HOW TO Security

How to remove Virus from USB drives

virus-pendrive

Pen drive has become the second largest medium to spread the virus from one pc to another after the internet. They spread rapidly on PC’s which do not have a good antivirus program(updated regularly).  Such Viruses (possibly malwares/spyware) use the Autorun feature to infect machines. You plug the infected pen drive to your machine and your machine gets infected, this article will help you turn off the Autoplay feature and delete all the viruses from your USB drives.

Procedure to turn off the Autorun/Autoplay feature:

  • Goto Start >Run > type gpedit.msc in the box and press OK
  • A new windows will open with title Group Policy.
  • Under Computer Configuration, expand Administrative Templates, and then click System.
  • In the Settings pane, right-click Turn off Autoplay, and then click Properties.
  • Now select Enabled, choose All Drives from the drop list menu and press OK.

The procedure remains almost same for Vista Users, Read here

 

Deleting the Autorun .inf File:

Now that you have disabled the AUTORUN feature, let’s get started with the procedure to remove the Autorun.inf file from your USB drive. Suppose G: is your pen drive.

  • Open Command prompt, Start > Run > type CMD and press OK.
  • Type “cd\” and press enter to get tot he root C:\
  • Now enter “G:” and press enter (G: is the pen drive)
  • Type “attrib -h -r -s autorun.inf” and press enter.
  • Type “del autorun.inf” and press enter.

 

You can repeat this procedure to remove the autorun.inf files of hard disk partitions too.

Deleting the virus files:

Removing the autorun.inf file is not enough, it will only protect from the virus to run automatically on your system but its still there residing in your drive, you have to delete the files manually through windows explorer or through command prompt  the right way:

Again go to the root of that pen drive thought command prompt and type this command

attrib -r -a -s -h *.*

Now look for suspicious.EXE, .vbs or bat files and delete them individually using the delete command.

eg: delete scvhost.exe

The virus file name will possibly be copy.exe, svchost.exe, scvhosts.exe, New Folder.exe, DataAdministrator.exe, Heap41a.exe,  smss.exe, FunnyUST.exe Scandal.avi.exe, Autorun.inf, amvo.exe, kavo1.exe, kavo.exe, Ravmon.exe, Temp1.exe, FS19831.vbs, Azkaban.vbs, Azkaban.bat, etc…

Now that the autorun and other virus files are deleted your USB drive is completely safe to use. But better use a good antivirus like AVG(Free Antivirus) to avoid going through all these tedious procedures.

If your antivirus detects and quarantines the virus and not able to delete the infected files completely, backup ONLY the important files(exclude unknown files) and FORMAT the whole drive.

 

I recommend using the USB firewall, I have written about it earlier in Firewall for USB Devices

About the author

Vikram

Vikram is a Digital Media Strategy Consultant who helps small business owners grow their
business. He is passionate about blogging, digital marketing, and emerging technologies.

5 Comments

Click here to post a comment

Categories