Viruses can be sneaky, but the dreaded shortcut virus is perhaps one of the sneakiest ones on the internet. It can infect your device then trick you into downloading further malicious software.

So what exactly is a shortcut virus? Why is it so bad? And how do you remove one if you're infected?

What Is a Shortcut Virus?

mac icons apps
Image Credit: Toxa2x2 / Shutterstock.com

A shortcut virus is a kind of Trojan and worm combination that hides all of your files and folders, then replaces them with shortcuts that look identical to the originals.

When you launch one of these false shortcuts, you end up running malware that duplicates the virus and further infects your system, leading to stolen personal data, worsened system performance, and all kinds of other malware-related side effects.

Related: Computer Viruses to Watch Out For and What They Do

Shortcut viruses mainly affect physical file transfer devices like USB flash drives, external hard drives, and SD memory cards, but can be transferred to computers when exposed to an infected device that takes advantage of Autorun or Autoplay in Windows.

Many shortcut viruses remain undetected by antivirus software, so running a security suite with a virus scanner usually isn't enough. Fortunately, the process for manually removing a shortcut virus is relatively simple and painless.

How To Remove a Shortcut Virus From a USB Drive

plugging in a usb drive
Image Credit: Pheelings media / Shutterstock.com

If you have a USB flash drive, external hard drive, or SD memory card that's infected with a shortcut virus, the infection will spread whenever you plug it into a Windows PC.

Unfortunately, if you only have a Windows PC at your disposal, you'll have to plug the device in, scrub the virus off of it, then remove the shortcut virus from your PC too.

Here's how to remove the infection from the external device:

  1. Plug in the infected external device.
  2. Open File Explorer (Windows key + E keyboard shortcut) and look under the Devices and drives section to find the external device. Make a mental note of the external drive's letter (e.g. E:).
  3. Launch an elevated Command Prompt by opening the Power User Menu (Windows key + X keyboard shortcut) and selecting Command Prompt (Admin).
  4. Orient the Command Prompt to the external device by typing the drive letter you noted in step 2, then hitting Enter:
            E:
        
  5. Delete all shortcuts on the device with this command:
            del *.lnk
        
  6. Restore all files and folders on the device with this command:
            attrib -s -r -h /s /d *.*
        

The attrib command is a native Windows function that alters the attributes of a particular file or folder. The other parts of the command designate which files and folders to alter and how they should be changed:

  • -s removes the "system file" status from all matching files and folders.
  • -r removes the "read-only" status from all matching files and folder.
  • -h removes the "hidden" status from all matching files and folders.
  • /s makes the command recursively apply to all files and folders in the current directory and all subdirectories—basically the entire device in this case.
  • /d makes the command apply to folders as well (normally attrib only handles files).
  • *.* means all file names and folder names should be considered a match.

Once you've done all that, consider copying all of your files off the external device, completely formatting the external device to wipe it clean, then moving your files back onto it.

Related: How to Format a USB Drive (And Why You Would Need To)

How To Permanently Remove a Shortcut Virus from Your PC

If your Windows PC is infected with a shortcut virus, then any time you plug in another external device, the infection will spread to that device.

Here's how to remove a shortcut virus using CMD (on a Windows machine):

  1. Open the Task Manager (Ctrl + Shift + Esc keyboard shortcut).
  2. In the Process tab, look for wscript.exe or wscript.vbs, right-click on it, and select End Task. If you see both, go ahead and do it for both.
  3. Close the Task Manager.
  4. Open the Start Menu, search for regedit, and launch the Registry Editor.
  5. In the Registry Editor, navigate to the following in the left sidebar:
            HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run
        
  6. In the right panel, look for any strange-looking key names, such as odwcamszas, WXCKYz, OUzzckky, etc. For each one, run a Google search to see if it's related to shortcut viruses.
  7. If so, right-click on them and select Delete. Do this at your own risk! Always make sure you know what a key does before tampering with it. Accidentally deleting an important key can cause Windows to become unstable, so double-check everything.
  8. Close the Registry Editor.
  9. Open the Run prompt (Windows key + R keyboard shortcut), type msconfig, then click OK to open the System Configuration window.
  10. In the Startup tab, look for any strange-looking .EXE or .VBS programs, select each one, and click Disable.
  11. Close the System Configuration window.
  12. Open the Run prompt (Windows key + R keyboard shortcut), type %TEMP%, then click OK to open the Windows Temp folder. Delete everything inside. (Don't worry, it's safe!)
  13. In File Explorer, navigate to the following folder:
            C:\Users\[username]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
        
  14. Look for any strange-looking .EXE or .VBS files and delete them.

If that doesn't work, you might also try using USBFix Free. It's technically meant to clean up USB drives and other external devices, but you can point it to regular system drives and it will clean them up too.

It works well as a shortcut virus remover tool. Many have seen success with it, but we can't be held responsible if it backfires and you lose data. Always back up your data first!

If the infected drive or partition is the same one as your Windows system (for most users, that means the C: drive), there's no easy way to clean all of the false shortcuts. Fortunately, in Windows 8.1 and 10, you can opt to reset or refresh Windows. On Windows 7, you'll need to reinstall the operating system.

Avoiding Malware in the Future

A shortcut virus is a particularly nasty strain of malware, but that doesn't mean it's impossible to detect or fix. Now you know how it works and what to do when you're infected by one.

If you want to learn more about how to stay safe online, study up on spotting and avoiding fake virus alerts. This kind of malware causes people to panic and do things they would otherwise not do—like download a virus, for instance!