Shortcut Virus: What Is It and How Can You Remove It?

What Is Shortcut Virus?

The shortcut virus is a common computer virus that hides your files and replaces them with shortcuts with the same file name. When you click on the shortcuts, the virus replicates itself and further infects your drive. It leads to steal personal data, worsen system performance, and all kinds of other malware-related side effects. The shortcut virus usually enters your drive via running an .exe file that contained the virus or from using a flash drive on multiple computers.

Shortcut viruses mainly affect physical file transfer devices like USB flash drives, external hard drives, and SD memory cards. But it can be transferred to computers when exposed to an infected device that takes advantage of Autorun or Autoplay in Windows.

Many shortcut viruses remain undetected by antivirus software. So running a security suite with virus scanner usually isn’t enough. Fortunately, the process for manually removing a shortcut virus is relatively simple and painless.

How Does It Spread?

When we connect a flash drive to a malware computer and transfer any file from PC to flash drive it automatically infect Pendrive and all files appears as Shortcut.

This virus can affect any external storage like Flash Drives, External Hard disk, Phone Memory, Memory card or any Memory Stick. This is an anonymous malware which initially released online and spreading from one computer to another. And we got Shortcut of files which are in USB drive if you try to open any file you will get error message.

How to Remove Shortcut Virus?

How to Remove a Shortcut Virus from an External Device

If you have a USB flash drive, external hard drive, or SD memory card that’s infected with a shortcut virus, the infection will spread whenever you plug it into a Windows PC. Here’s how to remove the infection from the external device:

1. Plug in the infected external device.
2. Open File Explorer (Windows key + E keyboard shortcut) and look under the Devices and drives section to find the external device, then make a mental note of the drive letter (e.g. E:).
3. Launch an elevated Command Prompt by opening the Power User Menu (Windows key + X keyboard shortcut) and selecting Command Prompt (Admin).
4. Orient the Command Prompt to the external device by typing the drive letter you noted in step 2, then hitting Enter:E:
5. Delete all shortcuts on the device with this command:del *.lnk
6. Restore all files and folders on the device with this command:attrib -s -r -h /s /d *.*
7. Done!

The attrib command is a native Windows function that alters the attributes of a particular file or folder. The other parts of the command designate which files and folders to alter and how they should be altered:

• -s removes the “system file” status from all matching files and folders.
• -r removes the “read-only” status from all matching files and folder.
• -h removes the “hidden” status from all matching files and folders.
• /s makes the command recursively apply to all files and folders in the current directory and all subdirectories, basically the entire device in this case.
• /d makes the command apply to folders as well (normally attrib only handles on files).
• *.* means all file names and folder names should be considered a match.

Once you’ve done all that, consider copying all of your files off of the external device, completely formatting the external device to wipe it clean, then moving your files back onto the external device.

How to Permanently Remove a Shortcut Virus from Your PC

If your Windows PC is infected with a shortcut virus, then any time you plug in another external device, the infection will spread to that device. Here’s how to remove a shortcut virus using CMD (on a Windows machine):

1. Open the Task Manager (Ctrl + Shift + Esc keyboard shortcut).
2. In the Process tab, look for wscript.exe or wscript.vbs, right-click on it, and select End Task. If you see both, go ahead and do it for both.
3. Close the Task Manager.
4. Open the Start Menu, search for regedit, and launch the Registry Editor.
5. In the Registry Editor, navigate to the following in the left sidebar:HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run
6. In the right panel, look for any strange-looking key names, such as odwcamszas, WXCKYz, OUzzckky, etc. For each one, run a Google search to see if it’s related to shortcut viruses.
7. If so, right-click on them and select Delete. Do this at your own risk! Always make sure you know what a key does before tampering with it. Accidentally deleting an important key can cause Windows to become unstable.
8. Close the Registry Editor.
9. Open the Run prompt (Windows key + R keyboard shortcut), type msconfig, then click OK to open the System Configuration window.
10. In the Startup tab, look for any strange-looking .EXE or .VBS programs, select each one and click Disable.
11. Close the System Configuration window.
12. Open the Run prompt (Windows key + R keyboard shortcut), type %TEMP%, then click OK to open the Windows Temp folder. Delete everything inside. (Don’t worry, it’s safe!)
13. In File Explorer, navigate to the following folder:C:\Users\[username]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
14. Look for any strange-looking .EXE or .VBS files and delete them.
15. Done!

If the above doesn’t work, you might also try using USBFix Free

It’s technically meant to clean up USB drives and other external devices. But you can point it to regular system drives and it will clean them up too. It works pretty well as a shortcut virus remover tool. Many have seen success with it, but we can’t be held responsible if it backfires and you lose data. Always back up your data first!

Bottom Line

With a little bit of knowledge and a lot of common sense, malware can be surprisingly easy to prevent.

Make sure you have complete protection installed into your PC like Kaspersky Total Security or McAfee Total Protection if not please download and install Kaspersky Total Security/ McAfee Total Protection or any other antivirus which provide protection from all kind of threats.

Or you can also install a good free antivirus program but be having a full version of an antivirus give you a piece of mind and you stay safe from different types of malware like a virus, trojan, rootkit etc.

Performing all the above steps will remove shortcut virus from your computer or laptop if you face any problem feel free to comment below.