One of the biggest concerns of users when using their computer is that they may end up being infected by what we generally know as viruses . A threat that also has other names such as worms, Trojans, spyware and even ransomware. Each one has its own characteristics, allowing it to be executed without our realizing it, for example, through exploits, or tricking us into being the ones to execute it, such as through direct access.
Shortcut virus may be one of the most feared viruses on the Internet, capable of infecting our system and then tricking us into downloading more malware. For this reason, today we are going to see what it consists of and how it works, as well as how to be able to eliminate it from a USB memory or from our hard drive in case they are infected.
Shortcut virus, what is it?
A type of computer threat is known as shortcut virus. This is responsible for combining a worm and a Trojan in a single threat that will be responsible for infecting our computer. For this, it hides the icons and folders of our PC to replace them with direct access with the same appearance as the original ones.
When this happens and we click on the shortcuts trying to open the corresponding program or folder, the virus replicates itself causing the infection on the hard drive , making the real data inaccessible, and is even capable of stealing information personal to his victim.
In general, this type of malware manages to spread and distribute itself through the Internet, as well as through USB sticks and external hard drives. This is because by connecting them to an infected computer, the device also ends up being infected, thus promoting its spread by taking it from one computer to another and trying to open it. With this, the virus spreads without us knowing or realizing it.
Remove USB shortcut virus
In the event that we have a flash drive, memory card or external hard drive that is infected with a direct access virus, the infection spreads every time we connect it to our Windows PC.
Although it is true that any security software would be capable of detecting it before infecting our computer, when it is already infected, things get complicated, and the large number of copies of themselves make it difficult to eliminate them directly. To be able to eliminate it we can use the Command Prompt tool.
From the Command Prompt
To disable this threat, it is best to remove all shortcuts that could cause us to end up replicating the malware. This is something we need to do by connecting the infected drive or memory to the computer and using the Command Prompt tool.
To open it we must type cmd in the search box of the Start menu and run it with administrator rights. Once we have the window open, we will use the attrib command, which is a native Windows function that is responsible for altering the attributes of a particular file or folder.
The first thing will be to write the letter assigned to the infected memory or disk.
This command is responsible for removing all shortcut files created by the virus.
attrib -s -r -h /s /d *.*
We will use this command to apply the standard attributes to all the original files so that they reappear.
Once finished, it is recommended that we copy all our files from the external device, fully format the external device to clean it, and then move our files back to it.
Delete on PC
In case our Windows 10 or Windows 11 PC has been affected by shortcut virus infection, every time another external device is connected, the infection will spread to this device. If this happens we have different ways to solve it.
Using Registry Editor
The first thing we must do is open the Task Manager, pressing the keyboard shortcut “Ctrl + Alt + Esc”. Once opened in the Process tab we must look for wscript.exe or wscript.vbs . We right-click on it and select “End Task”. In the event that both are found, we perform the operation on them.
Next, we access the Registry Editor, for which we press the keyboard shortcut “Windows + R”, type regedit and click OK. Once it appears and before modifying anything, we proceed to make a backup. To do this, click on “File” and “Export”. Then we specify “All in the export range”, give it a name and the .reg format and click “Save”. Later, we navigate to the following address:
HKEY_CURRENT_USER / SOFTWARE / Microsoft / Windows / CurrentVersion / Run
Here we must look for keys that may be suspicious such as odwcamszas, WXXKYz, ZGFYszaas, OUzzckky . If we find them, we must delete them, marking them and pressing the DELETE key.
We can also make use of an application like UsbFix, with which we can disinfect both internal and external hard drives and that we can download from the developer’s website .
By completely removing all traces of infection, the application restores damaged security features, such as access to the registry and task manager or viewing of hidden files. This tool not only serves to clean infections, but also helps us prevent possible reinfections. To do this, it creates autorun.inf files on the drives to protect us from other infections that may occur in the future.
Its use is very simple, because once we execute it we only have to click on “Run an Analysis” (execute analysis). This will take us to the next screen where we must click on “Full Analysis” (full analysis). From now on, the application will be in charge of analyzing our computer, including the USB memory, in search of viruses. In the event that a virus is found, we follow the instructions on the screen so that the tool removes it from our USB memory.
With antivirus software
While antivirus software may miss shortcut virus files, it can serve as a double guarantee that your PC is virus-free. In the event that we use Microsoft Defender as our antivirus, we must perform a quick or complete scan to make sure.
To do this we type Windows Security in the search box of the Start menu. Once opened, click on “Antivirus and threat protection” located in the left column. On the new screen, click on “Examination Options” . Then we can first perform a quick scan and if we want to be safer, move on to a more complete scan.
In the event that we have not been able to eliminate the shortcut virus in any way, we can always resort to restoring Windows to a previous state where said infection was not found.
To do this we write restoration in the search box of the Start menu and select it. This will open a new window where we will click on the “Open System Restore” option.
This will cause a new window to open. Here we will click on the “Choose another restore point” section. Now we only have access to the last available date where we still did not have the problem with the direct access virus. We select it and wait for it to run and finish. Once this is done, the system should be running without the presence of this annoying virus.