Shortcut virus might cause bigger damage than making your files unreachable
Shortcut virus is a Trojan horse that is designed to transform files on the corrupted device into shortcuts. Thus, it makes data inaccessible. However, the vast majority of antivirus can detect this cyber threat as a Trojan.VBS.TTE (B), Worm:VBS/Cantix.A., Troj/Agent-NXIMal/FakeAV-BW, and other names.
Shortcut malware spreads via portable devices, such as USB drives, Pen-drives, SD cards, etc. However, they might affect desktop computers and laptops. Most of the time it happens when user connects infected external device to the PC. Due to the operation peculiarities, security researchers excluded three main versions of the virus:
- Flash drive shortcut virus;
- File shortcut virus;
- Folder shortcut virus.
However, the latter two – File and Folder viruses – are often combined and referred to as File and Folder shortcut virus. Despite slightly different behaviors, the termination of these cyber threats remains the same. The best way to remove Shortcut virus is to employ Reimage or another malware removal tool and scan the device.
The specifications of Flash drive shortcut virus
This version of Shortcut virus can infect USB, SD cards or any other portable device. As soon as it infiltrates, it puts all the files stored on the device into a hidden folder. Then it creates a shortcut.exe which prevents from accessing personal data.
However, execution of shortcut.exe may lead to even bigger problems. This Trojan horse might act like spyware or keylogger. Thus, it might collect personally identifiable or even banking-related information. Therefore, immediate Shortcut virus removal is needed.
The main features of the File and Folder shortcut virus
This version of Shortcut malware aims at files and folders. On the affected device, it hides and replaces files with these extensions:
- file.ini (desktop.ini);
After the Shortcut virus hijack, it might also install other malicious software to the affected device which might pose a danger to victim’s privacy. Thus, this malware might monitor and even steal personal information, including credit card details.
Virus takes advantage of Windows Autorun and Autoplay feature
Users can get infected with malware if they:
- do not scan an external device with an updated antivirus once they connect it to the computer;
- plug in a portable device to the infected computer;
- download malicious programs or files.
Security experts from Norway say that Shortcut virus is a popular cyber threat that spreads via USB and other external devices. When a user connects an infected device to the computer, malware exploits Windows Autorun and Autoplay feature.
The virus uses a vulnerability in a way how Windows operating system handles shortcut files. Shortcut files with .lnk extension belong to Windows and are designed to run various programs when a user clicks on it. However, this USB malware does not need victim’s click in order to be executed. It can be launched automatically.
Thus, to avoid this cyber threat, users are suggested to use reputable and updated antivirus to scan all attached external devices. Additionally, do not connect USB or other gadgets to other computers if you are not sure that they are virus-free.
Instructions on how to remove Shortcut virus
Nevertheless, it is recommended to remove Shortcut virus using malware removal software, such as Reimage, Malwarebytes MalwarebytesCombo Cleaner or Plumbytes Anti-MalwareMalwarebytes Malwarebytes; there are also few ways how you can get rid of it manually. However, if you choose manual elimination, please follow the instructions carefully.
Method 1. Delete the virus using command prompt
- Go to Run.
- Type cmd and click OK button.
- Connect the infected removable drive.
- Enter this command to the command prompt window: attrib -h -r -s /s /d e:\
NOTE: instead of e: you have to write the name of the infected removable drive.
- Press Enter.
- The virus should be eliminated. Furthermore, you have to copy and save necessary information from the removal drive.
- Then format a removable drive. Once it’s done, you can copy back previously saved data.
Method 2. Shortcut virus removal using Registry editor
- Open Windows Task Manager by clicking Ctrl + Shift + Esc on a keyboard.
- Go to Process tab.
- Find process .exe.
- Right-click it and choose End Process.
- Access Registry editor: Click Windows key + R and type regedit.
- Click Enter.
- In the Registry editor, navigate to this key:
- Find odwcamszas.exe and delete it.
- Restart the computer to save the changes.
Method 3. Tweak CONFIG to eliminate Shortcut malware
- Access Temporary Files folder by entering %temp% in Run.
- Find .vbs and delete it.
- Open Run and type msconfig.
- Go to Startup Tab.
- Delete vbs.