Well, it’s been a long time since we discussed about virus removal. I wasn’t able to be active on my site for a long time due to some other works, now I am happy to be live again! Today, we will discuss about the removal of the most popular and problematic virus, the Shortcut Virus!
In this article, I will be explaining two different kinds of Shortcut Viruses and the ways to deal with them. It’s not very easy to clean them permanently since most Anti-Virus applications fail to detect them. Mostly, these viruses are spread through Pendrives.
Above screenshot is of a kind of Shortcut Virus that is spread through Pendrives. Here the entire files in the Pendrive are moved into other folder that has no name (follow this tutorial to know how to create a folder without name) and kept super hidden in the Pendrive itself! When we open the shortcut, it will open that folder but, along with it a strange application will also execute and by that time, virus will be injected to your system!
Most users will just try to open this shortcut and that’s how the virus is spread to the system. All we have to do is the following steps:
- First of all, just delete that Shortcut! It’s the main link that helps to execute the virus (Don’t worry, your’s files won’t be lost. They are all safe)
- Now, if the Virus is already in your system, then the Shortcut will reappear! If it happens, then do the next step
- Open Task Manager by Right Clicking on the taskbar
- Now, in Details tab (Windows 7 & Older, Process tab), search for any of the following processes (in some cases, you may need to click Show process from all users)
msiexec.exe (it is not a virus, it is a system file, but helps spread virus sometimes)
process with meaningless names like: cbxghsrjgbdds.exe, odwcamszas.exe etc.
- End all such processes by selecting them and clicking End Process (or End Task) button
- Now, try again to delete that shortcut. It won’t reappear. Then we have to recover our files that the virus took!
- For that, open your pendrive and then open Folder Options
Windows 8/later: in the Ribbon, View tab -> Options.
Windows 7 users: Organize Folder -> Folder Options.
Windows XP: View -> Folder Options
- In Folder Options, go to View tab and uncheck “Show hidden files, folders and drives” and uncheck “Hide protected operating system files (Recommended)“
- There you can see a hidden folder with an icon of Pendrive, but it will not have any name. Open that folder, there you can find all your files
- Move all that files back into the root folder of pendrive except a file with a long name (it is a virus file, ignore it)
- Now delete that unnamed folder. That’s it! one more task remaining to completely remove the shortcut virus from your computer
Even though you performed all above steps, when you restart your system, the virus will again come back! Following steps should be done before you restart to completely remove the virus:
- Remove all the processes I mentioned above from the Startup lists:
in Task Manager in Startup tab for Windows 8/later users
press Win+R key then type msconfig and press Enter, then in Startup tab for Windows 7/older users
and also from the registry:
press Win+R key then type regedit and press Enter, in that the following locations:
That’s all! You have completed all steps to clean the system from Shortcut virus. If it comes again after few days, try these steps again and it will be alright :) As I said above, there is another kind of shortcut virus. It will make shortcut of all files and folders in the pendrive but not move into a folder. It will just make all them super hidden. Follow the same steps for them also :)