How to Remove USB Virus Permanently Without Losing Data

How to Remove USB Virus Permanently Without Losing Data

USB drives are prone to virus attacks as they are frequently transferred from one device to another. Virus attacks can put your data at risk. If your USB is infected, you will not access all your files on the drive, or worse; they will be damaged or even permanently deleted.

Therefore, if you usually use a USB to store your data, you should know how to get rid of viruses and protect your files through enhanced cybersecurity protocols or security-specific laptops. This article will show you how to remove USB viruses without data loss.

How to know if your USB drive is infected with shortcut virus?

A shortcut virus combines Trojan viruses and worms that gather and hide all your files and folders, replacing them with shortcuts that look like the original files but are inaccessible.

Launching these fake shortcuts will run the malware, duplicate the virus and further infect your USB and your operating system. This can lead to all kinds of malware-related side effects, including worsening of system performance and theft of personal data.

Unfortunately, many users cannot identify if their USB is infected with viruses. Here are some warning signs that your USB might have a virus:

  • Unknown shortcut files: If you see your original files become shortcut files, there are unknown shortcut files on your USB, or the drive itself is in the form of a shortcut, a virus attacks your USB.
  • Weird options: In the drive’s context menu, new and unrelated options in the drive’s context menu often mean that it is infected.
  • Can’t open drive: An inaccessible drive usually means your USB has a virus.
  • Disk icon is changed to folder icon or removed – If the USB disk icon changes to a folder icon or disappears completely, it is most likely infected.

How to check for viruses on a USB?

1 1

Since USB drives are susceptible to viruses, it is best to check for viruses before using them. However, the AutoRun feature automatically opens the USB drive on most systems, preventing you from checking the drive and spreading the virus if it’s infected.

RELATED:  Should I Choose Wired Or Wireless Gaming Mouse

Fortunately, there is a way to disable this feature, ensuring your USB is virus-free before using it. This is how you do it:

  1. To disable the autoplay feature in Windows 10, click Start > Settings > AutoPlay. Disable the button under the “Use Autoplay for all media and devices” option. Alternatively, you can click the search button and type “AutoPlay.” This will take you to the autoplay settings.
  2. After disabling autoplay, please insert the USB. Next, click Start or the search icon, type “CMD,” and press Enter. This will launch the command prompt.
  3. Check your USB drive letter, type it into the command prompt, and press Enter. This will change the C:\Users\ line to the drive letter.
  4. Once commanding the drive folder, type “dir /w/a” and hit Enter. This command will give you a directory listing of all the files on your USB. Carefully inspect the list and check if any of these files are on your USB:
  • Autorun. inf
  • newfolder.exe
  • Ravmon.exe
  • svchost.exe
  • heap41a

If so, your drive is most likely infected, and the viruses should be removed immediately.

Ways to remove viruses from USB without losing data

If you want to know how to remove virus from the USB without losing data, there are different methods you can try. Here are some ways you can do to remove an infection from your USB without losing your valuable files:

Remove virus using CMD.

To remove the shortcut virus from your USB and recover your files, you can use the command prompt on your system. This is one of the best methods, and you have a 95% chance of removing the infection. Here are the steps on how to remove USB shortcut virus without data loss via CMD:

  1. Click Start or the search icon and type “cmd.” Right-click Command Prompt and click run as administrator.
  2. Insert the infected USB and make a note of the drive letter. At the command prompt, type the following command attrib -h -r -s /s /d F:*.*
RELATED:  How To Use Google Maps To Check The Air Quality

Note: The F in this command is the drive letter. Make sure to change it to the correct drive letter affected by the virus.

Command explained:

  • Attrib – An MS-DOS command that helps modify file folder properties.
  • -h: show all hidden folders
  • -r: recreate the files on your disk
  • -s: removes the file link on the system.
  • /s: Directs the command to loop through all files and folders on the entire device
  • /d: Directs the command to apply to folders as well, since the attrib command only handles files.
  • *.*: Indicates that all file and folder names should be considered a match.

3. Press Enter and wait for the command to complete. Once done, the command will recheck your drive and convert the shortcut files to regular files.

Once the command process is complete, check your drive and delete any unknown files you can find. Then transfer all the recovered files somewhere and reformat your USB drive before using it again.

Remove viruses by generating a batch file

A batch (BAT) file is a script file that can help remove viruses from your USB. There is no need to download anything; all you need is your system’s Notepad. This is how you can generate a BAT file:

1. Open Notepad located on your system and copy and paste the following code:

@echo off

attrib -h -s -r -a /s /d H:*.*

attrib -h -s -r -a /s /d H:*.*

attrib -h -s -r -a /s /d H:*.*

@echo complete

Note: Don’t forget to replace H: with your drive letter.

2. Save the file with the correct name to avoid getting confused, and add “.bat” to the end of the file name. (Example: removevirus.bat)

3. Close Notepad and run the BAT file with administrator privileges (right-click the file and select run as administrator). This will remove all existing shortcut viruses.

Remove viruses by modifying registry files

Adjusting your registry files can prevent shortcut viruses from infecting your system. However, you can damage your computer, so use this method at your own risk.

  1. Press Ctrl + Alt + Del simultaneously to launch Task Manager and click Processes. In this tab, find wscript.exe, click it and then click end task.
  2. Open Run by pressing Windows + R keys together and then type Regedit. Press Enter. This will open the Registry Editor.
RELATED:  iOS 16: How To Set Up A Dynamic Weather Lock Screen Wallpaper

3. In Registry Editor, double-click HKEY_CURRENT_USER > Software > Microsoft > Windows > Current version > Run. On this page, find odwcamszas.exe (Shortcut Virus), right-click on it, and press delete.

Remove viruses by using antivirus programs

If you are overwhelmed by all the above commands or don’t have enough time to do these methods, you can remove the USB flash drive virus online for free through reliable antivirus programs.

There are tons of free and paid antivirus programs out there which can automatically remove any existing virus on your USB drive.

Conclusion

Even if you are the most careful person, your USB can still be infected by viruses. The methods mentioned above can help remove infections from your USB and preserve your valuable data.

However, the best way to keep your data safe is to prevent your USB from getting infected with viruses. Therefore, you should always be vigilant and careful to insert your flash drive to ensure your safety.

FAQ

How does my USB get a virus?

A pen drive or USB can receive a virus from an infected computer. So make sure you insert your USBs into trusted computers.

How do I avoid getting a shortcut virus on my USB?

If you can, never use your USB on a public computer. Please disable AutoRun on your system and always scan your device for viruses.

How do I remove a virus from my USB online for free?

There are tons of free antivirus software available online. Make sure you choose a reliable one.

Can I remove viruses by deleting files on my USB?

Removing the infected file from your USB will remove both the virus and the file. However, if the virus has already infected other files, you should delete all of them because this may compromise your data.