My USB thumb drive got infected by a trojan virus. All folders in the thumb drive had become shortcuts!
From the properties, the shortcut folder is pointing to 0x29ACAAD1.exe file. Kaspersky detects it as Trojan.Win32.VBKrypt.cvcu, and 35 out of 42 antivirus companies confirmed that it is a trojan virus – VirusTotal result.
Warning: Don’t double click the shortcut or you will execute the trojan virus.
Luckily, you don’t need a data recovery tool to fix this problem. The only thing that you need is just the command prompt.
Here I’ll show you how:
- Go to Start > Run.
- Type, “cmd” and click Ok.
-
Now type this command, and press Enter:
attrib -h -r -s /s /d f:\*.*
Note: Replace f: with your USB drive letter.
- Done.
You will see two folders in the USB thumb drive. One is the shortcut, and the other one is the original folder as shown below.
Now copy the orginal folders to a safe place, and format your USB thumb drive. This to ensure that your thumb drive is completely free from the trojan virus, and don’t forget to scan your computer with antivirus too.
That’s all. Hope this help!
Btw, if your files and folders are suddenly missing/hidden in USB thumb drive, follow this trick to unhide them.
PS: If your PC still having problem, you can either scan your PC with antivirus or repair it to speed up by using Registry Easy.
harris says
hi i got this problem but when i execute this in the cmd.exe
attrib -h -r -s /s /d f:\*.*
it says access denied
kalpesh says
open cmd in administrator
and then do
sannababu says
Very nice command is working and data get back now thank you very much………
Amol says
Showing Access denied but still it is working…
Thanx friend.. I recovered my important data
td says
I am already in Admin profile, i’m still getting the access denied
lu says
nice job my frenz!!
friendsforever says
Thousands of html files infected with HTML/Drop.Agent.AB virus.
Kindly requesting a script file for cleaning the infected files. Script should accept Drive letter as argument. Need a Windows shell or VB script to run on Win-(XP,Vista,7), to recursively search through a entire drive/partition for html files, CLEAN files by Deleting everything after “” i.e. “closing HTML tag”, virus code starts from this point and create a log file for listing of edited files.
NO NEW FILES TO BE CREATED (strict rule).
jmeter says
Nice job! helpful, thanks.
Paul Azar says
it says :
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\DE\animation.exe
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\EN\animation.exe
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\ES\animation.exe
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\FR\animation.exe
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\ISSetupPrerequisites\{726F97A8-63B9-4A58-ACFB-B8A56B383740}\msxml6_x86.msi
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\ISSetupPrerequisites\{726F97A8-63B9-4A58-ACFB-B8A56B383740}
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\IT\animation.exe
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\KR\animation.exe
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\SCH\animation.exe
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\TCH\animation.exe
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\Cedar.dbd
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\Cedar.txt
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\DE
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\demo32.exe
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\EN
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\ES
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\FR
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\gdiplus.dll
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\ISSetupPrerequisites
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\IT
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\KR
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\SCH
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\Seagate_Manager.exe
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\start.exe
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI\TCH
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RT
HJRQ6\S-1-5-21-2009832974-670866683-1287559378-1005
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3471445141-596948144-816103079-1000\$RJ
Q1DPI
Access denied – G:\$RECYCLE.BIN\S-1-5-21-2177543669-2062368359-1506785694-1000
Access denied – G:\$RECYCLE.BIN\S-1-5-21-3348415276-3530887630-3728895030-1000
Access denied – G:\$RECYCLE.BIN\S-1-5-21-579135528-1097029123-891382625-1000
PLZ HELP ME !
Kaspar says
It worked for me. Thanks!
Jason says
how do you get rid of this virus on your pc. windows 7
iezza says
yeah….thx so much..very helpful!!
psyciq90 says
THANX BRO !! YOU SAVE MY LIFE !!!
charlie:D says
yessssssssssss!it really worked!huhu!you save my lifeeeeeeeeeeeeeeee!love you!thank you so muchhhhhhhhhhhhhhhh!
JAO says
Wow! Thanks very much! It worked for me! wow! Thanks for this post!
Fazreen says
It Works for me. It was my BB that got infected. Anyway, thanks a LOT!
ultimo says
I tried this, I infact created a batch file as I have various partitons
I get the error access denied in every partition & I am the admin, only profile on this pc.
running win xp sp2
martian says
it did work thanks for ur great job and help.
Bowi McCurdy says
Thank’s bro, it works for me…
PaSTeBaR PaRaK says
its work… thank’s bro
vikrant says
yaaa realy works
sally says
thanks a lot. It works!! L-)
mark says
access denied.. f: volume information??
rohit says
yaar but in cmd it is coming that parameter is incorrect
what to do? plz tell me
mark says
it works for me… tnx a lot ๐
firdaus says
there is another software developed by UiTM Virus Shortcut Remover..VERY Easy to use
Enggar says
thank you, it’s really help me ๐
lottie says
OMG I CANT SAY THANK-YOU ENOUGH TIMES !!! THANK U TIMES 3249999999999!!!!! THANK U THANK U !
Mj Ecuacion says
hi! everytime i type attrib -s -h /s /d *.*, it says that file not found
how could i fix this one? for your kind assistance pls. thanks
mikiaandy says
open usb in linux ….
sanjai says
command,It works,thnks. pls use space wherever reqd
Moose says
Tnx. easiest fix i have done. thanks a lot.
Tawanna says
Many thanks!! You saved my life!
Tanny says
Is not working on my!!
After I typed in this
attrib -h -r -s /s /d f:\*.*,
I have this back….
C:\Users\Tanny>attrib -h -r -s /s /d g:\*.*
C:\Users\Tanny>
and nothing charge in the shortcuts folders
please help……….
hart says
thanks,dude it’s working…but before this i’m doing double click -_-
CHEY says
YOU’RE A HERO MAN :**
darleane says
it’s working.. thanks
Aru says
Really good
sandeep says
Thanks a lot. It worked.
iKUSTAN18 says
my external was infected by a trojan. I created a shorcut but when i double click it my files/folders are still there. My problem is how to remove the shorcut of my external? ๐
iKUSTAN18 says
typo on my first comment … I mean it created a shorcut? What to do? I don’t know if I needed to use CMD even though the files are not hidden but I still used it and said access denied :((
iKUSTAN18 says
okay it’s me again. Hihi :} I would like to say “IT WORKS! FINALLY IT WORKS” THANK YOUUU!~~ All I have to do is to wait for minutes after the access denied and tadaa~ ๐ The shortcut and my files was seperated already. I just have another question … there are phototumbs, folder of recycle bin and other files occured after using cmd. Can I delete it? Nothing will happen on my external if I delete it?
sitharmaraju says
thanks sir very much…………………………………………………………………………………………………………………………………………………………………………………….loots of thanks…………….,.,.,..,.,.,.
sya says
Nice job! thanks!
Cass Williams says
Thank you so much. I have looked for a solution for a long time.. thank you
uvrocker says
Thanks bro. u resolve my problem, keep helpful God surly grace and bless you..!!
yoo
ais_mar says
thanks………its helping me….:))) God Bless you..
faiz says
my antivirus detected the virus first and move them to virus vault. my question, it’s the file still there or already been eliminated by the antivirus? can i used this method after my antivirus remove those viruses?
aneesha says
i typed attrib -h -r -s /s /d g:\*.* in cmd
but nothing is happening..
Gau Hashimu says
Aneesha make sure to type the command correctly it will help you. remember to put a space. it should appear as this attrib -h -r -s /s /d f:\*.*
. Also when typing, your memory stick with hidden folders should be attached to PC. Try now
Gau Hashimu says
Thanks, I got similar problem but executing the command with the procedures it worked. keep helping. Thanks once more
rsc says
Thanks a lotttssssssssssss…appreciate this. I can recover back my file that has been shorcut. thanks thanks…
Nanan says
tnx so much!!!!
faridah says
thanks for your help
EMA says
muchas gracias! ikut step ni bole bukak folder balik. simple. take time sikit klu folder size besar ๐
shaSha says
its working ! thnks!!
moretech enterprise says
TQ very much for the tip
Osla Chan says
Hi. I’ve had this problem. I actually reacted by deleting my shortcut. I only discovered all these after my panic attack. Can I still recover them? Is there a solution? Apparently all my files are still in tact, the size never budged. But I’ve removed all the shortcuts. And the virus already triggered multiple times because I double clicked it a lot of times. But my anti-virus managed to deal with them before they could get to my main com.
Is there anything I can do? It’s really urgent.
iska says
thank you so much!!!!