How To Remove Pendrive Shortcut Virus From Your USB Drive And Computer

With each new version of Windows, Microsoft is making it harder for hackers and crackers to hack into Windows. Windows has also become less vulnerable to viruses and other malware by default as Microsoft has added securities like a built-in antivirus program and blocking removable media auto run functionality until selects to do so etc. But most people still fall prey to USB viruses because they attack automatically when a USB drive is inserted and auto-run is turned on. The best way to avoid viruses and keep yourself safe is to educate yourself about how computers work and how to keep it secure.

Pendrive shortcut virus

In this article, we will go through the solution to completely remove pendrive shortcut virus from our USB drive and our Windows computer.

Symptoms and behavior of Pendrive shortcut virus

Lately I have been asked about the pen drive shortcut virus by quite a few people including users of iTechtics through the comments on other articles. The symptom of this virus is that all the folders you copy to your USB drive will be converted to shortcuts. If you double click the shortcut, it will open the same folder in a new window.

At first I didn’t take it serious until I came across an infected system myself. If you go to Google Search and search for a solution to pen drive shortcut virus, you will be greeted with a lot of pages with almost the same sort of solution. A batch file is being shared across all the pages that I came across. The batch file simply does three things; unhide all the files in the USB drive, delete all the shortcuts in the USB drive and delete two files called fypuas.exe and fypuasx.exe.

While this is a solution, it is not a permanent solution as it will only last until the computer is restarted. If you restart your computer and insert your USB drive again, it will show the same behavior as discussed above.

Fixing Pendrive shortcut virus issue permanently

Before going through the steps to delete this virus from your system, let me give you a brief overview of what this virus does. This will make it easier for us to understand and solve the problem. This virus surfaced in 2010 and has been around with different names since then. It injects itself to system startup, creates a few executable files inside the USB drive which look like shortcuts, hides the original folders and files inside the USB drive, copies itself into the profile folder of the current user and connects to an outside computer.

If you right click any shortcut folder inside your USB drive and go to Properties, you will be able to confirm that this is actually not a shortcut but properties of an executable file. Now let’s go through removing the shortcut virus step by step:

  1. Download Hijackthis and install it on your computer.
  2. Scan your computer with Hijackthis and preferably save the log file.
  3. Hijackthis gives your a list of entries with codes at the start of each line. Each code has a meaning. We need to look at the entries with code ’04’. These are the entries which are executed when a user is logged into the computer. These entries will display startup items for all the users in the computer.
    Hijackthis 04 entries
  4. Make sure you delete all entries which have the following file names inside them: fypuas.exe and fypuasx.exe
  5. Now open your Task Manager. Under Processes, make sure no process is running under the name fypuas.exe and fypuasx.exe
  6. Now go to your profile home folder (Run –> %HOMEPATH%), delete all files named fypuas.exe and fypuasx.exe

Hopefully the above steps will cleanup our system from the pendrive shortcut virus. Now let’s clean our USB drives and restore our data.

  1. Open command prompt (Run –> cmd) and go to your USB drive. For example, if my USB drive is E drive, I’ll need to type E: and hit the enter key. This will take me to the USB drive inside the command prompt.
  2. Run the following command:
    del *.lnk
    This will delete all files with the extension of a shortcut
  3. Now run the following command:
    attrib -h -r -s /s /d E:*.*
    This command will remove the following attributes from all files inside the USB drive; hidden, read-only, system.

Following these steps should remove the virus from the USB drive completely. If you open your USB drive folder from Windows Explorer, you will be able to see all your files and folders restored inside the USB drive.

After removing this virus, you should scan your system with a good antivirus so that it may be able to detect and remove traces of any virus inside your computer. You will be able to download AVG Internet Security 2014 free for one year. If you are still having problems with this malware even after going through all these steps, please let me know through comments and we can find a solution to your specific problem together.


Interesting Reads Next:


  1. facebook
    September 16, 2019
  2. Pratik Gaur
    December 20, 2018
  3. Mudike
    August 3, 2017
    June 22, 2017
  5. Anonymous
    November 5, 2016
    October 12, 2016
  7. jorj
    August 25, 2016
  8. baskker
    August 12, 2016
  9. Pankil Chhabra
    May 1, 2016
  10. vijay
    April 29, 2016
    • iTechtics Staff
      April 29, 2016
  11. chandrakala
    April 21, 2016
    • iTechtics Staff
      April 27, 2016
      • James Creche
        December 26, 2016
      • Abdul Rahaman
        November 8, 2017
        • iTechtics Staff
          November 8, 2017
          • Aditya sunil Kolte
            December 23, 2017
  12. Ruchira Perera
    March 6, 2016
  13. sushil
    February 8, 2016
    • iTechtics Staff
      February 8, 2016
  14. sajeed pathan
    January 27, 2016
  15. Strider X
    November 11, 2015
    • Vikram
      May 28, 2016
    October 11, 2015
  17. Natalia
    May 27, 2015
  18. Ankit
    May 24, 2015
  19. noman ul haq
    May 15, 2015
  20. core
    May 12, 2015
  21. Diego
    April 8, 2015
  22. piyush raj
    April 5, 2015
  23. piyush raj
    April 5, 2015
  24. Harmain Ahsan
    April 4, 2015
  25. UsbFix
    March 27, 2015
  26. sruthy
    January 30, 2015
    • iTechtics Editor
      January 30, 2015
  27. Arlene
    November 10, 2014
    • Usman Khurshid
      November 18, 2014
      • panbuarasu
        March 25, 2015
        • iTechtics Editorial Team
          March 25, 2015
        • ash kosuke
          May 31, 2015
  28. Ana
    September 28, 2014
    • Usman Khurshid
      September 28, 2014
  29. stefano
    July 24, 2014
  30. amit huda
    April 18, 2014
  31. emegeve
    April 5, 2014
  32. Anonymous
    March 26, 2014
  33. Hridom
    February 22, 2014
  34. daniele trevisan
    February 9, 2014
  35. Waad GH
    February 9, 2014
    • Waad GH
      February 9, 2014
  36. Akila Dilshan
    January 23, 2014
  37. Daniele Trevisan
    January 5, 2014
  38. Daniele Trevisan
    January 5, 2014
    • Usman Khurshid
      January 5, 2014
  39. Daniele Trevisan
    January 5, 2014
    • Usman Khurshid
      January 5, 2014
  40. IGEDHE
    December 16, 2013
    • Usman Khurshid
      December 16, 2013
  41. thomas
    December 10, 2013
    • Usman Khurshid
      December 10, 2013
      • thomas
        December 10, 2013
        • thomas
          December 10, 2013

Leave a Comment