Today I'm going to give some tips about to remove shortcuts from your removal drive or pen-drives etc. Shortcut virus is a virus which Enters in to your Pen-drive, PC, Hard Disk, Memory cards or mobile phone and change your files into shortcuts with the original folder icons. The original files are there in the drive itself, but in such a position that you can’t recognize it nor take it out (in the advanced stage).Initially, it doesn’t harms your files but later on, it may make them corrupt or even delete all the files; depends on the type of shortcut virus.
How It Create ?
Here are the possible reasons because of which your Disk is suffering from shortcut virus:
§ You downloaded an executable (.exe) file from untrusted third-party software which had the virus.
§ You connected someone’s malicious USB Stick which spreaded the virus in your PC from where it entered your USB on connecting it.
§ You connected your Removable Drive into someone’s PC which contained the shortcut virus from which it spreaded over to your drive.
Lets have a look for different method to avoid shortcuts
Method-1
Steps To Remove Shortcut Virus Using WinRAR:
Open WinRAR application. (If you don’t have this software installed yet, download it fromhere.)
From inside WinRAR interface, move on to your infected drive. Inside it, you’ll find all your files safe and clearly visible.
Select them all, right click -> Add Files to Archive and choose a name like USB Drive Backup.rar (anything you like). With this, you’ve created an archive of all the files inside the infected drive.
Open My Computer -> and open your infected drive. You’ll find your created archive there. Right click on it -> Cut. Paste it somewhere safe in your hard disk drive.
Open My Computer, Right-click on your infected drive -> Format. Chose Quick Formatoption and Start.
After the format is over, just extract the backed up .rar file back into the removable drive.
Method -2
Steps To Remove Shortcut Virus Using CMD:
Plug your USB drive in PC.
Open Start Menu –> Run. (To open run dialog, you can alternatively type Win+R). In the Run dialog box, type cmd.
Copy the below code and paste it into CMD:
ATTRIB -H -R -S /S /D G:*.*
or
Open Start Menu –> Run. (To open run dialog, you can alternatively type Win+R). In the Run dialog box, type cmd.
c:\users\PC NAME>g: ( G is the removal drive which is infected by shortcut)
Enter….
G:\>attrib -s -h /s /d *.*
Enter
G:\>attrib -s -h /s /d *.*
Enter
The explanation of the above code:
Attrib specifies the attribute (as you might have guessed it)
-H is to unhide all the files on Flash Drive (which were hidden as shortcuts due to the virus)
-R is to create the files in your Pen Drive (recreate the shortcut files retrieving the original contents)
-S makes all the file on your USB drive not to be the part of system again (which makes it easy to do the process)
G is the Assumed USB Drive’s Letter (you’ll have to change it according to your Pen Drive / External HDD drive’s letter)
-H is to unhide all the files on Flash Drive (which were hidden as shortcuts due to the virus)
-R is to create the files in your Pen Drive (recreate the shortcut files retrieving the original contents)
-S makes all the file on your USB drive not to be the part of system again (which makes it easy to do the process)
G is the Assumed USB Drive’s Letter (you’ll have to change it according to your Pen Drive / External HDD drive’s letter)
Method-3
Steps To Remove Shortcut Virus From Registry:
Open Task Manager by pressing Ctrl + Shift + Esc.
Click on the Processes tab, and find Wscript.exe. If you find it, select it and then click End Processes.
Open Run dialog box (Win + R key), type in regedit. This will open the Registry Editor.
Navigate to HKEY_CURRENT_USER / Software / Microsoft / Windows / CurrentVersion / Run.
Here, look for a registry key named odwcamszas, right click on it and Delete it.
Method-4
Steps To Remove Shortcut Virus By Tweaking Config:
Open the Run box and type in %temp%. This will open the Temporary Files folder.
Search in that folder for nkvasyoxww.vbs. If found, delete it.
Again, open the Run box and type in msconfig.
Go to Startup Tab, disablenkvasyoxww.vbs from there. (In Windows 8, open Task Manager, go to Startup tab, and disable nkvasyoxww.vbs)
Done ..
Note: Please note that this tutorial is solely for educational purpose and I am not responsible for any kind of illegal usage of this tutorial
