Remove Autorun Virus From USB Drive 2020: What Should You Do to Delete or Remove It?
Flash drives, pen drive, or a USB storage device is a handy device we use to transfer or backup various important documents, videos, images, or software. Because of this, we usually use these devices to connect to different computers, and viruses might infect some of these. Therefore, flash drives or pen drives are usually carriers of viruses from one computer to another. Autorun viruses are one of the most common viruses you can get from USB flash drives. So, how can you remove autorun virus from USB drive? First, you need to know what it is and how does it work.
Contents
What is Autorun.in/Autorun.inf?
Autorun worms typically distributed as an executable file(.exe). The file may itself be a copy created by a prior worm infection, or it may have been released onto a computer or device as part of the payload of another harmful program, such as a trojan or exploit kit.
Autorun worm creates the Autorun.inf file in the root directory of the affected drive. It is responsible for creating more copies, even if the original worm file is never rerun. Autorun usually spread through infected external devices like USB flash drives. Once you connect an infected USB disk to your computer, the virus can damage your computer, self-executing files, destroying important documents, and start replicating itself so that it is hard to remove.
The autorun.inf run and execute destructive scripts that cause your computer system errors. Read on to know how to Remove Autorun Virus From USB Drive, but how can you determine first if you are infected by autorun virus?
How to Know If You Are Infected?
Even though the Autorun virus’s primary approach is to launch programs, it’s hard to know if it’s already in your system. The program can both automatically launch programs and then command what actions they automatically take.
A browser could automatically open and download malware and install itself.
The typical sign that Autorun.in infects you is when a series of suspicious programs are automatically launching or important documents mysteriously disappearing.
Of course, you need to remove Autorun Virus from USB Drive, and from your system too.
How to Remove Autorun Virus from USB Drive?
To Remove Autorun Virus From USB Drive, connect the Pen Drive or USB Flash Drive to your computer.
Step 1. Open Command Prompt from search (Win + s) and run as an administrator.
Step 2. Type drive location for selecting a particular drive. In usual cases, the location of the USB flash drive is ‘F’ or ‘G’ so if your USB flash drive is ‘F’, type F: on the cmd and then press enter
Step 3. Type attrib and press Enter. It will list out all unwanted hidden and read-only files or folders inside the selected drive. You should see autorun.inf virus listed if it’s infected. In my case, I don’t have an autorun.inf virus, so you won’t see it.
Most viruses are hidden or in Read-only format. It means that you won’t be able to find those viruses just by opening the infected flash drive or delete them there. You have to remove “Hidden” and “Read-only” attributes to find and delete it. To remove these attributes…
Step 4. Type into your command prompt attrib -r -a -s -h *.* and press Enter. This will remove the Read-Only, Archive, System, and hidden file attribute from all the files. (*.* for all the files with all different types of file extensions).
Where
h represents the hidden attribute
r represents the read-only attribute
s represents system file attribute
a represents archive attribute
*.* represent all the files with all different types of file extensions.
Now you can find those viruses by opening your Pen drive or USB Flash Drive. Also, you can delete those viruses by using the cmd. To do that…
Step 5. Type del autorun.inf and enter to delete the files.
How to Prevent Autorun Virus from Infecting Your Computer?
The first step to this is to change the Windows AutoPlay Policies
To do this:
Change Windows AutoPlay Policies
Open windows RUN dialog by pressing (Win + R) or by searching it in the start menu, then run “gpedit.msc“
If you are using Windows 10 Home like me, you won’t usually find gpedit.msc.
To enable it, please follow the instruction from this website: Enable gpedit.msc
After enabling it, it should start working.
Go to Computer Configuration > Administrative Templates > Windows Components > AutoPlay Policies
Go to “Turn off Autoplay”> change to enabled for all drives
Go to “Turn off Autoplay for non-volume devices”> change to enabled
Go to “Default behavior for AutoRun”> change to enabled and Do not execute any autorun commands
The second step to prevent Autorun Virus from infecting your computer is to disable to running autorun.inf files.
To do this:
Disable Running Autorun.inf Files
Open command prompt (CMD) and execute the following command:
REG ADD “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf” /ve /d “@SYS:DoesNotExist”
This command tells Windows “whenever you handle autorun.inf, don’t use the values in the file but instead use the values at “HKEY_LOCAL_MACHINE\SOFTWARE\DoesNotExist” and because this key doesn’t exist, it’s as if autorun.inf is empty. So, nothing is added to the explorer double-click action.
The last step is to immunize your pen drive or USB flash drive against the Autorun viruses.
To do this:
Immunize Pen Drive USB Flash Drive
Open command prompt (CMD) and execute the following commands for all drives, including USB disks (in this example, the drive is D:\):
Type your flash drive letter, in this example; it is D:, type” D:” without quotes and press enter.
Type the following commands:
mkdir autorun.inf
attrib +h +r +s +a autorun.inf
cd autorun.inf
mkdir .\con\
Press the Enter key and close the command prompt.
With the mkdir (make directory) command, you created a folder named autorun.inf in the root of the pen drive so that virus cannot create a file with the same name.
“attrib +h +r +s +a autorun.inf” command makes the folder hidden(+h), read only(+r), system folder(+s) and turns it into an archive(+a), so that it is not easily targeted for deletion by virus.
With the cd (change directory) command, you enter inside the newly created folder autorun.inf.
Again with the make directory command, you created a sub-folder named con.” con” is one of the MS-DOS reserved words, and as such folder with the name” con” cannot be created or deleted without using a command prompt.
The only other way to delete such a folder is to format the entire drive. Since the sub-folder” con” can’t be deleted, its parent folder autorun.inf cannot be deleted by the virus as well.
Alternatively, you can use the following software to do this if that was too technical for you:
Flash_Disinfector.exe – Flash Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder. It will help protect your drives from future infections by keeping the autorun file installed on the root drive and running other malicious files.
Malwarebytes – Malwarebytes’ may “make changes to your registry” as part of its disinfection routine. If using other security programs that detect registry changes (ex: Spybot’s Teatimer), they may interfere or alert you.
Inserting unknown USB flash drives is always very risky. Even your USB drive that you use on another computer can have a risk. Having proper antivirus protection should help avoid the chance that an Autorun virus will cause an infection. Still, ideally, you should never introduce unknown external devices to your system in the first place. If you cannot avoid to do it, at least immunize your Pen drives and USB drives using the steps above.
Pingback: Aggressive Shortcut Virus 2020: How to Remove Shortcut Virus from Your USB Drive? | CyberSecuredAdvisor