How To Remove Pendrive Shortcut Virus From Your USB Drive And Computer

How To Remove Pendrive Shortcut Virus From Your USB Drive And ComputerHow To Remove Pendrive Shortcut Virus From Your USB Drive And Computer

With each new version of Windows, Microsoft is making it harder for hackers and crackers to hack into Windows. Windows has also become less vulnerable to viruses and other malware by default as Microsoft has added securities like a built-in antivirus program and blocking removable media auto run functionality until selects to do so etc. But most people still fall prey to USB viruses because they attack automatically when a USB drive is inserted and auto-run is turned on. The best way to avoid viruses and keep yourself safe is to educate yourself about how computers work and how to keep it secure.

In this article, we will go through the solution to completely remove pendrive shortcut virus from our USB drive and our Windows computer.

Symptoms and behavior of Pendrive shortcut virus

Lately I have been asked about the pen drive shortcut virus by quite a few people including users of iTechtics through the comments on other articles. The symptom of this virus is that all the folders you copy to your USB drive will be converted to shortcuts. If you double click the shortcut, it will open the same folder in a new window.

At first I didn’t take it serious until I came across an infected system myself. If you go to Google Search and search for a solution to pen drive shortcut virus, you will be greeted with a lot of pages with almost the same sort of solution. A batch file is being shared across all the pages that I came across. The batch file simply does three things; unhide all the files in the USB drive, delete all the shortcuts in the USB drive and delete two files called fypuas.exe and fypuasx.exe.

While this is a solution, it is not a permanent solution as it will only last until the computer is restarted. If you restart your computer and insert your USB drive again, it will show the same behavior as discussed above.

Fixing Pendrive shortcut virus issue permanently

Before going through the steps to delete this virus from your system, let me give you a brief overview of what this virus does. This will make it easier for us to understand and solve the problem. This virus surfaced in 2010 and has been around with different names since then. It injects itself to system startup, creates a few executable files inside the USB drive which look like shortcuts, hides the original folders and files inside the USB drive, copies itself into the profile folder of the current user and connects to an outside computer.

If you right click any shortcut folder inside your USB drive and go to Properties, you will be able to confirm that this is actually not a shortcut but properties of an executable file. Now let’s go through removing the shortcut virus step by step:

  1. Download Hijackthis and install it on your computer.
  2. Scan your computer with Hijackthis and preferably save the log file.
  3. Hijackthis gives your a list of entries with codes at the start of each line. Each code has a meaning. We need to look at the entries with code ’04’. These are the entries which are executed when a user is logged into the computer. These entries will display startup items for all the users in the computer.
    Hijackthis 04 entries
  4. Make sure you delete all entries which have the following file names inside them: fypuas.exe and fypuasx.exe
  5. Now open your Task Manager. Under Processes, make sure no process is running under the name fypuas.exe and fypuasx.exe
  6. Now go to your profile home folder (Run –> %HOMEPATH%), delete all files named fypuas.exe and fypuasx.exe

Hopefully the above steps will cleanup our system from the pendrive shortcut virus. Now let’s clean our USB drives and restore our data.

  1. Open command prompt (Run –> cmd) and go to your USB drive. For example, if my USB drive is E drive, I’ll need to type E: and hit the enter key. This will take me to the USB drive inside the command prompt.
  2. Run the following command:
    del *.lnk
    This will delete all files with the extension of a shortcut
  3. Now run the following command:
    attrib -h -r -s /s /d E:*.*
    This command will remove the following attributes from all files inside the USB drive; hidden, read-only, system.

Following these steps should remove the virus from the USB drive completely. If you open your USB drive folder from Windows Explorer, you will be able to see all your files and folders restored inside the USB drive.

After removing this virus, you should scan your system with a good antivirus so that it may be able to detect and remove traces of any virus inside your computer. You will be able to download AVG Internet Security 2014. If you are still having problems with this malware even after going through all these steps, please let me know through comments and we can find a solution to your specific problem together.

If you liked this post, Share it on:

Get Updates in Your Inbox

Sign up for the regular updates and be the first to know about the latest tech information

Usman Khurshid
Usman Khurshid is a seasoned IT Pro with over 15 years of experience in the IT industry. He has experience in everything from IT support, helpdesk, sysadmin, network admin, and cloud computing. He is also certified in Microsoft Technologies (MCTS and MCSA) and also Cisco Certified Professional in Routing and Switching.

62 comments

  • jamesfell
    jamesfell

    Connect your pendrive to your system.

    Launch the Command Prompt application.

    Make sure to launch the Command Prompt application with administrator rights.

    Now, type your pendrive’s letter in the cmd window.

    Tap the Enter button on your system keyboard.

    Now, enter the del *.Ink command. Press Enter

    Next, type attrib -s -r -h *.* /s.d

    Tap Enter. Now the shortcut virus will be removed from your pendrive.

    .

  • facebook
    facebook

    This is a really good article. This article follows my Pendrive to clean the virus. The problem is solved.

  • Pratik Gaur
    Pratik Gaur

    I’ve problem like this please read carefully:
    my pendrives name is PRATIK and when i open my pendrive it shows a folder with shortcut icon and the folder name shows (PRATIK 16GB) and then i open this folder it takes time to open and shows the files, but when i insert my drive into anothers PC this folder not opens and shows the folder is empty. Please i request you to solve my problem.

  • Mudike

    Thank You, easy way to recover pendrive data

  • NIMISHA JAIN
    NIMISHA JAIN

    I still could not get the solution to the problem. When i am cleaning all the shortcuts i.e. .lnk files I am getting a msg access is denied, and after that I am typing in that command (attri…) then nothing happens.

  • Usman Khurshid
    Anonymous

    Sir, I did all this and I dont know why… But there were No such files-fypuas.exe and fypuasx.exe. when hijackthis scanned the computer… So i went on to the next step of the command prompt and amazingly the problem was solved…but…. Then when i again reinserted my pendrive… The problem returned-same shortcut file of my USB…. Plz try to find a solution…i will be so very grateful…Thanks

  • ANEESH KERALA
    ANEESH KERALA

    SIR KINDLY HELP ME TO FIX MY PROBLEM
    as am having some important data on my pen-drive ,which is required very soon,
    when am trying to open my pen-drive a short cut is coming with a following message. RunDLL There was a problem with starting. \0YyOoEm8gYyWsliGg6eOQGoEkAqm8YyWwUu81. Y6Woua8YEm CUIawaslyGoUua0Eukc2iGgumoQiGC2A0YEw. THE SPECIFIC MODULE CANNOT FOUND. PLEASE HELP ME HOW TO REMOVE IT AND SAVE MY DATA.WAITING EAGRLY FOR YOUR REPLAY.
    THANKS.
    Please send a detail explanation for this ,as am not so much familiare with this.
    Y
    G

    R

  • jorj

    hello my friend i n sort of this viruses use msiecxe.exe for doing that ???
    its big problem

  • baskker
    baskker

    realy very super,ok i want system and networking technical support guide

  • Pankil Chhabra
    Pankil Chhabra

    Thanks

  • vijay

    After I entered into my usb drive I write del*.lnk but shows me is not recognised as an internal or external command operable program or batch file plz help me I used in command prompt

    • Usman Khurshid
      A
      Usman Khurshid

      There is a space between del and *. The command should be del *.link

  • chandrakala
    chandrakala

    after running the command del *.lnk i’m getting access denied..So plz tell me how to get access

    • Usman Khurshid
      A
      Usman Khurshid

      Are you running the command prompt as an administrator?

      • Abdul Rahaman
        Abdul Rahaman

        Yes even after running cmd as administrator

        • Usman Khurshid
          A
          Usman Khurshid

          Sometimes ownership is not given to the administrator in NTFS file system. Please try to take ownership of the complete folder and give yourself full NTFS permissions. Then try the command again.

          • Aditya sunil Kolte
            Aditya sunil Kolte

            My pendrive has FAT32 file system but still it’s showing access denied

      • James Creche
        James Creche

        I am and it’s giving me that problem

  • Ruchira Perera
    Ruchira Perera

    It worked for me. Thank you !

  • sushil

    Didn’t worked. When I copy my contents into my pendrive, ol were created a shortcut nd when I double click on shortcuts it shows an erorr called ‘

    • Usman Khurshid
      A
      Usman Khurshid

      Sushil you should first scan your system for viruses with a good antivirus and latest updates and then try to remove the virus from pendrive.

  • sajeed pathan
    sajeed pathan

    hello.
    i have a problem with automatic shortcuts creating in my pendrive.

    .
    also was try the very solutions but this problem not fixed.
    so i request you to plz give me solution above.
    as when i re insert my pendrive
    then the shortcut will created.
    when we click on them
    RunDLL error occures.
    .
    i.e
    \\\\\\{B2FF1C4F
    such type error msg display.
    so plz help

  • Strider X
    Strider X

    Hello,Community.

    You need to try MCShield. Lightweight software that quickly scans any usb drive on insert.Pretty sure it take care of your problems…

  • PARTHVAGHVANI
    PARTHVAGHVANI

    Sir i am not getting fypuas.exe and fypuasx.exe. this files after we apply run command

  • Natalia
    Natalia

    I have an issue, I´m trying to remove the virus but the access to the autorun.inf is denied,
    im desperate i have at least 4 pendrives with this issues and I cant access my information, if i could show a print screen of the folder maybe you could understand better. PLEASE HELP

  • Ankit

    I don’t find any process and file name fypuas.exe and fypuasx.exe. Please help me in resolving the virus issue.

  • noman ul haq
    noman ul haq

    Respected sir.
    thanks you very much for your kind support but i would like to tell you about another problem i have been facing after connecting usb drive . all the files are shown just for 5-7 seconds and suddenly they all hides and only one shortcut appears showing the size of the usb drive 8Gb(example) when i double click on it i can see all my files but its very irritating to see all the files hidden in one shortcut…….. please reply if possible to remove this problem permanently. thanks

  • core

    Eset nod32 antivirus can easily solve this problem.

  • Diego

    After trying all procedures found in different forums blah blah, as of April 8th 2015, installing many maleware, antivirus soft, etc. The following is the
    procedure that worked for me and I recommend you to try before intalling too many unnecessary software.

    If you do not know what CMD is ..then quit here, or just ask any kid or basic computer knowledgeable person to read this and do it for you.

    To CHECK you have this virus try START -> msconfig -> it will automatically close… you won’t be able to even keep the window open

    NOW RESTART WINDOWS

    start in safe mode with network capabilities (restart -> F8) If you can´t then start windows normally and unplug you pc power cord. then you will be given the option of safe mode

    download & install malewarebytes

    download & install avg

    restart system

    Control Panel -> Foler options -> View:
    – select show hidden files, folders, or drives
    – untick Hide extesnions for known file types
    – untick Hide protected operating system files
    Click OK

    Plug in infected pendrives or sdcards

    start -> cmd -> copy & paste “attrib -h -r -s /s /d f:\*.*” (without the ” ” Replacing f: with the drive of you pendrive) if more than one, repeat the command with each mounted drive letter

    widnows explorer -> go to each mounted drive -> select all files (do not open any file!) -> shift+Delete -> OK

    Now your pendrive/sdcard is empty with no infected files

    start->all programs -> maleware->tools->chameleon

    Try each “#” option until you get a comand prompt window not suddenly closed and a clean desktop background

    do not run malewarebytes, just ctrl+alt+del -> select restart -> “cancel restart” as soon as you see the option when windows is forcing to shut processes

    you are back to windows desktop with icons and all (somehow virus process is not running now)

    start -> msconfig -> startup -> disable Microsoft Windows Based Script Host

    AVG -> Full Scan

    AVG -> Options -> Virus Vault -> Virus found ASP/Backdoor -> Select and open folder location

    Delete folder (usually c:/users/user/appData/Roaming/*)

    AVG -> now clean all detected theats in Vault

    Run Full Scan of all drives with malewarebytes -> clean everything detected

    Restart Windows normally

    START -> msconfig -> it opens ! :) and no microsoft base script is listed

    Now copy a file into a mounted drive (pendrive) … wait a bit … F5 .. no shortcut created! :)

    PROBLEM SOLVED

  • piyush raj
    piyush raj

    thinks a lot but i can not get my answer

  • piyush raj
    piyush raj

    i did’t get fypuasx.exe files when scanning with hijackthis plz help me

  • Harmain Ahsan
    Harmain Ahsan

    hi ,
    i have a problem with my laptop that whenever i attach usb or memory card with it then virus attack on the data of the device
    it creats shortcuts or put all the data in 1 file

  • sruthy

    I have two. Shortcuts namely look.vb and pass.vb. I can’t copy and paste any files

    • Usman Khurshid
      A
      Usman Khurshid

      Both of them seem to be malware vb scripts. If you don’t recognize these files in your flash drive then you should probably delete them. If you have already run the autorun.inf file then you should scan your system for viruses to make sure that the system is not affected.

  • Arlene

    I have MS Security Essentials in my PC. Is it a good antivirus to detect this kind of virus? Please reply, thanks.

    • Usman Khurshid
      A
      Usman Khurshid

      While very basic, Microsoft Security Essentials is a very good antivirus which keeps most of the threats and viruses from the system.

      • panbuarasu
        panbuarasu

        i want to ask for help with you how to remove virus secure browsing in your laptop or pendrive.i have been infect with this virus. for the 1st time i face with this virus, i have format my pendrive. but this type of virus still in my pendrive. i still cannot remove it.
        help me pls

        • ash kosuke
          ash kosuke

          For virus secure browsing,first copy your file from pendrive as backup to other place and format the pendrive..Then u just need to run msconfig and untick secure browsing startup,after that, start task manager and end process secure browsing..then all work..

        • Usman Khurshid
          A
          Usman Khurshid

          panbuarasu the first thing you should do is to scan your computer for viruses. All the computers where you use your pen drive should be scanned. After completely scanning and formatting your usb drive again, share the results with us.

          Logically speaking, the pen drive does not have any viruses when it is formatted. It gets infected with viruses when it is connected with an already infected system.

  • Ana

    Thanks lot. I used this HijackThis tool way back 2008, not sure if the one i have been using is the same with this one. The icon is different. What i have been using before look like a tree with green leaves. And then, i encountered again this virus giving me head ache so i googled this tool and so happy it still does exist. Just wanted to say thank you. This helped me then, and helped me again this time. Thank you for sharing. God bless! :)

    • Usman Khurshid
      A
      Usman Khurshid

      That’s perfect Ana that it solved your problem. HijackThis tool is the same except that it has been bought by Trend Micro a long time ago.

  • stefano

    You’re a genius. Thanks a lot! It works 100% Thanks, ciao,

  • amit huda
    amit huda

    really helpful brother…..thank you very much

  • emegeve

    Thank you very much for sharing this. Works like a charm.

  • Usman Khurshid
    Anonymous

    thank u sir ur great

  • Hridom

    According to your advice,i cut the file from pendrive to Drive D: but when its completed then this file gone to hide again… And this one was a movie,i cant find it…. ** but i didnt use antivirus .. Plz give me a solution..

  • daniele trevisan
    daniele trevisan

    I solved the problem by doing a system restore. Apparently the problem was on the computer not the pendrive. After that I used a software called IMSS to clean the pendrive

  • Waad GH

    hey,
    I have the same problem as Daniele Trevisan and I didn’t find fypuas.exe and fypuasx.exe
    and used antivirus didn’t work it find the virus and ever time I deleted it come back
    and when I do full scan it appears VBS/safa.sjd virus there again and again I google it and find that it is the same USB drive virus so can you help me please.
    thank you

  • Akila Dilshan
    Akila Dilshan

    I too have had the same infection. But I had to spend a few minutes to completely remove this virus from my PC and pen drive. Here are the thing what I did… I firstly installed Eset NOD32 Antivirus 6 program on my PC. Then Activated it using User Name and Password. Then, updated it. Then, I inserted my pen drive to the PC and scanned both the PC and pen drive completely. Then, I saw that the shortcuts were deleted as they were detected as viruses. Then, using the command prompt I removed the hidden attribute of all the files and folders which were in my pen drive. The problem was solved.

  • Daniele Trevisan
    Daniele Trevisan

    Any good online scanner you can suggest? I’ve got Bit Defender installed in my PC but it did not detect the virus. I tried also Avast, Malawarebytes, Superantispyware, Smadav, but the problem is still there. I tried copying the content of the flash drive (only hidden files, not shortcut files) formatting the flash drive and then restoring the content but with no success.

  • Daniele Trevisan
    Daniele Trevisan

    Oh, I forgot to mention that I did not find the fypuas.exe and fypuasx.exe files, not using Hijackthis, not in the task manager nor in my profile folder.

    • Usman Khurshid
      A
      Usman Khurshid

      The shortcut virus comes in so many forms and flavors. I think you have encountered another version of it. You may run a virus scan of your computer to completely get rid of it.

  • Daniele Trevisan
    Daniele Trevisan

    Hello, I have read your post regarding the usb virus. I’ve had this problem for a few days now and I cannot find a solution. I have followed your steps but the system keeps regenerating the shortcuts after just a few seconds after they are deleted. Any time I insert a flash drive into the computer, all the files are converted to .lnk. Could you please tell me if there are any other solutions for this?

    • Usman Khurshid
      A
      Usman Khurshid

      If it’s appearing again and again that means your system is infected. You will need to scan you system with a good antivirus. You may use the online scanning option if you don’t want to install an antivirus on your computer.

  • IGEDHE

    I have that virus but after I followed your helps I can find the fypuas.exe and fypuasx.exe in my computer..
    But the shortcut virus is exist, please help me..
    Thanks

    • Usman Khurshid
      A
      Usman Khurshid

      After following the steps above, you will need to scan your computer with a good antivirus to get rid of the pendrive virus completely. Did you scan your computer for threats?

  • thomas

    am havin a problem deleting the fypuasx.exe files

    • Usman Khurshid
      A
      Usman Khurshid

      What error message do you get while deleting fypuasx files? Tell me the exact problem you are having ..

      • thomas

        i deleted all the codes 04 after scanning with hijackthis but now i wanted your help in deleting the other fypuasx files in the task manager and the rest

        • thomas

          could you like please help me in detail cos i really want to remove this virus from my computer

Leave your comment