How to Remove Shortcut Virus from Storage Media and Computer System Manually?


Shortcut Virus is a new virus that enters in your computer/USB/SD card automatically and converts your content into a shortcut format. This virus hides or replaces the original content from the folder and hence, due to this you are unable to access the data in the folder. The main causes of such virus are Internet, USB storage, any third party tool, online download files, exchanging data from the infected system to another, etc. And, when you try to access any such files or folder Windows will show you an error message as “shortcut missing”. But, the truth is that the files are still saved in the certain portion of the storage device.

how to remove shortcut virus

Types of Shortcut Virus:

  • Flash drive shortcut virus

flash drive shortcuts

  • File or folder shortcut virus

Folder shortcut virus

The most frustrating part of this virus is that you cannot remove the shortcut virus through some of the Antivirus programs. So, now come to the point that how to remove such shortcut virus from the system, USB, drive or any other storage media. Generally, there are 2 ways to remove this virus and access the folder data i.e

  1. By using third party tool
  2. By using manual steps

 Note: Antivirus program only worked, if the shortcuts virus is detectable.

Before starting the discussion about the manual procedure, let we focus on some important points that helps to avoid the shortcut virus in a system or storage devices.

  • Do not download any software or file, which shows any suspicious thread or malware.
  • Keep up-to-date your antivirus and if you don’t have any than it’s highly recommended to install in the system.
  • Open USB after the scanning process.
  • Never open harmed websites.
  • Avoid any third party software.
  • Run boot time scan atleast once in 2 weeks.
  • Do not connect any storage device with your system, if there is any virus in the storage device.
  • Type the respective device drive letter to avoid the loading of any scripts.
  • Do not connect with the system, which haven’t installed any antivirus.
  • Never open your pendrive from the autorun window or My Computer

 

Manual procedure to remove the Shortcut virus from Pendrive or USB :

Step 1: Open Command Prompt as administrator:

  • For Windows 7 or earlier: Press Windows key and R simultaneously and type cmd and prsee
  • For Windows 8: Click on Start and then, select “command prompt (Admin)” or Search for “cmd”, then right click on cmd and select “Run as Administrator”.

Step 2: Find the flash drive or pendrive name in My Computer.

Step 3: Check there the first letter of drive (in which you want to remove the shortcut virus or the media that turned into a shortcut folder).

Step 4: In the command prompt, enter the first letter of the storage device or drive in the command prompt.

  • E.g.: Let “a” be the first letter of the storage drive then type “a” and hit Enter.

Step 5: Then type attrib -h -r -s /s /d a:\*.* or attrib a:\*.* /d /s -h -r -s and then press the Enter button. (“a” replaced with your pen drive first letter).

Note: Mind the spaces between each character.

Step 5: That’s it, now close the command prompt and access the folder.

Note: Delete unknown files from your storage after the command process completes.

 

Manual procedure to remove the Shortcut virus from the computer system:

Method 1: Using Windows registry

Step 1: Open the Task Manager by pressing Ctrl + Alt + Del or right click on the task bar and click on Task Manger.

Step 2: Go to Process tab and search Wscript.exe. Right click on it and click on End Task.

Step 3: Now, go to Start and search for “regedit”. Open it and you will get Registry Editor which navigate

HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run

Step 4: Here, search the Registry Key “odwcamszas”, and if found, then right click on it and delete this registry key.

 

Method 2: If you are unable to find the Registry key, then follow these below steps.

Step 1: Press windows + R key and type %temp%. Now, hit OK to open the temp folder. Here, search the file name nkvasyoxww.vbs, if found then right click on it and delete the file.

Step 2: Go to C:\Users\username>\AppData\Roaming\Microsoft\Windows\StartMenu\Programs\Startup

OR

C:Users -> Double Click on User Account Name -> AppData -> Roaming -> Microsoft -> Windows -> Start Menu -> Programs -> Startup.

Check Startup folder, if nkvasyoxww.vbs exists then delete it.

Step 3: Press Windows + R key, type “msconfing” and hit OK. Then, System Configuration window open. Now, go to Startup, and search nkvasyoxww.vbs. Then, uncheck it and hit OK.

Note: In Windows 8, Open Task Manager and go to Startup. Here, disable nkvasyoxww.vbs file.

 

Method 3: Using .bat file (.bat is must)

Step 1: Open a Notepad

Step 2: Copy the following lines there

@echo off

attrib -h -s -r -a /s /d C:\*.*
attrib -h -s -r -a /s /d D:\*.*
attrib -h -s -r -a /s /d E:\*.*
attrib -h -s -r -a /s /d F:\*.*
attrib -h -s -r -a /s /d G:\*.*
attrib -h -s -r -a /s /d H:\*.*
attrib -h -s -r -a /s /d I:\*.*
attrib -h -s -r -a /s /d J:\*.*
@echo complete.

Note: Replace the C, D, E, F, G, H, I, J with the virus affected hard drive first letter.

Step 3: Save the file in the desktop with the name VirusRemover.bat.

Step 4: Close the notepad and double click on saved file in the desktop.

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s