Shortcut Virus

Shortcut Virus Remover
A shortcut virus hides your files and replaces them with shortcuts

Shortcut Virus, is a malicious program that messes up with files on the disks. It is a rather old type of threat, that targets to mischief the user, rather than get any profit. There could be several ways to solve the issue – manual as well as with the use of specialized software.

What is Shortcut Virus?

Shortcut Virus is a type of malware that makes the data look as lost, turning all the files into shortcuts. The virus modifies the file structure on a USB drive, replacing real files and folders with shortcuts with the same icons and names. This tricks the user and causes the virus to launch when they try to open the file. However, the original files are usually hidden or moved to a hidden partition.

Shortcut Virus Infection Chain

The virus spreads primarily through USB devices and automatically copies its executable file to the device. This file is usually saved in the root directory of the USB drive and disguised as a safe, familiar file using common icons and names such as “My Documents” or “Recycle Bin”. It also actively uses the autorun functionality via the Windows registry. This allows it to run malicious code as soon as the device is connected to the computer. The “.lnk” files are a key element of this process, as they can be executed automatically and mask the launch of the malicious executable.

Some users want to re-use old drives, that potentially contain this malware. But for many, it is a risk to plug it into their current computer and infect it. And that leaves the question: how to safely recover files or format a hard drive?

Question about Shortcut Virus
Question from a user on a Reddit forum.

How Is Shortcut Virus Dangerous?

Shortcut Virus poses a serious threat to users who regularly use removable media. The main dangers associated with this virus include:

  • The worst part is that the virus can also hide or delete the original files on the USB drive. This often results in the loss of important information that may be difficult or impossible to recover.
  • Shortcut Virus easily and stealthily spreads from one device to another, infecting all USB devices connected to the infected computer.
  • Shortcut Virus can function as a Trojan by collecting user’s personal data such as passwords, financial information and other sensitive data.
  • Once on system disks, the virus can disable or compromise a computer’s security, making the system more vulnerable to other malicious attacks.

How to remove Shortcut Virus?

Shortcut Virus removal requires a careful approach to not only get rid of the virus but also to restore access to the original files.

Step 1: Disable USB device autorun

To prevent the virus from automatically starting when USB devices are connected, disable USB device autorun:

  1. Open “Registry Editor” (press Win + R, type regedit and press Enter).
    run regedit
  2. Navigate to the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer path.
    Registry Editor
  3. Create or modify a DWORD value named NoDriveTypeAutoRun and set the value to 0xFF to disable autorun for all disk types.
    DWORD value
  4. Step 2: Cleanup the registry

    Since the virus can create registry entries to run automatically, you need to clean the registry:

    1. Open “Registry Editor” (press Win + R, type regedit and press Enter).
      run regedit
    2. Navigate to:
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

      Registry Editor
    3. Remove any suspicious values that may run malicious files on system startup.
      Suspicious value related to Shortcut Virus

    Step 3: Manually Removal

    Several commands can be used to manually remove Shortcut Virus via Command Prompt, including cleaning malicious files:

    1. Open “Command Prompt” (Type cmd in the search box and click “Run as administrator” to open elevated Command Prompt.).
      cmd in the search box
    2. The virus often hides the original files and replaces them with shortcuts. To display them:
      attrib -h -r -s /s /d G:\*.*
      “G:\” – the drive letter of your USB device.
    3. First, remove any shortcuts that the virus has created. These shortcuts may be the source of the infection:
      del G:\*.lnk
    4. Next, remove malicious executable files that are usually hidden in the USB root or system folders:
      del G:\*.exe
    5. Check the C:\Windows\, C:\Windows\System32\, and C:\Users\[username]\AppData folders for malicious files and delete them.

    Be very careful when using the command line, especially when working with uninstall commands and registry editing. Incorrect actions may cause damage to the system.

    Shortcut Virus Remover

    To remove Shortcut Virus, one of the most effective approaches is to use specialized antivirus software that can detect and remove complex malware. One of the recommended tools for this task is Gridinsoft Anti-Malware.

    Gridinsoft Anti-Malware features fast scanning speeds and the ability to detect various types of malware, including Shortcut Virus. It also provides in-depth system and USB device scanning. This allows you to detect and remove hidden and standalone viruses that may not be noticed by standard antiviruses.

    GridinSoft Anti-Malware main screen

    Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

    After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

    Scan results screen

    Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

    Removal finished

By Stephanie Adlam

I write about how to make your Internet browsing comfortable and safe. The modern digital world is worth being a part of, and I want to show you how to do it properly.

Leave a comment

Your email address will not be published. Required fields are marked *