Since many people carry their USB sticks to stores and friends’ places to transfer their data for various purposes, it’s just a matter of time before the virus writers attack these new systems as a delivery mechanism. It is done through an autorun.ini file. The file is just a text file that contains commands for executing other files. Other files are the real virus payload. These may have names such as New Folder.exe, Ravmon.exe, svchost.exe, and maybe other files with an extension of .dll.
Manual removal of USB virus may be very tricky and you are recommended to use a good spyware/antivirus program to automatically avert and remove risks. The first thing you need to do is ensure having a good backup of files and important data on the USB. Next, you’ll need to ensure that your computer system is not scheduled to run CDs and other removable devices automatically. Microsoft has a simple solution in their knowledge base to disable the autorun.
Removal of USB Virus Using Command Prompt:
It is best to try to remove the infected files using the command prompt in operating system by following the steps below:
- Click Start,
- Go to Run (or Search in programs and files)
- Type cmd and press Enter.
- Give the drive letter assigned to your USB stick. You can check this by going to My Computer. Type that letter of drive, e.g., if it is F, type “f:”.
- Make sure all the files, including system files and hidden, are showing. Type attrib -rsh. It will show if any files are read-only.
- Remove autorun.ini file and any other .exe and/or .dll files which don’t seem to belong in the drive.
Most important is to ensure the removal of autorun.ini file. This will keep the virus from replicating again.