Virus! My files turned into shortcuts (Solved)


Originally posted on October 11, 2010

Updated August 2014

Lots of people are having the same problem with a damn virus. It spreads via USB memory sticks or external hard drives, and “converts” all the files into shortcuts.  Fortunately the real files are still there, but you are unable to see them. We will fix the problem in four simple steps.

PS: Don’t worry if my pictures are in Spanish. I’m gonna explain all the steps in English

Step One

Windows has the bad habit of hiding certain files and their extensions. This may help novice users, but presents serious drawbacks: You may, for example, run a dangerous program called  “photo.jpg.exe” because you only saw the “photo.jpg” portion of the name.

For that reason, and also to help fighting this memory stick infection, you need to make all files visible. The following steps apply for Windows XP, Vista and 7.

  1. Click on Start
  2. Click on Control Panel
  3. Pick Folder Options
  4. >Click on “View” tab
  5. Clear the following check boxes:
  6. Clear the check box “Hide protected operating system files (Recommended)”
  7. Clear the check box “Hide extensions for known file types”

Click Accept to apply the changes

Step Two

We need to make sure that your computer is clean from the infection.

If a healthy USB memory remains good after plugging it in, this means your computer is clean and the blame was on another computer. In this case you can jump directly to step three.

If a healthy USB stick gets corrupted after being used on your computer, that a sign that the virus is running on your system and your antivirus is not doing it’s job. Use the update function  your Antivirus. If the antivirus still fails to catch the infection even after the update, you definitely need to use another product.

Some users are reporting that their current Antivirus brand was unable to detect and eliminate the infection. I like the products from Avira, Kaspersky and Dr.WEB. The first one offers a Free version, the others offer 30 day trials. But please STOP: Before start uninstalling and installing things, follow this whole guide in order to test if your current Antivirus get rid of the infection. Also to avoid incompatibilities and system problems Do NOT install more than one (1) antivirus program on a single computer.

—————————————————————–

August 2014 Update

Some users are reporting that no matter what antivirus they used, the virus kept running. For those still having issues:

  • Open Task Manager (Ctrl+Alt+Del)
  • Go to the Processes tab
  • Look for WSCRIPT.EXE that is currently running.

But wait! Before ending the process, right click on the virus name and pick “Open  File Location”. After the Windows Explorer tab pops up, you can end the process.

Step Zero

Let’s go to our new Explorer Window. When you try to delete the virus executable file, an error will occur.

Cannot_Delete

Don’t panic, this is normal. As strange as it sounds, we need to take ownership of the file. Right click on the file and select “Properties”

Step A

Now on the dialog box that appears:

  • Pick “Security” and then “Advanced”
  • On the new dialogue box, pick “Owner”
  • In the example screenshot you will see that the virus changed the Current Owner to “TrustedInstaller”. So, from the list called “Change Owner to:” pick your Administrator name and click OK.

Step B

Now  that you own the virus, let’s go back to the beginning

  • Again, Right click on the virus file
  • Pick “Properties”
  • and again “Security”.
  • But this time, on the dialog that pops-up click on “Edit”

STEP C

A new (almost identical) window will pop up.

  • Click on “SYSTEM” and deny “Read & Execute” and “Read”.
  • Repeat the same operation with all the elements of “Group and user Names”

Step E

You will not be able to delete the file, but don’t worry. The computer will not be able to run this virus executable file.

—————————————————————–

Step Three

If step one and two went great, you should be able to see your files again. Unfortunately they are still marked as “hidden” (hence the ghostly look of the icons).

Before fixing that, we will remove these crappy shortcuts. They where created by the virus and have nothing to do with your real files. Proceed to delete the shortcuts, the Autorun.inf, any .vbs or .exe file, in fact delete everything you don’t recognize as yours. Needless to say, be careful not to delete your legit files.

Step Four (Last one)

To permanently change the properties of your files and return their appareance back to normal we need to open the Command Prompt.On Windows Vista and 7:

  • Click on Start
  • Type cmd in the first box you see
  • right click on the file and pick “Run as Administrator”

On Windows XP:

    • Click on Start
    • Click on Run
    • Type cmd
    • Press ENTER

On the black Window that appears -technically called the Command prompt- write the commands shown on the picture. Replace the letter X with the letter of your infected drive.

For example, if your affected drive letter is F then the command should be attrib -h -r -s /s /d F:\*.*

.

After writing the command hit enter and wait a few seconds while the changes are made.

Done!

Go back to the file explorer and see how your files are back to normal.

415 thoughts on “Virus! My files turned into shortcuts (Solved)

      • hi.. i am having a little trouble in this… the steps u provided worked fine for a drive which nis a part of my har disk partition. but for a pen drive from it does not work. i followed the same procedure in both the cases but it didnt worked for the pen drive. pls tell me some way to remove this problem… whenever i add any files to the pen drive it is replaced by a shortcut.. although i can still access the contents with no damage done but it always takes time and the base address of the shortcut lies somewhere in the C drive(i.e. the drive where i have installed Windows 7)
        please help me in this! thanks !

      • This is great! I followed everything from Step 1 to 5 and they all worked. Here:

        1. Stop the script from running, via task manager
        2. Locate the VBS file in your local user via REGEDIT
        3. Delete the VBS file in your local user
        4. Delete the key reference (the one that you just saw in REGEDIT)
        5. Simply run Command prompt and enter the command “attrib…” (make sure you use the same Drive Letter)
        6. Go to your USB, then right-click > Prperties > Read-Only (here you will see that “Hidden” is clickable already which before was not clickable). Then Apply!
        7. Then you can smile now. Problem Solved! Very good reference! Compared with the others I checked, this one is really good. Great post!

      • I can’t do step 5 either. After i type the command and hit the enter button , all the files will be back to normal but after a while all the shortcuts will be visible though i have already deleted those files and the original file will be in hidden form, what should i do ?

      • Find a simple easy to use software program to ‘unhide’ all files. Then you will see everything on your usb drive, both that aggravating .vbs file + all files previously seemingly having disappeared. I used “hiddenfiles” from http://securityxploded.com/download.php#hiddenfilefinder and it worked perfect. Then I found all files previously hidden. Took a secure delete and smashed/ERASED the skype.vbs file now it’s gone and I can see all previously hidden files.

    • Hi guys. thanks a lot, just wanted to add to this post that also delete from registry folder named ulbloqmeed under hkey local machine ,please add it to the orginal post and thanks again

      Itai

      • Hi Itai, ulbloqmeed.vbs is just one of the names that this issue could be called, but this is still the .vbs file that would be deleted by following the instructions

      • hello Mr Felipe La Rotta it works perfectly i fallowed all your directions, so much thank you for this solve problem, but i have a question!? the day i got this fcking virus i am downloading some software’s in torrent, i downloaded 6 apps i think in TPB after that i run one of those just only one i did not open yet the other downloads, and suddenly when i inserted a clean flash drive the contains start to change in shortcuts that’s the time i look for answer on this problem and then i saw your site, thanks to you!! day after im so curious and still thinkin wer did i get that virus, then i try to run again that software in my other desk top which is in deep freeze state so that i cant infect the unit!!? i did the same installation same flash drives i inserted, my question is did i get that on the app i downloaded but when i run in my other desk top nothing is happen, or upon downloading of torrents from site to my PC!!? pls have a time to answer my questions!! thanks a lot!!! :)

    • Find a simple easy to use software program to ‘unhide’ all files. Then you will see everything on your usb drive, both that aggravating .vbs file + all files previously seemingly having disappeared. I used “hiddenfiles” from http://securityxploded.com/download.php#hiddenfilefinder and it worked perfect. Then I found all files previously hidden. Took a secure delete and smashed/ERASED the skype.vbs file now it’s gone and I can see all previously hidden files.

      • Hi I’ve downloaded this programme and ran it through the hidden files, how do I get the actual files to appear after its finishing scanning?

  1. Thank you!!! I wanted to print a file (using a pc in the university library) and my USB stick was infected. Thought I lost one semester’s work for my PhD and almost got crazy! Instructions were easy to follow and accurate enough. My files are “restored”. Thank you

  2. IT WORKED , SAVED MY 500 GB IMPORTANT DATA SAVED MY LIFE..THANKS AAAA LOT ,GOD BLESS U.
    ANY NEW IDEAS LIKE THIS……….IS WELCOME

  3. Hi there! I’m so happy I found this site :). Just one question: even after making visible all the files, the only files I see are shortcuts… do I delete them all? I can’t see any of my own file and I’m afraid of deleting all my data … So go for it or not? Thank you so much!

  4. Thank you so very much. This helped me save all of my work. I’m currently backing everything up! I can’t thanl you enough.

    • Oops, got passed $RECYCLE.BIN folder by run as administrator before start cmd.exe. But then, got stuck again with a file called gencomp.dll in another folder. Need help!!!

      • Ah, no worries! I didn’t wait enough. Seems only two of files (or folders) that have access denied; gencomp.dll and System Volume Information folder. The rest got unhidden. Well, better then switch all of them manually. Thanks, Felipe!!!

  5. it still doesnt work for me! i had it formated and it still does it! maybe the USB infected my pc could that be it?

    • Hey plug ur sd card and just go to task manager by ctrl+alt+del and there go to details and then delete wscript.exe…and jst make sure the file does’nt exist there

  6. now i wont have to copy the files to my pc then copy it back to my memory card .. thank you .. you saved my anime’s :)

  7. why it is not working? the command prompt, i followed properly.. it is said that attrib is not recognized as internal or external command, operable program or batch file

    • HEy typr cmd then type cd X: change the X of the drive letter of yours then type this after doing that attrib -h -r -s /s /d F:\*.* the wait but also replace the letter F with the letter of ur drive ( sd or flash drive )!! if you did not got it your idiot // !!!

  8. I have just one little problem, after doing everything the autorun.inf file keeps coming back and I’m using windows 7, trying to work on my blackberry memory card, so sad, I lost all my pictures, videos and songs too

  9. hey thanks i recovered my files
    but when i try to delete those shortcuts a dialogue box shows up “file in use” the action cant be completed because the file is open in Host process for Windows Services

    what to do

    and i think my pc is infected too
    everytime i connect any usb..same annoying shortcuts..i have avast internet security

    • Hello Veki
      It’s evident that Avast is not doing its Job. I don’t like to talk about specific antivirus to avoid endless discussions, but if you ask me I would recommend Kaspersky (there’s a free trial version on their site). Microsoft Security Essentials is a good permanent free alternative.

  10. Hi, I believe it works for others but I’m getting “Access Denied” return on each folder…how do I adress that?

  11. thank you, it seems the problems are gone…used Malwarebytes (maybe there are better products out there) free trial, and did the job for me after disabling autorun

  12. One question, under step 4: Step Four – Now that your vision is restored, delete Autorun.inf, and everything you don’t recognize as yours. Delete the shortcuts too, because they are part of the infection and not related with your files, even if they have the same name.

    Where are you referring to when you recommend file deletions? The infected USB or the harddisk with Windows OS or any other hard disks (external or internal) attached to the computer? Please specify as all I can see from my infected USB drives are (1) files that ended with ..vbs, exe, and (2) movie files that I copied previously into the drive which became un-recognizable now. Thanks.

  13. ah sir mine is different there is no autorun but it has .vbs something when i search it in google i cant find it and when i delete it, it will pop up again in mattter of seconds

  14. For the last step, there doesn’t seem to be any ‘X’ that appears on the black screen that comes out. All it says is C:\Users\Z226>_
    That’s it. How do i finish the last steps please? Because i just deleted ALL my files and i need them for real.

  15. Sir, I did recover file but i still can’t delete shortcut. It says open in Host process for Windows Services… please reply me. how to delete that shortcut

  16. i tried what u said, but the HAMZA.vbs file keeps reappearing even after i do delete it. when i try plugging any of my pendrives it affects them, due to which i believe the problem lies in the system. please help me :( MalwareBytes did not detect it ._.

    • I’m sorry to hear that Britney. I don’t like to recommend a specific antivirus, but there are lots of free trial options like Kaspersky or Dr. Webb. They will be sufficient to get rid of the problem

  17. okay, guys please help me :)
    i am using windows 7, Microsoft security essentials (just updated).
    there is an autorun.inf in my usb flash drive.
    I tried to delete it and it says access denied. administrator permission required (I am the administrator but it didn’t ask for my password). when I tried the cmd thing you suggested I got this:

    access denied – G:\AUTORUN.INF

  18. i tried doing this, it turned my files back to normal but when i reinsert it it turns back from being a shortcut, please help me.. what can i do?

    • 1. Disabled “Microsoft Windows Based Script Host” on Star Up
      2.Open Task Manager Find “wscript.exe” And End Task That File
      3. Follow Step Three to Step Five Done.. !

  19. i tried doing this, it turned my files back to normal but when i reinsert it it turns back from being a shortcut, please help me.. what can i do? What can i do?

  20. Kaspersky works. I installed the trial version and instantly removed the virus. My PC is now completely cured. Instructions were a great help. Thanx

      • the same porblem i have here man..the vbs and shortcuts reappear again despite i did everystep u wrote down so carefully…and my blackberry memory card still doesnt want to show any pictures or songs..any help!?

  21. I done all the step and I found out that there were some Infected objects in my comp then deletes it etc.. but the problems is whenever I reinserted my flash drive again my files just came back being a shortcut icon. should I reformat my comp now?

  22. when i was searching for answers for the virus,first i looked in youtube the found a solution just like this,but the video i found DOESN’T HAVE STEP2 written in this page,when i did the FF steps in the video,the shortcuts dissapeard but sadly the effect does only 4,5,7,9 seconds maby , is that what you get when you don’t do STEP2???

  23. thanks fo helping. well, I did all the steps correctly but im having a problem it shows my files just for temporary then goes back to the shortcut virus again….i want it gone permanently. HLP ME PLEASE!

  24. I’m using AVIRA antivirus , deleted the vb scripit file but after a few seconds it comes back. and again and again. help me pls.

  25. Hello :) I just wanna share, I clear the virs via USB Disk Security. At first I have done it but the Virus always come back, but after I have done the Step Two and end process the wscript.exe in the Task Manager, I Delete again the Malware via USB Disk Security then it didn’t come back. I don’t know how to explain it how does it happen but it really works :))

      • Hey , Just show the hidden files and type the cool.vbs in Search programs and files or Run. when there is cool.vbs appeared just delete it and empty your recycle bin. Try to connect your drives. If the virus is gone ! Then Reply Tnx :D And if not Find another solution.

  26. For those still having issues and it and cannot stop it, then

    open Task Manager and End Process for any WSCRIPT.EXE that is currently running. (This will stop it running, now you need to stop it running again next time you start your computer)

    You then need to open REGEDIT and check for any reference to starting a .VBS file at startup from HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. If you find a key that runs a .VBS file at startup then navigate to the folder it is running from and delete that .VBS file, then go back to REGEDIT and delete the registry key referencing the .VBS file. (This will stop the Virus from running and again at startup, now you need to fix your Flash Drive\USB Device)

    Follow the instructions above.

  27. Oops it doesn’t work for me… maybe my computer is infected (but I update my anti virus and did a full computer scan and it says zero files infected). The moment i delete all the shortcuts they reappear..
    Any other idea will be appreciated….
    Thanks

    • OCTOBER 10, 2013 – 1:27 AM
      Grafik Krime
      0 0 Rate This
      For those still having issues and it and cannot stop it, then

      open Task Manager and End Process for any WSCRIPT.EXE that is currently running. (This will stop it running, now you need to stop it running again next time you start your computer)

      You then need to open REGEDIT and check for any reference to starting a .VBS file at startup from HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. If you find a key that runs a .VBS file at startup then navigate to the folder it is running from and delete that .VBS file, then go back to REGEDIT and delete the registry key referencing the .VBS file. (This will stop the Virus from running and again at startup, now you need to fix your Flash Drive\USB Device)

      Follow the instructions above.

  28. Hmm thnx dude, it really work
    but there is still one problem , my original files displayed but there is also again and again link files displayed even i dell it then again display link too, with original file..

      • For those still having issues and it and cannot stop it, then

        open Task Manager and End Process for any WSCRIPT.EXE that is currently running. (This will stop it running, now you need to stop it running again next time you start your computer)

        You then need to open REGEDIT and check for any reference to starting a .VBS file at startup from HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. If you find a key that runs a .VBS file at startup then navigate to the folder it is running from and delete that .VBS file, then go back to REGEDIT and delete the registry key referencing the .VBS file. (This will stop the Virus from running and again at startup, now you need to fix your Flash Drive\USB Device)

        Follow the instructions above rom Felipe to recover your USB.

    • Read and follow the instructions correctly, if you do so the items will not be there and you will then see your hidden folders and it will be resolved. the only reason this will not work is if you have missed a step, like stopping the .VBS file from running and making sure its gone after a restart of the PC

  29. im on windows 8 and i found the .vbs file in the registry but could not find it in its location for me to delete it. Also , i could not find WSCRIPT.exe in task manager

  30. thank you very much indeed,was trying to fight this off for a long time,however would also be obliged if you guys could mention a tweak for the same in win 8.

    • Sorry I don’t use or ever intend on using Win 8 but the same principles should apply though, so hopefully someone that uses win 8 can add to this if they organise a fix.

      1: Stop Process and delete the .vbs file
      2: Stop it restarting again (Modify Registry)
      3: Change attributes
      4: Delete fake Shortcuts

  31. i cant understand this part “then go back to REGEDIT and delete the registry key referencing the .VBS file.”
    i dont know which exact registry key to delete

    • It’s very simple John,

      Open regedit

      click on HKEY_CURRENT_USER\

      click on Software\

      click on Microsoft\

      click on Windows\

      click on CurrentVersion\

      click on Run

      And delete any entry that makes reference to a VBS file

  32. It works. I tried following the removal suggestions at the avast! forums but I just could not keep up with some of the more technical steps. It also required a lot of suggested cleaners from the users. This is a simple process that gets the job done.

    Now, I have some folders on my laptop that I cannot access. Some of them have padlock icons on the lower left (or was it right?) and some are slightly transparent. Should I delete these?

    Thank you very much!

    • HI Savan, they appear to be system files, if you go back to File and Folder options and turn off show hidden and show system files you will no longer see these.. as far as I know you should not delete any files for this infection apart from those on the infected USB only, well not unless you copied them to your desktop from your USB for some reason.

      Hope that helps

  33. Can you make a tutorial on how to remove the Recycle.bin Type virus i have a problem of it popping up again and again. i had malware installed and it cleaned a whole lot but it still keeps coming back! i need help on how to remove this!! i checked the other ways of removing it (REGEDIT ON SAFEMODE) and it still there!! aaaaaahhhhhh!!

    • Hi Eymuresu, when you mention the “Recycle Bin Virus” are you referring to the same virus mentioned here, ie it hides all of your folders and creates shortcuts for them, making you think your USB is empty or is your computer freezing with pop up windows, anti virus not working, being re-directed while browsing the internet etc, there are 2 possibly 3 separate viruses that you could be talking about here? Hopefully you don’t have more than 1 of them.

      Now the recycle bin virus is a bad one as it will kill the Antivirus program your running. Again this will depend on which version of windows your running but possible fixes are available below.

      Windows 8: http://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_scanning/how-to-remove-recyclebin-system-volume-information/473cde05-a750-43a4-aa11-f52b0977b6b7

      Windows 7: http://answers.microsoft.com/en-us/windows/forum/windows_7-files/all-hard-drives-show-recyclebin-system-volume/1e457dd0-a34f-479d-9b77-c07071194ae3

      Other versions: your on your own.

      I believe that “ComboFix” malware protection might also be your answer once you stop the virus running on your pc you will need to then run this on your EXT hard drive to clean that up as well: http://www.combofix.org/

      • HI Felipe, there are a couple of different variations on this type of virus, the one you and I have covered the fix to here is the lesser of 2 evils,

        The recycler\recycle bin virus can cause major issues, complete loss of data, computer freezing, web browsing redirection, gathering personal data, etc again it activates by an autorun.inf file from a USB device, which places a “recycler bin, “resycled bin” icon on your desktop acting like your “recycle bin”, it also modifies the desktop.ini file and generally starts other programs on mouse right click. There are multiple varieties out there, its quite an old virus\malware but modified every now and again by some idiot. Most decent Virus/Malware programs will catch these if its up to date, well that is unless you are infected with the SHH/UPDATER virus, that will kill\stop all automatic updates to your pc especially your antivirus, also it cause issues with manual updates and then run rampant on your system

        Me personally I dont allow any drive to run any autoruns at all, and delete them when I see them, especially from a USB device that is used on multiple pc’s unless I know what it does, I just like being safe an know what’s running and when.

  34. I donwloaded the “malwarebytes” I runned it and… Nothing. I unhided everything and deleted the shortcuts but they kept coming back right after it was deleted! I followed the “command” process in which I was succesful! But the shortcuts would’t go away even when I tried to delete it again and all my media stil hasn’t appeard on my blackberry! Please – I need this issue to be resolved.

    • Hi Jurie\Felipe

      If you are infected with the issue that Felipe has covered here then the solution posted here will fix this issues for you, if it keeps reappearing then you will have missed one step in the process, ie stopping it running or stopping it from running again on restart, or you have not deleted one of the infected files and keep accessing it which will start the process again. Yes, Felipe is right that it appears this virus is being adapted and changed, so it is likely at some point the above fix will stop working altogether but I don’t think its there yet

      Does you Blackberry storage have a file called autorun.inf on it? if so then follow the above steps and then make sure that file is deleted. the Autorun.inf file could be infected and will start every time you plug the storage in, if allowed to by the computer that is.

      Also just so you’re aware, I have an infected USB file here that I have tested with Malware bytes\Avast\WSE\Norton and a pile of other Antivirus\malware utilities and as yet not one of them has fixed the issues, so for now its a manual process

  35. I wanna ask, after following all the steps,can i just delete the existing shortcut folder?will it affect my files?? btw thank you for solving my problem :)

  36. You saved my life… not actually.. but i was about to format my whole system and reinstall windows and everything until i came upon this page..
    That would have been painstakingly annoying.
    Thank You Grafik Kaime.. the Registry edit thing worked. :)

  37. thank you so much ,, from my heart it works ,,,, u are much blessed my fren,,, really thank you from my two hands ,, i dont have much to give you , but this is what makes you an angel , u did save me ,, <3 <3

  38. Thank you very much this article SAVED me from reformatting my laptop (:

    also, just a tip… if you guys can’t find the .vbs file… go to folder options and unhide the protected operating systems file, that should make you and your antivirus find it :D

  39. Thank you so much! It finally worked after pressing CTRL+ALT+DEL and removing all .exe files that were running.

    The only problem I faced is that it didnt work at first, I had an error : “Attribute Utility stopped working” everytime I initiated the command via CMD.

    Here is a little tutorial for the ones who have this issue, I had a process running that had as description:
    “Flash game you run forward as an alien in outer space. You can run and jump on the floor, walls, and even the ceiling.”

    This was corrupting all my files, even my explorer.exe, very nasty. What I did was first, replace my explorer.exe with a clean one (search on google for this).

    Than, I installed Malwarebytes anti malware, however the virus was so nasty it didnt let the program run. The reason for this was because its initial name was mba.exe or something like that. So what I did was go into C:/Program Files/Malwarebytes anti malware/ and rename the .exe to Explorer.exe (then the virus allows it to run).

    So then you let it scan your hard drives, and delete all trojans and restart.

    After that, the virus is still active on your C so what you need to do is press CTRL+ALT+DEL and search for the virus in your processes. Usually it has different names, in my case it was 8T34D.exe. ( look at description at the right hand corner to see “Flash game you run forward as an alien in outer space. You can run and jump on the floor, walls, and even the ceiling.”)

    You can right click on the running process and press “Open location” and usually its in your program data folder or somewhere very deep.

    You can also Search for this file simply by using the search of windows itself. Once you find the file, stop all processes in the task manager and delete the virus. Than, you run the CMD and do the attrib thingy that is explained above at this page.

    Your files should appear, however, be aware that you are not done yet. You need to scan your ENTIRE C for any leftovers that might fuck up your system again. So use malwarebytes anti malware do a full scan on your C and delete all trojans, viruses, malwares etc.

    I cant promise that you’re safe, keep alert, check your processes from time to time and backup your files. You never know when a virus hits you.

  40. Dear Sir,
    I’m using windows xp.I try the way you tell but there is problem The shortcut file are converted into their real one but after ejecting when again i connect my pen drive it shows the same problem & please tell me how can i format my pen drive and how can i delete this shortcuts.

  41. KUCH NHI HOTA H SAB FAKE H AUR I HOPE U HAVE COPIED ABOVE GIVEN STEPS FROM ANOTHER SITE….DEFINITELY WOULD LIKE TO SAY THAT “””” NOTHING HAPPENS “””””””……….

    • There are two possibilities: One, the virus was already neutralized. two, the virus has another name.

      Check if the files stay normal after finishing the steps. If the files keep being altered then the virus is still running under another name.

  42. my problem is that a day ago,i found that all my files in flash drive have changed to shortcuts….and when i do the task manager step,i find a file “winlogon.exe” appearing 2 times…n no wscript.exe file running…so is it the alternate name for wscript.exe or is it something else…??

  43. my problem is that a day ago,i found that all my files in flash drive have changed to shortcuts….and when i do the task manager step,i find a file “winlogon.exe” appearing 2 times…n no wscript.exe file running…so is it the alternate name for wscript.exe or is it something else…??

    and when i do the –This will stop the running virus, the next steps are for preventing it from running again next time you start your computer) step,i dont find any file that ends with .vbp but the same “winlogon.exe” file running….

    • Hello Patient

      Looks like your virus version changed name. Winlogon is a genuine windows process, if you see the name two times probably the virus is imitating it.

      Click on Start, on the box that appears (were you previously typed Regedit) type msconfig and tap enter

      On the dialog box that appears go to Startup tab and look for suspectful names. If the virus hiding capabilities aren’t good enough you wil probably find it on the list. Disable it and check if it appears next time as the repeated item.

      Remember, Winlogon is also a genuine process.

      Also try removing your current antivirus and installing Avira as the instructions say.

      About the Ajaz’s comment, naturally the virus developer will keep it evolving because it’s his/her business. Thinking that my steps will work every single time is absurd because viruses are not my business, I’m not an Antivirus company I don’t have the time or funds to keep chasing them. A bit of creativity from the user is also needed!

  44. @Felipe La Rotta,this time i did what u siad n i found that the name “winligon” was coming twice again but i found something else called “winlog”
    n pleez dont get irritated with my questions because i’m a student of class 8 only…
    i cant even suspect because i know almost nothing about viruses etc….
    …so pleeeeezzz help….
    if its appering twice then is “winlogon” the virus??

    • Don’t worry man, perhaps excuse me too, I was irritated by the other comment.

      Is hard to tell from here without knowing each file route. Did you tried installing Avira? Maybe it will detect the malicious element for us

  45. thanks thanks thanks
    my pendrive is showing shortcuts to every file and having a hidden .vbs file and my problem was solved after a long battle of 5hrs and i succeded to remove shortcut icons showing even after formatting.
    thank u sooooooooooooooooooooo much

  46. Hi Bro.
    I noticed that lots of people thanked you so I wish to have hope that I will join the list.

    In the main time, my memory card was invaded by this virus 2 months ago and there is nothing I haven’t done:
    * Updated my Antivirus
    * Made all files and extensions visible
    * Checked but found no “wscript” in the Task Manager
    * Checked but found no “vbs” file in Regedit
    * Even did some Command stuff “attrib -r -s -h /s f\*.*” that was supposed to make the files visible but instead got a “Not Resetting System File” response.

    I am messed up now. Can’t format cause I have files I need there.

    Note: This is only restricted to my memory card, I have inserted it in my pc even when there was no Antivirus and when there was, more than 40 times in the last 2 months but my pc remains okay, all my files still there – no shortcuts. Its only my memory card that’s badly infected.

    Observation: All the files in folders inside the memory card all can be retrieved cause the shortcuts open in a separate window when clicked. But the files on the root of the memory card are permanently on shortcuts.

    Awaiting your advice. Thanks in advance.

    • Hello Franklin!

      Looks like the damn virus is improving. I made a quick Google search about the “Not Reseting System File” and they suggest to use each command by separate. Let’s say that F is your damaged drive letter:

      attrib -h -r -s /s /d F:\*.doc (and tap enter)

      attrib -h -r -s /s /d F:\*.avi (and tap enter)

      attrib -h -r -s /s /d F:\*.png (and tap enter)

      attrib -h -r -s /s /d F:\*.jpg (and tap enter)

      and so on with every file type

      If that doesn’t work try with each attribute by separate

      attrib -h /s /d F:\*.* (and tap enter)
      attrib -r /s /d F:\*.* (and tap enter)
      attrib -s /s /d F:\*.* (and tap enter)

      Please let me know if it worked for you, I’ll wait for your answer

  47. Hi, I just did that thing to get rid of vbs file but when i go to where its supposed to be it isnt there. It seems it doesnt exist. Should i do the next step which was to delete the thing from the registry editor? Thanks

      • i just deleted the regedit vbs thing but my usb is still doing the same thing. should i carry on with the next 2 or 3 steps?

      • I tried to do the command promp thing but it doesnt work. Also, on your picture of the command prompt it says on the black box documents and settings
        mine says document and settings-user
        maybe thats why it doesnt work cos it has the additional word ‘user’.
        please can u help me, 3 of my usbs are messed up as well as my mobile phone. Thanks

  48. Your post resolved an issue that’s been lingering for 2 weeks! Very well articulated and 100% success rate for me.Thank you!

  49. hai guys pls can u help me with the removing of virus it is irritating me my memory card inserted in usb and then i deleted those shortcus and within a seconds it wil re placing in there place how should i remove this now

  50. I was almost about to re install window when i stumbled upon your article, and needless to say everything is perfect now thanks to you. You saved me man! Take care and thanks. God bless you

  51. Thank you very much. I earned the virus by bringing my USB flash drive to a printing shop. You are a lifesaver mate! Thank you!

  52. WOW THANK YOU!I spent about an hour trying to fix this and the freaking thing would keep coming back. That is until i followed these instructions!!!! THANK YOU! I LOVE U!!!

    • its an encoded script file rather than a standard Visual Basic Script file, so yes this infection from the posts above is evolving a little from when I first posted so I havent seen the new .vbe or vbs files as yet, Pretty sure I dont want to either

  53. hey in my usb there is MS Dos drdflk.vbe which never gets deleted , even after format it always reappears and makes shortcut of original file if it runs in windows 7 but in xp it turns original file into shortcut . i tried everything mention above but still not working. what should i do?

  54. ended process WSCRIPT.EXE, went to REGEDIT: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, but didn’t find any .vbs file. BUT, I find a file which I think is suspicious = • Name: xuhjvihhox • Type: REG_SZ • DATA: wscript.exe//B “C:\Users\edward\AppData\Local\Temp\xuhjvhhox.vbs”

    WHAT SHOULD I DO? (I KNOW I SHOULD GO THERE AND DELETE IT, BUT I NEED YOUR DETAILED INSTRUCTION ON WHAT TO DO) THANKSSSSSS

    • Hi Arvin

      Right click on the registry key you found and delete it, then navigate to the folder C:\Users\edward\AppData\Local\Temp and delete that file, you may need to set the folder to being viewable though as it should be a hidden\system folder. Open Window Explorer, slelect organise (Top Left) Select Folder and search options (opens new window) select VIEW TAB then select SHOW HIDDEN FILES AND FOLDERS, uncheck Hide Protected Operating System files,

      You should now be able to delete the file, unless it is a running process, if it is then open task manager and stop any WSCRIPT.EXE processes, then delete the file.

      once Done go back and set you files to Hidden and hide operating system files again, to easy to make mistakes and stuff something up if your a novices

      • Everything worked like a charm! Thanks a bunch (seriously)! Cuz this virus is such a pain in the ass -.-
        Restarted my PC, checked taskmanager + regedit, and the file is completely gone.

        One more thing, tho. Here’s my situation:
        Yesterday, I wanted to some things in my phone (normal files: .docx, .mp3). When I inserted the USB cable(phone-PC), that’s the time that I found out this .vbs virus. Next day (today), I found your blog, followed your steps, restarted, cleaned the PC.

        Now, I’d like to insert my phone once again to continue transferring some files (I panicked & remove the USB after seeing the virus). WOULD IT BE SAFE NOW TO INSERT MY PHONE AGAIN?

        (btw, i still need to type attrib -h -r -s /s /d x:\*.* in the cmd if I have your confirmation/permission)

  55. hey guys i need help pls. I encounter a Trojan virus name “provide.vbs” this virus infect the usb by creating shortcuts for all the files in usb and hidden the original files. and also i found out this virus stay in PC on “C:\ Documents and Settings\ All Users\ Start Menu\ Programs\ Startup” and “C:\Documents and Settings\User_Name\Local Settings\Temp ” what is the best antivirus that when you insert your usb it can automatically delete that virus.???

  56. Thank you so very much this information. 3 different antivirus software couldn’t get rid of this bugger. I also surfed all over the net for solutions. They were all duds. You saved me from a sleepless night. :)

  57. This worked for my laptop. But on my other computer, i can’t seem to delete the .vbs from its location because it is open in “Microsoft Windowd Based Script Host” … what should i do? thank you!

    • Hi Celine, It looks like the process is still running, if this is the case then you cannot delete the active file until the process is stopped try all of the Steps at the top of the page, you should follow the instructions in regards to stopping the process from running and then delete the link in regedit, after this if you cannot delete the actual file there are a couple of things you could try.

      1: Instead of just hitting the delete key, try right click on the file, then cut and paste it to the recycle bin, then empty the recycle bin, and complete the rest of the steps as per top of page.

      2: if 1: didnt work, then after completing the stop\regedit steps, try restarting your PC in Safe Mode by pressing the F* key during start up, at the black screen and select Safe Mode, this will only start necessary programs from running, once restarted then try to delete the file and complete the rest of the steps as per top of page one again to make sure its all gone. then restart the computer and check everything is good once more

      Hope it Helps let us know how you went
      Regards Grafik

      • I’m sorry for bothering you. As it turns out i had accidently skipped the “ending process wscrispt.exe”. Sorry for having to bother you… Thank you so much you and this post have been of great help! :D

  58. Thanks to admin and Grafik Krime, finally I solved the problem started about a couple of weeks ago.
    Here is the update. In my case, I followed the steps that pretty similar to Grafik Krime :

    Open Task Manager (Ctrl+Alt+Del) and End Process for any wdr201b.exe that is currently running. (This will stop the running virus, the next steps are for preventing it from running again next time you start your computer)
    Click on Start
    Type REGEDIT and Tap Enter
    Click on HKEY_CURRENT_USER
    Click on Software\
    Click on Microsoft\
    Click on Windows\
    Click on CurrentVersion\
    Click on Run.
    On the list on the right find any reference (in my case : ‘W201b Driver’) to a file that ends with wdr201b.exe and take note of were that wdr201b.exe file is located (in my case : C:\Users\YourName\AppData\Local\Temp\wdr201b.exe
    Go to the said location and delete the .exe file
    Go back to Regedit and delete the registry key ‘W201b Driver’

    and then follow the step three, four and the rest.

  59. I accidentally deleted the registry key before deleting the file. Help!..

    I have a “load.exe” file on my memory card and my folders turned to shortcuts.. All of it… Can you please help me

    • Hello Diego

      If the virus is still running in your computer it will restore its registry entry again. If the virus was already terminated by your antivirus then deleting the suspicious .exe file will work (don’t forget to follow the other steps mentioned on the guide)

  60. Hi .the infected drive is my system drive C ….when i do step 5 ….and type attrib -h -r…etc. it says ” invalid switch /c”…any help on this?

  61. Hi..i followed all the steps…i have not found any .vbs files though…..i ran the attrib change…but while running….almost all files had ” access denied” written before it…thus when finished…nothing changed !!……any help please…..and unfortunately i have no restoration points to go to :(

    • Hi..i followed all the steps…i have not found any .vbs files though…..i ran the attrib change…but while running….almost all files had ” access denied” written before it…thus when finished…nothing changed !!……any help please…..and unfortunately i have no restoration points to go to :(

      Reply ↓

      I have the same problem as Kareem

  62. Thank you so much! this helped a lot! taken me almost an hour to configure (not really techie, got lost in translation haha), thankfully, with some luck, i managed to retrieve my files! THANK YOU!

  63. My laptop doesn’t have internet connections at the moment..and the laptop stated I don’t have antivirus that’s y the virus wasn’t detected..now I ddnt know it was a virus and last nyt I connected my blackberry to my laptop to take in some files..I copyd some songs from my laptop to my phone..bt then all of my folders in my memory card turned shortcuts..including the blackberry folder..now my phone isn’t showing any media files even though my memory card is in there..my memory card is still running as I played the downloaded songs and they played..without some songs saying they can’t find it and stuff..bt when I tried to go to the main blackberry folder ,where all media files should be as it was in the memory card,I found that I couldn’t open any file der cz they all were turned shortcuts..including my blackberry folder..and when I tried to open it..it didn’t open cz it didn’t recognise the file/it needs its main folder.. :'( …I need help!! and I can only see my files if I connect my bb to the laptop via an usb cable…bt bt I want my media in my phone.. :( :( :(

  64. i followed the steps but my antivirus program cannot detect any infection i can copy files but shortcuts are being created and cannot be deleted

  65. Dear Grafik Krime, You have helped and given support the entire world free of charge with this post, you are better than people who waste their money donating to NGOs whose directors become filthy rich instead of giving to those poor individuals who want to become self reliant! Give a man fish he eats for a day, show him how to catch fish he eats for a lifetime. Thanks for being an honest human! may God bless you.

    • Thanks Andrew, but the many thanks should go to Felipe La Rotta as he was the one that got it sorted first, I just added a couple of steps after it appears it had morphed a bit. Plus if it wasn’t for Felipe’s webpage here my steps wouldn’t count for anything.

      Good on ya Felipe, glad to see this is still helping others

  66. Thank you very much! At first i skipped through a couple lines thinking i’m too smart to read the entire thing… That was the only mistake. :)
    Thanks again!

  67. Hi. you are doing a great job. thanks alot for your able guidance. i need your guidance on another issue. in my devices there is a device with name I and actually there is not attached device. i tried all the possible ways to del it but its does’t work, plz help me in del this. regards

  68. One of the USB devices attached to this computer has malfunctioned, and window does not recognize it. what does it means and solution? plz

  69. it worked thanxx… now shall we revert the changes made to organise folder section under hidden files and all ?

  70. There is visibly a bundle to realize about this. I assume you made certain nice points in features also. eefeeaagedde

  71. This was definetly helpful.Though my files are still shortcuts i am happy that they open atleast.I appreciate your help and i will surely recommend this site.

  72. I just read your solutions to fixing shortcuts and it really works so im asking for your help in another matter. I have a PC that tells me my software is not genuine and it now has a black screen

  73. หมอตำแย ! ฉัน ต้องการ ให้ มาก นิ้วหัวแม่มือ ขึ้น สำหรับ ดี ข้อมูล คุณได้ ที่นี่ ที่นี่
    โพสต์ นี้ ฉันจะ กลับไป มา เว็บไซต์ของคุณ
    เพิ่มเติม ในเร็ว ๆ นี้ .

  74. Well i works at first but after a while he files turned to shorcuts again unless I used the command for the cmd but after sometime everything’s repeating again and shorcuts keep coming back.. I really hope there’s a permanent solution to this problem.

    • You aren’t following all the steps Elaine, or maybe your particular virus is an improved version. Executing the commands without killing the infection first is useless because the virus will revert the repair over and over again

  75. Ok, i have some problems : i am using windows xp and in my task manager, there are two processes of wscript.exe and when i right clicked on them, it didn’t appear to open the containing folder. Anyway, i searched and i found 2 x wscript.exe in my computer, one in the system32 folder and other at the path WINDOWS\ServicePackFiles\i386. And when i tried to delete them, i had no problem, it didn’t appear any error message or something. I entered in the usb flash drive and i deleted all the files. But the problem is when i restart my computer, the virus is back… what should i do ?

      • Ok after ending the wscript.exe process and taking ownership of the file. I find the file in local disk/windows/system32. I click on properties and then on security but when i click on Edit the boxes where i’m supposed to click on deny are kind of ghostly and when i click on read, read and execute nothing happens. The check in the box stays in allow. I dont know if i missed something but i’m sure i followed the steps accurately. I really need help. I’m considering formatting the entire pc but i dont want to lose my stuff.

      • No, don’t even think about that, formatting is not necessary. Maybe you aren’t an administrator on your computer, hence the steps don’t apply. Try using a software called combofix, another reader had sucess with it. I’ll try it myself as soon as I have time, if the result is positive I’ll update the guide,

      • For me it worked great, i just skipped this step, no needed in my case, i used AV.

        Follow this steps as has been said above :
        1- Before running the command … you have to install an Anti-Virus to clean the Malware (i recommend you “Microsoft Security Essentials”, it worked for me)
        2- After installing the AV scan your infected Drive (USB or other ).
        3- The AV will quarantine the detected Malware
        4- You have to delete it.
        5- Finally Run the command.

  76. Pingback: Vulnerabilities presented by Windows Script Host (WSH) on Windows OS | Computers and Networks

  77. Hi.. when i was in SYSTEM part, i overlooked, i only got to unclick the allow boxes of the rea and read & execute. When i went back to adjust, the SYSTEM in the users list is gone. I was able to click deny for the other users. How can i get back to SYSTEM to edit? Thank you dear.

  78. Hello, thanks for your post. Combo fix took care “apparently” of the virus Windows Script Host, but since my computer was running slow, I searched for the file wscript, and it gave me 4 files, I deleted all but one, this one does not allow me to do so, I follow all your instructions from this file, but my question is… On the last step, can I put C?
    Thanks so much

    • Follow this steps as has been said above :
      1- Before running the command … you have to install an Anti-Virus to clean the Malware (i recommend you “Microsoft Security Essentials”, it worked for me)
      2- After installing the AV scan your infected Drive (USB or other ).
      3- The AV will quarantine the detected Malware
      4- You have to delete it.
      5- Finally Run the command.

    • Follow this steps as has been said above :
      1- Before running the command … you have to install an Anti-Virus to clean the Malware (i recommend you “Microsoft Security Essentials”, it worked for me)
      2- After installing the AV scan your infected Drive (USB or other ).
      3- The AV will quarantine the detected Malware
      4- You have to delete it.
      5- Finally Run the command.

  79. Works, great, thx :D

    Ihad the same problem on my USB key (now its solved).

    Concerning the AV i use “Microsoft Security Essentials” (its free) it has detected the malware “WBS” and quarantined it, therefore i could delete it.

  80. Hey, I had this problem during christmas and thought that it was just my friend’s USB that had a problem until I checked it today. You took the effort to make this guide and it made my year’s end. I thought all was lost. Thanks a lot buddy!

  81. can i apply this procedure in windows 8? please answer me sir! i really need your help, im an architect and i need those files!

  82. Sir i having problem actually the wscript not showing and i did perform other steps which cleaned the virus but when i plugged out the usb and i check the sd card in my phone all those shortcuts appears again and when i try delete them through phone it gives error of no permission to delete and i cant access my sd card storage in my phone i cant send any data or revc neither take pics download anything plz help me Sir Im exhuasted now i have tried almost everything

  83. @Luis Felipe La Rotta: Thank you very much for the solution provided. Helped me with Win 7 64 bit. Excellent! All the best to you.

  84. I tried about 8 solutions to my Shortcut Virus problem and only your solution 100% solved my problem. I don’t own any AV program yet your procedure saved not only my precious files but also money. Your solution also cured my Desktop, 1 SD card and 3 USB drives. May God Bless you.

  85. in my USB the file autorun.inf is still there how do i delete it off the USB because im not owner of the file or cannot be owner of the file , i have tried command prompt and cannot delete it using attrib /q /s then the file name it says its not there. any help? just need this file off my USB

  86. i dont understand on the step 3!! Pick Folder Options? i’m using windows 7 but i cant find the ‘view’ you were talking about in here TT^TT please help me
    by click-right right?

  87. Hi! Thanks very much for the help! My SD card is working fine again, with all the files still intact. I have one question though: How do you completely remove the virus, other than restoring the whole system to default? It seems like the activity of the virus has just been blocked.

  88. This is really great. :)
    I had lost all my files that was saved in my pen drive because of some virus. The pen drive space was showing full but when i was opening it i couldn’t find any data inside. I was struggling so hard with this issue. Finally, i found this article on Google and tried the command line thing. IT REALLY WORKED!!. Thank you so much Luis Felipe La Rotta for such a resourceful information.
    attrib -h -r -s /s /d F:\*.* really works

  89. What if? There is a shortcut folder in each of the folders but the files remain? What is the problem? Even after deleting the shortcuts, it comes back.

  90. MY USB HAS THESE FOLDERS DOCUMENTS, MY GAMES, MY VIDEOS, DOWNLOADS, MY MOVIES AND I REALLY DON’T KNOW WHERE IT CAME FROM. WHEN I INSERTED THE USB OF MY CLASSMATE ON MY LAPTOP SHE HAS THOSE FOLDERS AND THEN WHEN I EJECTED IT AND INSERTED MY USB THE FOLDERS JUST POPPED UP ON MY USB, WHEN I TRY TO DELETE IT, IT GOT DELETED AND THEN AFTER A FEW MINUTES THE FOLDERS ARE THERE AGAIN. I DON’T KNOW MAYBE IT CAME FROM MY CLASSMATE’S USB WTF AND I DON’T KNOW WHAT TO DO. IS THE STEPS ABOVE APPLICABLE TO MY PROBLEM???? I REALLY NEED AN ANSWER PLS!! SO I CAN DO THESE STEPS AND I KNOW IT WILL WORK BECAUSE SO MANY PEOPLE SAID I WORKS! PLEASE REPLY TO THIS COMMENT AS SOON AS POSSIBLE I NEED YOU

  91. [Issue SOLVED. Virus COMPLETELY REMOVED.]

    First of all, Luis Felipe La Rotta, I must thank you, your solution proved to be very helpful in identifying and eliminating the threat. But I found an interesting phenomena that your solution, [in fact, remedies at two different levels] we DON’T need any MALWARE softwares if we have a working and updated antivirus software in our computer.
    Anyways;
    1. Recovering the ‘hidden files in the shortcut’ from USB drive – [Does not remove the virus from PC] – This temporary solution is good enough to recover the data ONLY.
    2. Eliminating the threat entirely – Deleting the virus and permanently removing the virus – this is partially present in your solution which I am covering in my experience below as my contribution in helping others as thank you to you.

    Like others, I had been unsuccessful in getting the virus off my computer following EXACTLY what you produced here. The good thing was, as I read the comments by other users regarding their unsuccessful attempts and experimenting, finally, I was successful in taking out the virus completely with 100% success.

    Since your solution for recovering data is precise and working, I am ONLY revising your solution in addition to my experience for COMPLETELY REMOVING THE THREAT itself. You are requested to update it accordingly. Appreciated.

    Some users are reporting that no matter what antivirus they used, the virus kept running. For those still having issues:

    [SOLUTION:]
    1. Open Task Manager (Ctrl+Alt+Del)
    2. Go to the Processes tab
    3. Look for WSCRIPT.EXE that is currently running.
    4. End the process.

    Now, we need to contain the WSCRIPT.EXE by taking its OWNERSHIP, [No need to delete it at this stage or later]

    5. RESTART THE COMPUTER IN SAFE MODE.
    6.Go to Explorer Window, select “Windows” directoy”
    7. Search for WSCRIPT.EXE ‘Right click’ on the wscript.exe file and select “Properties”
    8. On the dialog box that appears:
    – Pick “Security” and then “Advanced”
    – On the new dialogue box, pick “Owner” – In the example screenshot you will see that the virus changed the Current Owner to “Trusted Installer”. So, from the list called “Change Owner to:” pick your Administrator name.
    9. Click OK.

    [Now that you own the virus, let’s go back to the Step 7 and rework on the file]

    10. As did in Step 7, again, Right click on the virus file
    – Pick “Properties”
    – and again “Security”.
    – But this time, on the dialog that pops-up click on “Edit”
    11. A new (almost identical) window will pop up.
    – Click on “SYSTEM” and deny “Read & Execute” and “Read”.
    – Repeat the same operation with all the elements of “Group and user Names”

    After this, the computer will not be able to run this virus executable file.
    Now, to take out the threat.
    [I am going to refer those antivirus softwares which I used to eliminate the threat]

    Still in SAFE MODE:
    [Assuming your antivirus is up-to-date]
    12. Scan the PARTITION C: completely.
    – [I had AVIRA FREE ANTIVIRUS and it took out all the threats]
    – The infectious files may include [in my and most of cases] WORM/Lodbak.Gen [worm] which was creating some two m*.exe files in the PROGRAM DATA folder.
    13. If not during scanning, or prompted for action later, delete all the identified threats.
    14. Restart the computer in NORMAL mode.
    15. Download and install KASPERSKY TRIAL ANTIVIRUS version.
    16. After installation is done. Do NOT restart the system.
    17. Uninstall the previous [in my case, AVIRA] antivirus software.
    18. Once done, restart the computer.
    19. Update the new Kaspersky antivirus database.
    20. Scan the computer again for ONE remaining ‘malicious’ file and disinfect it upon prompt.

    CONGRATULATIONS. Your computer is now virus free.

    [Additional Note: It took me around 10+ hours to finally resolve the issue. Now, its been more than a day when I finally decided to close this chapter after trying and testing around 9 different USBs. The shortcut issue is not popping up anymore and everything thing is fine with USBs with data remain intact, and not disappearing.
    The reason I used Kaspersky in the end, its trial version did the job without asking purchasing of complete version. I google and tried many malware softwares but each one failed to remove the virus. They all found something but demanded full version through purchasing. Once the trial period is over, I’ll be resorting back to AVIRA which did in fact traced and deleted the virus from the computer but it itself got infected by the time, I was done with the researching process. It’s ‘realtime protection’ was disabled and was not being enabled. Other than this, Avira remained an outstanding experience since the last 3 years I’ve using it. Somehow this screwup slipped past.
    I hope my this experience helps those who are still out there looking for a solution.
    Once again, I thank you, Luis, if it were not your in depth details on this problem, I and many others would still be out there looking for solution.
    Have a nice time hunting the virus, folks.]

Comments / Questions / Suggestions

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s