69C, Jalan SS 22/23, Damansara Jaya, 47400 Petaling jaya, Selangor
+603-7732 8696 info@absolutions.net.my

USB Drive files turned to shortcut

Hello! and welcome back.

Today I would like to share with you a common problem thats is happening more rampantly!!

Symptoms:
You plug your pendrive, usb drive, thumbdrive etc etc into an infected PC and then suddenly all your files turn into shortcuts! example below
shortcutplague

Do not click on any of those links.. as those shortcuts are just mirroring your filename and icon but really are infact a weblink to download malicious viruses and trojans.. basically calling his buddies down to your computer!!!

What to do?
Dont panic. What i’m going to show you is not rocket science neither is it a foreign language. so take a deep breath, clear your mind and do it step by step slow and steady :)

Step 1: Stop the infection
most of the time these are cause by a VB script. You need to turn of the engine that runs the script else you will go into an endless loop of cleaning and recuring… to do this righclick on a blank preferably middle part of your taskbar (the taskbar is the long horizontal stripe where your clock and windows button are).
You will see a menu pop up. Proceed to click on ‘task manager’
taskbarrightclick

Taskmanager will appear.  on the top tab select  “processes” then sort by Image name. Now what you need to look out for is this application running called wscript.exe. Select it and click “end process”

Step 2: to get the files back from your thumbdrive do this.
Take note what is the drive letter of your thumbdrive. e.g. C: or D: or E: etc etc.

Click start – > in search box type “cmd” you will be able to see a black box with the word CMD or command prompt. Press  the “Enter” key.

You will then see a black box as below

cmd

ok remember i asked you to take note of the drive letter of your thumbdrive? so if your thumbdrive is “F” for example what i want you to do is to use command promp (the black box application) to get to your thumbdrive. so now type the following command and press enter

Change drive

f:

changedrive

Unhide all your files

attrib -s -h /s /d *.*

*note this command -h removes hidden setting on your file -s removes it as a system file /s /d allows it to work on your folders as well.

after this type ‘exit’ and press enter the Command prompt will then disappear.

Step 3 delete the links and remove the malicious script

now if you go to your thumbdrive now, you will find that all your files are now visible again Hooray! but hold up. make sure you follow thru and clean up the malicious files first. first step delete all the files that are shortcuts basically all files with a tiny arrow as per below.

example

Then lastly look for this file by the name of “updateUS.vbs” delete this file.

 

Step 4: clear your temporary folder.

Most of the time if you have this problem, the chances are you got it from somebody or you computer got infected and thus infected your drive. it’s a 50/50 thing so what i recommend is to be safe, clear your temporary folders.

temp folders are folders created by applications or installations to temporarily run something. it’s also where most malicious files tend to end up as well. so best to clear it. how to do this? click start -> at the search box type %temp% and press enter

it will bring you to a folder like this

mxJg8

select all the files inside this folder and delete them. they are basically files used during your games, browsing, installation time. Imagine it to be a huge dumping area. Not all files will be deleted you will get some error of which some files cant be deleted. click skip for these files.

alternatively you can try http://addpcs.com/software/tfc/#/about this is an application that helps you delete your temp folder :)

I hope this article help you or at least pointed you in the right direction.

Regards,
David Tan

Additional Notes:
Instead of commandline, you can also use this to unhide your files it’s called attribute changer http://www.petges.lu/home/

Disclaimer:
All data and information provided on this site is for informational purposes only. absolutions.net.my makes no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis.