USB Drive Infected – Hidden Folders with Malware Shortcuts
Problem:
Your USB hard drive is infected. All of the folders are marked with Hidden and System attributes and have been replaced by shortcuts which point to the folders. The shortcuts also contain extra code which will launch when you click them.
You can unhide your folders by using the command
attrib f:foldername -h -s
But the next time you plug in the drive they will be hidden again.
Cause:
A hidden folder was created named Recycler. This contains a file called Autorun.exe which is launched when you plug in the drive by the file on the root of the drive called Autorun.inf.
Both of those files need to be deleted but you can’t delete them because they are in use.
Solution:
Download Process Explorer
Run it and press Control-F to find autorun.exe
This will tell you the name of the process that is running autorun.exe
Once you have the name of the process, kill it.
Now delete the malicious files.
You can quickly restore your hidden files using this free tool:
http://www.petges.lu/download/