What Is a Shortcut Virus and How Can You Remove It?
Whatsapp Pinterest
Advertisement

A shortcut virus is a kind of Trojan/worm combination that hides all of your files and folders, then replaces them all with shortcuts that look exactly the same.

When you launch one of these false shortcuts, you end up running malware that duplicates the virus and further infects your system, leading to stolen personal data, worsened system performance, and all kinds of other malware-related side effects The 7 Types of Computer Viruses to Watch Out For and What They Do The 7 Types of Computer Viruses to Watch Out For and What They Do Computer viruses can steal or destroy your data in many ways. Here are some of the most common virus types and what they do. Read More .

Shortcut viruses mainly affect physical file transfer devices like USB flash drives, external hard drives, and SD memory cards, but can be transferred to computers when exposed to an infected device that takes advantage of Autorun or Autoplay in Windows.

Many shortcut viruses remain undetected by antivirus software, so running a security suite with virus scanner 5 Best Free Internet Security Suites for Windows 5 Best Free Internet Security Suites for Windows Which security suite do you trust the most? We look at five of the best free security suites for Windows, all of which offer anti-virus, anti-malware, and real-time protection features. Read More usually isn’t enough. Fortunately, the process for manually removing a shortcut virus is relatively simple and painless.

What Is a Shortcut Virus and How Can You Remove It? sd card memory close

Removing a Shortcut Virus From an External Device

If you have a USB flash drive, external hard drive, or SD memory card that’s infected with a shortcut virus, the infection will spread whenever you plug it into a Windows PC. Here’s how to remove the infection from the external device:

  1. Plug in the infected external device.
  2. Open File Explorer (Windows key + E keyboard shortcut) and look under the Devices and drives section to find the external device, then make a mental note of the drive letter (e.g. E:).
  3. Launch an elevated Command Prompt by opening the Power User Menu (Windows key + X keyboard shortcut) and selecting Command Prompt (Admin).
  4. Orient the Command Prompt to the external device by typing the drive letter you noted in step 2, then hitting Enter:
    E:
  5. Delete all shortcuts on the device with this command:
    del *.lnk
  6. Restore all files and folders on the device with this command:
    attrib -s -r -h /s /d *.*
  7. Done!

The attrib command is a native Windows function that alters the attributes of a particular file or folder. The other parts of the command designate which files and folders to alter and how they should be altered:

  • -s removes the “system file” status from all matching files and folders.
  • -r removes the “read-only” status from all matching files and folder.
  • -h removes the “hidden” status from all matching files and folders.
  • /s makes the command recursively apply to all files and folders in the current directory and all subdirectories, basically the entire device in this case.
  • /d makes the command apply to folders as well (normally attrib only handles on files).
  • *.* means all file names and folder names should be considered a match.

Once you’ve done all that, consider copying all of your files off of the external device, completely formatting the external device to wipe it clean, then moving your files back onto the external device. Learn more about how to format an external drive How to Format a USB Drive & Why You Would Need To How to Format a USB Drive & Why You Would Need To Formatting a USB drive is no different than formatting any other drive. But how often have you actually formatted a drive and did you ever wonder what the various options mean? Read More . (But first make sure to clean your computer too! Instructions below.)

What Is a Shortcut Virus and How Can You Remove It? computer laptop keyboard close

How to Permanently Remove a Shortcut Virus from Your PC

If your Windows PC is infected with a shortcut virus, then any time you plug in another external device, the infection will spread to that device. Here’s how to remove a shortcut virus using CMD (on a Windows machine):

  1. Open the Task Manager (Ctrl + Shift + Esc keyboard shortcut).
  2. In the Process tab, look for wscript.exe or wscript.vbs, right-click on it, and select End Task. If you see both, go ahead and do it for both.
  3. Close the Task Manager.
  4. Open the Start Menu, search for regedit, and launch the Registry Editor.
  5. In the Registry Editor, navigate to the following in the left sidebar:
    HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run
  6. In the right panel, look for any strange-looking key names, such as odwcamszas, WXCKYz, OUzzckky, etc. For each one, run a Google search to see if it’s related to shortcut viruses.
  7. If so, right-click on them and select Delete. Do this at your own risk! Always make sure you know what a key does before tampering with it. Accidentally deleting an important key can cause Windows to become unstable.
  8. Close the Registry Editor.
  9. Open the Run prompt (Windows key + R keyboard shortcut), type msconfig, then click OK to open the System Configuration window.
  10. In the Startup tab, look for any strange-looking .EXE or .VBS programs, select each one and click Disable.
  11. Close the System Configuration window.
  12. Open the Run prompt (Windows key + R keyboard shortcut), type %TEMP%, then click OK to open the Windows Temp folder. Delete everything inside. (Don’t worry, it’s safe! 5 Windows Files and Folders You Can Delete to Save Space 5 Windows Files and Folders You Can Delete to Save Space Windows contains plenty of files and folders that nobody needs. Here are five items you can clean out if you're really hurting for disk space. Read More )
  13. In File Explorer, navigate to the following folder:
    C:\Users\[username]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
  14. Look for any strange-looking .EXE or .VBS files and delete them.
  15. Done!

If the above doesn’t work, you might also try using USBFix Free. It’s technically meant to clean up USB drives and other external devices, but you can point it to regular system drives and it will clean them up too. It works pretty well as a shortcut virus remover tool. Many have seen success with it, but we can’t be held responsible if it backfires and you lose data. Always back up your data first! The Windows Backup and Restore Guide The Windows Backup and Restore Guide Disasters happen. Unless you're willing to lose your data, you need a good Windows backup routine. We'll show you how to prepare backups and restore them. Read More

Note: If the infected drive or partition is the same one as your Windows system (for most users, that means the C: drive), there’s no easy way to clean all of the false shortcuts. Fortunately, in Windows 8.1 and 10, you can opt to reset or refresh Windows 4 Ways to Reset Windows 10 and Reinstall From Scratch 4 Ways to Reset Windows 10 and Reinstall From Scratch Windows 10 is still Windows, meaning it will need a fresh start every once in a while. We show you how you can get a fresh Windows 10 installation with as little effort as possible. Read More . On Windows 7, you’ll need to reinstall Windows.

Tips for Avoiding Malware in the Future

With a little bit of knowledge and a lot of common sense, malware can be surprisingly easy to prevent. Check out our best tips for avoiding malware 7 Common Sense Tips to Help You Avoid Catching Malware 7 Common Sense Tips to Help You Avoid Catching Malware The Internet has made a lot possible. Accessing information and communicating with people from far away has become a breeze. At the same time, however, our curiosity can quickly lead us down dark virtual alleys... Read More , our exploration of sites most likely to infect you with malware Which Websites Are Most Likely to Infect You with Malware? Which Websites Are Most Likely to Infect You with Malware? You might think that porn sites, the Dark web or other unsavory websites are the most likely places for your computer to be infected with malware. But you would be wrong. Read More , our guide to spotting fake virus and malware warnings How to Spot and Avoid Fake Virus & Malware Warnings How to Spot and Avoid Fake Virus & Malware Warnings How can you tell between genuine and fake virus or malware warning messages? It can be tough, but if you stay calm there are a few signs that will help you distinguish between the two. Read More , and our explanation of how malware gets on your phone How Does Malware Get Into Your Smartphone? How Does Malware Get Into Your Smartphone? Why do malware purveyors want to infect your smartphone with an infected app, and how does malware get into a mobile app in the first place? Read More .

If you do spot other kinds of malware, act quickly and perform these steps to contain and eradicate malware 10 Steps To Take When You Discover Malware On Your Computer 10 Steps To Take When You Discover Malware On Your Computer We would like to think that the Internet is a safe place to spend our time (cough), but we all know there are risks around every corner. Email, social media, malicious websites that have worked... Read More . Equip yourself ahead of time with these free malware removal tools Easily Remove Aggressive Malware With These 7 Tools Easily Remove Aggressive Malware With These 7 Tools Typical free anti-virus suites will only be able to get you so far when it comes to exposing and deleting malware. These seven utilities will weed out and remove malicious software for you. Read More . And lastly, for major infections, consult our ultimate guide to malware removal The Complete Malware Removal Guide The Complete Malware Removal Guide Malware is everywhere these days, and eradicating malware from your system is a lengthy process, requiring guidance. If you think your computer is infected, this is the guide you need. Read More .

Did this article help you remove a shortcut virus? Know of any other methods that might work just as well? Let us know in the comments below!

Explore more about: Antivirus, Trojan Horse.

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. KA
    March 25, 2018 at 7:25 pm

    Good. Easy steps to recover files hidden by shortcut virus *.lnk. Thanks.

  2. Gabe M.
    January 20, 2018 at 2:16 pm

    Soooo....

    "If you have a USB flash drive, external hard drive, or SD memory card that’s infected with a shortcut virus, the infection will spread whenever you plug it into a Windows PC. Here’s how to remove the infection from the external device:

    Step 1: Plug in the infected external device."

    Why am I supposed to plugin an infected external device if the infection spreads whenever I do that ???

    • Joel Lee
      January 20, 2018 at 2:22 pm

      If the USB is infected, presumably your PC is already infected. Even if it isn't, you plug in the USB, clean the USB, then clean your now-infected PC. If you don't want to do that, then I suppose you always have the option of throwing away the USB.

      • Gabe M.
        January 21, 2018 at 6:28 pm

        Hello,

        I didn't mean to be sarcastic or disrespectful in any way. It's just that to me it seems backwards to first infect your PC and then disinfect both the thumb drive and the PC. It happens very often that my wife asks me to clean the flash drives she uses at school and, seeing that most of the times these viruses are Windows-only, I just boot a Live Linux session and delete the offending files from there, or, if I'm in a hurry, connect the flash drive to my Android un-rooted phone with an OTG cable and do the cleaning from there. Also, I've disabled the Autoplay feature on all of the Windows machines in my house, just to be on the safe side. :)

        Thanks for pointing out the "USBFix Free" tool. It may come in handy...

        Best regards!