Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

USB Flash Drive Shortcut Virus

Created: 09 Aug 2012 • Updated: 10 Aug 2012 | 16 comments

Hi, I do not know why I can't access to my external memory after it had been diagnosed with the virus. I tried to use attrib -r -a -s -h/  command to rescue, but it was not successful. When I tried to run this command, the command was denied. The worse part was, I also cannot access to those shortcut folders which I used to access despite being a shortcut.

I have got this virus for a few times on all my external storages. Ususally, I used Antivirus scan from other engine provider like AVG and Avast. This time, I was using the Symantec Endpoint Protection.

Would you kindly advise, what should I do to restore & gain access to my folders again? Thank you so much.

Comments 16 CommentsJump to latest comment

Ho19's picture

Hi Ashish,

 

I will try it out. Thanks for your sharing.

 

B Regards,

Mithun Sanghavi's picture

Hello,

In your case, it is advisable to follow few important steps:

1) Make sure all these machines are Patched with ALL Latest MS security patches and service packs.

2) Make sure the machines are installed with the Latest Symantec virus definitions.

3) Disable the Autorun Feature on the machine.

Preventing a virus from using the AutoRun feature to spread itself

http://www.symantec.com/business/support/index?page=content&id=TECH104447

Later, incase of suspicious activity still happening, then follow the steps provided in the Article below:

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

Check the below articles on handling infections.

Best practices for troubleshooting viruses on a network 

http://www.symantec.com/docs/TECH122466

Security Best Practice Recommendations 

http://www.symantec.com/docs/TECH91705

How to Use the Web Submission Process to Submit Suspicious Files

http://www.symantec.com/docs/TECH102419

Security Response recommendations for Symantec Endpoint Protection settings 

http://www.symantec.com/docs/TECH122943

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

cus000's picture

You mean external hard drive?

 

What is the virus name? What error you get when you tries to access it? "Acces denied" ?

Fabiano.Pessoa's picture

Hi

Try running this command in safe mode, if you can run, it is certain that some record of the virus is still on your machine.
Soon after it executable, try performing a scan with your protection in the same safe mode, so that the virus does not become invisible in his compositions.
It's too bad to have to follow many steps or read many things to find a solution, even when you're having problems like that. I know very well that while you may be reading a tutorial an attacker to steal your data. then go to the solution ok?
If you follow the steps and work out, let me know, any questions I am available.

Big hug.

 
 

 

Fabiano Pessoa

Systems Analyst - Forensic Expert

kavin's picture

does you external hd gets detected on the system? if not then does it load in the Devicemanager ,and when you try to access what happens?

Ho19's picture

The strange part is that, I realised that my folders are still not accessible after I scan for virus. I checked on the properties of the folder, I saw that the path had gone wrong. But, I can't reset it back.

I did considered to do a backup, before I format. But, the folders failed to get copied. All these, after I used Norton Endpoint. I not sure what went wrong.

 

Kindly advise, thank you so much.

 

Regards,

Screenshot.JPG
Ashish-Sharma's picture

Do you have check USB Flash Drive another system are you able to accessible ?

 

Thanks In Advance

Ashish Sharma

 

 

Ashish-Sharma's picture

You can attached your usb Flash drive another system and try are you able to Open /take folder back up ?

Thanks In Advance

Ashish Sharma

 

 

Ho19's picture

I have not tried it. Previously, I encountered the same virus. I used the Avast to solve it easily on a different computer without trouble. Now, I not so sure did Norton Endpoint made any system file changes to my Flash Drive during or after the scan.

Fabiano.Pessoa's picture

Hi Ho19

Check in safe mode windows you can access your folders normally.

Fabiano Pessoa

Systems Analyst - Forensic Expert

Fabiano.Pessoa's picture

Hi

Try giving the command ATTRIB-H-R-SC: \ your folder name \ *. *

Fabiano Pessoa

Systems Analyst - Forensic Expert

Fabiano.Pessoa's picture

Hi,

is good to use a data recovery as MiniTool Power Data Recovery. This program, however, goes beyond the simple act of helping you recover deleted files, it is also able to recover damaged or lost partitions as well as data on portable devices (such as USB drives and MP3 players) and media (CDs and DVDs).
The free version of MiniTool Power Data Recovery is suitable for home users and organizes its five different retrieval functions in a menu. You choose what kind of action you want to perform, configures the task and you can recover what was lost
According to the developers, this is the most powerful feature of MiniTool Power Data Recovery. It is indicated for times when you try to access a disk or partition and receives a message like "You want to format this drive?". Before leaving for the formatting, you can try to correct the mistakes to avoid losing any data.
The MiniTool Power Data Recovery displays all partitions and drives present on the computer, then just select one and start scanning for everything that is damaged and can be recovered. This module supports MBR partitions, Windows Dynamic, simple volumes, RAID-5 and more.

 
 
Desfazer ediçõeshugs
 

 

Fabiano Pessoa

Systems Analyst - Forensic Expert

Ashish-Sharma's picture

Hi Kindly run this and check are you able to open or not Drive.

ATTRIB [+R | -R] [+A | -A ] [+S | -S] [+H | -H] [[drive:] [path] filename] [/S [/D]]

 

+ Sets an attribute.
- Clears an attribute.
R Read-only file attribute.
A Archive file attribute.
S System file attribute.
H Hidden file attribute.
/S Processes files in all directories in the specified path.
/D Process folders as well.

Same Issue https://www-secure.symantec.com/connect/forums/my-local-disk-do-not-open

Thanks In Advance

Ashish Sharma