Sign in to follow this  
Followers 0
mak123

remove shortcut virus from USB?

7 posts in this topic

hi;

while i insert one pen drive and i use to open through autoplay it show in shortcut files... :unsure:

how to remove virus? or otherwise i ready to format pen drive but unable to format.....

Share this post


Link to post
Share on other sites

Disable autoplay across the system, and then remove the infection.

Share this post


Link to post
Share on other sites

how to remove....????

Share this post


Link to post
Share on other sites

^ Use an anti-virus program, such as AVG.

Or if you can identify the file from the list, simply Delete it.

Share this post


Link to post
Share on other sites

Solution for anyone facing the Autorun.inf virus which changes the attributes of folders on your USB device creating shortcuts to all folders located on the USB device.

This virus (secure32.exe) is launched through the auturun.inf file when a USB device is connected to your computer. The virus adds a line to the autorun.inf file, creates shortcuts of folders, changes the attributes of folders to hidden and also creates a random numbered folder on the USB (9584549). Within this random numbered folder you will find .exe files which are linked to the shortcuts of your original folders.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

***************************

*ORIGINAL AUTORUN.INF FILE*

***************************

[autorun]

icon=%SystemRoot%\system32\SHELL32.dll,4

action=Open folder to view files

UseAutoPlay=1

***************************

*INFECTED AUTORUN.INF FILE*

***************************

[autorun]

icon=%SystemRoot%\system32\SHELL32.dll,4

action=Open folder to view files

UseAutoPlay=1

shellexecute=secure32.exe

/\/\/\/\/\/\

/\ INFO /\

/\/\/\/\/\/\

The line shellexecute=secure32.exe executes the virus when a USB Device is connected to the Computer. This line has been added to the Autorun.inf file by the virus by either editing the autorun.inf file or removing and creating a new version of the file.

****************************

*MY EDITED AUTORUN.INF FILE*

****************************

[autorun]

icon=%SystemRoot%\system32\SHELL32.dll,4

shellexecute=F:\USB_Shortcu-Temp_Viri_Fix\USB_Shortcut_Temp_Viri_Fix.bat

action=Open folder to view files

UseAutoPlay=1

/\/\/\/\/\/\

/\ INFO /\

/\/\/\/\/\/\

The Line (shellexecute=F:\USB_Shortcu-Temp_Viri_Fix\USB_Shortcut_Temp_Viri_Fix.bat) located in my edited autorun.inf file was used to initiate the batch file I created to run through the process of Altering File and Folder Attributes, Delete the Virus file, Delete the Random Numbered Folder and Files and Delete and Replace the Autorun.inf file.

*****************************************************************

*BATCH FILE USED TO AUTOMATE ATTRIBUTE AND VIRUS REMOVAL PROCESS*

*****************************************************************

@ECHO OFF

color 0C

prompt LS:

ECHO *****************************

ECHO *Altering Folder Permissions*

ECHO *~~~~~~~~~~~~~~~~~~~~~~~~~~~*

ECHO *This Make Take A While *

ECHO *Depending On The Amount Of *

ECHO *Hidden Folders On The USB *

ECHO *****************************

ECHO.

@ECHO OFF

attrib -h -r -s /s /d F:\*.*

ECHO.

ECHO **********************

ECHO *Deleting Autorun.inf*

ECHO **********************

@ECHO OFF

del F:\autorun.inf

del F:\secure32.exe

ECHO.

ECHO ****************************

ECHO *Copying Edited Autorun.inf*

ECHO *~~~~~~~~~~~~~~~~~~~~~~~~~~*

ECHO * And *

ECHO *~~~~~~~~~~~~~~~~~~~~~~~~~~*

ECHO *Altering File Attributes *

ECHO ****************************

@ECHO OFF

copy F:\USB_Shortcu-Temp_Viri_Fix\autorun.inf F:\

attrib +r F:\autorun.inf

@ECHO OFF

start F:\

ECHO.

ECHO **********************************************

ECHO * Process Completed *

ECHO *~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*

ECHO *Delete Unwanted Shortcut Files From Your USB*

ECHO *And Folder 9584549 *

ECHO *~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*

ECHO * Brought To You By Lupo Solitario *

ECHO *~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*

ECHO * Thank You Come Again!!! *

ECHO **********************************************

ECHO @@@@ @@@@

ECHO @ @ @ @

ECHO @@@@ @@@@

ECHO @

ECHO @

ECHO @@@@

ECHO.

ECHO @ @

ECHO @ @

ECHO @@@@@@@@

ECHO.

pause

/\/\/\/\/\/\

/\ NOTE /\

/\/\/\/\/\/\

The batch files and autorun.inf option was a temp fix until I got an antivirus software to completely remove the virus. When the batch file and option is used is removes the attributes (-r -h -s) added to the folder(s)by the virus and relates the virus and numbered folder but the virus is still hidden somewhere on the system. The batch file can be used after running Kaspersky Virus Removal Tool 2011 to change the file and folder permissions. The Shortcut folders will still need to be deleted manually and also maybe the Random Numbered folder created by the Virus.

If using the batch file or remember to change the drive letters to the letters corresponding to the USB Device letters. The lines that need to have changes to it:

attrib -h -r -s /s /d F:\*.*

del F:\autorun.inf

del F:\secure32.exe

copy F:\USB_Shortcu-Temp_Viri_Fix\autorun.inf F:\

attrib +r F:\autorun.inf

start F:\

The drive letter F:\ will need to be changed to the letter which corresponds to the USB device, if not the commands will not work. The batch file may take a while depending on the amount of File and Folders located on the USB Device.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SHELLEXECUTE =

The SHELLEXECUTE command opens a document or starts an application. Mostly used to open documents automatically. If this command is used with a document, an associated program that can open the document will be automatically run. This command requires Windows ME/2000 or newer.

This is the method the secure32.exe virus uses to run when a USB device is connected to the computer. Editing or Deleting the autorun.inf file from the use does not help as when the system is infected it will repeat the process when another USB device is connected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

****************************

* STEP 1 *

****************************

* GETTING RID OF THE VIRUS *

****************************

I have tried many different AntiMalware, Spyware and Antivirus Software to no avail, (This may also be due to the useless IT Technician at my company and the use of LAME USB Modems which meant all systems were not connected to the net to properly update antivirus and System Software). I finally tried Kaspersky Virus Removal Tool 2011 which detected the virus (secure32.exe) and also the .exe files created and stored in the Randomly Numbered folder.

(1) Download Kaspersky Virus Removal Tool 2011 (http://www.kaspersky.com/antivirus-removal-tool?form=1)

(2) Connect the infected USB device(s) to the system

(3) Run Kaspersky Virus Removal Tool 2011

(4) Go into the settings (Gear wheel to the right of the program and make sure the USB device(s) is/are selected from the list I would recommend selecting Local C, My Computer, My Documents and any other drive on your system to make sure the virus is not hidden anywhere else on the system)

(5) Go Back to Automatic Scan and perform a system scan (you will be prompted for an action on what to do when the virus is detected some option may require the system to be restarted)

(6) When the scan has completed go to Step 2

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

****************************

* STEP 2 *

****************************

*OPENING THE COMMAND PROMPT*

****************************

Opening the Command Prompt

OPTION 1

(1) Click on Start

(2) Run

(3) In the Run popup box type in cmd and press Enter

OR

OPTION 2

(1) Press the Windows Key + R

(2) In the Run popup box type in cmd and press Enter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

****************************

* STEP 3 *

****************************

*CHANGING FOLDER ATTRIBUTES*

****************************

When the Command Prompt has opened type in

attrib -r -s -h /s /d e:\*.*

That command will (attrib -r -s -d) remove the Hidden feature, Read only and System Attributes added to the file by the virus. The (/s) will process matching files in the current folder and subfolders and (/d) processes folders as well. The Letter e:\ refers to the USB device infected by the virus, change the letter e:\ to represent the drive letter of your infected USB device. The (*.*) option tells the system to apply the attribute to all files and folders located on the device.

/\/\/\/\/\/\

/\ INFO /\

/\/\/\/\/\/\

For help with Dos Commands type Help followed by the command name

E.G. help attrib

/\/\/\/\/\/\

/\ NOTE /\

/\/\/\/\/\/\

Once The Attributes have been change you will now be able to view and access your original folders which were hidden once everything was done correctly you should now be free of the aurotun.inf shortcut virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

***************************************************

*BATCH FILE USED TO AUTOMATE ATTRIBUTE CHANGE *

***************************************************

*BELOW THIS BATCH FILE ONLY CHANGES THE ATTRIBUTES*

***************************************************

@ECHO OFF

color 0C

prompt LS:

ECHO *****************************

ECHO *Altering Folder Permissions*

ECHO *~~~~~~~~~~~~~~~~~~~~~~~~~~~*

ECHO *This Make Take A While *

ECHO *Depending On The Amount Of *

ECHO *Hidden Folders On The USB *

ECHO *****************************

ECHO.

@ECHO OFF

attrib -h -r -s /s /d F:\*.*

@ECHO OFF

start F:\

ECHO.

ECHO **********************************************

ECHO * Process Completed *

ECHO *~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*

ECHO *Delete Unwanted Shortcut Files From Your USB*

ECHo *And Folder 9584549 *

ECHO *~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*

ECHO * Brought To You By Lupo Solitario *

ECHO *~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*

ECHO * Thank You Come Again!!! *

ECHO **********************************************

ECHO @@@@ @@@@

ECHO @ @ @ @

ECHO @@@@ @@@@

ECHO @

ECHO @

ECHO @@@@

ECHO.

ECHO @ @

ECHO @ @

ECHO @@@@@@@@

ECHO.

pause

DOWNLOAD LINKS

Batch File: http://www.filefactory.com/file/cd01640/n/USB_Shortcut-Temp_Viri_Fix.rar

Kaspersky Virus Removal Tool: http://www.kaspersky.com/antivirus-removal-tool?form=1

<><><><><><><><><><><><><>

<> <><><><><><><><><><><>

<> GOOD LUCK LUPO SOLITARIO <>

<> <><><><><><><><><><><>

<><><><><><><><><><><><><>

Share this post


Link to post
Share on other sites

Boot off a linux Live CD or bartpe cd and nuke it off the usb drive.

Share this post


Link to post
Share on other sites

Use an anti-virus program, such as AVG.

14.monster.gif

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.