Or if you are using Windows 8 then just update Windows Defender and Scan your PC...it detect this worm as well as other malwares and viruses.
2) Scan Your PC…it will remove this as well as all other viruses and malwares.
If you're facing any problem/issue, Please tell us by posting comment.

6 comments:

  1. Effective Trick Emrit bhai....good job carry on..

    ReplyDelete
  2. I can see that you possess a degree of expertise on this subject, I would like to hear much more from you on this subject matter – I have bookmarked this page and will return soon to hear additional about it.

    ReplyDelete
  3. After read this informative and effective post regarding technicalities of viruses attacon on systems i have good knowledge now to fix this issue and to explain this issue to others.

    ReplyDelete
  4. very informative post for me as I am always looking for new content that can help me and my knowledge grow better.

    ReplyDelete