A computer virus can come from just aboutanywhere — even removable storage devices. When an infected USB flash drivefinds its way to your PC, it will be activated thanks to a built-in Windowsfunction called AutoRun.
Fortunately, there is a way to disablethe feature.
In this article, we’ll show you how youcan remove the shortcut virus using the command prompt and safeguard yourcomputer from future attacks.
What Is AutoRun?
To understand what a shortcut virus is,you need to know what AutoRun does and why it does it.
Windows launches a file calledautorun.inf when external devices (USB, memory card, CDs, DVDs, SD cards) areplugged into the computer. Features like AutoRun are designed to improve the PCexperience.
In most cases, they aid non-technical usersby automatically launching applications found on external devices like pendrives instead of having them manually navigate important files and folders.
The best example would be the installation CDs that come with the programs you purchase. Each CD would likely have an autorun.inf file so the installer would launch as soon as you insert the CD in your computer.
Make sure to read my previous post on the difference between autorun and autoplay , which are similar, but different.
How Does a Shortcut Virus Work?
Unfortunately, the AutoRun feature hadbeen abused by some malicious people. A virus from USB flash can now be attachedto autorun.inf so both would launch at the same time. This means you’reessentially installing a virus the second you plug in your USB.
What the virus does would depend on whatit’s been programmed to do. Some are known to add what’s called a keylogger toyour system. This would allow hackers to track your keystrokes to stealpersonal information like passwords and banking information.
While AutoRun is a great feature,disabling it might be the best way to prevent infected autorun.inf files fromdoing damage.
Here are the steps you should follow todisable Windows AutoRun:
Go to Settings (Windows + I) > Devices> AutoPlay.
Disable AutoPlay by switching the toggleto the Off position.
Note: You can also use the drop-down menu to select the default actionwhenever you insert an external device.
Deleting the Autorun.inf File
If you suspect that your USB drive has avirus, deleting the autorun.inf file will prevent the virus from launching.
Delete Using CMD
Here’s how to delete the autorun.inf fileby running CMD otherwise known as the command prompt:
Open Runand type CMD to open the CommandPrompt.
Enter the USB drive letter (example: “G:” or “F:” without the quotation marks) and press Enter.
Type ATTRIBUTE-H -R -S AUTORUN.INF in the command line then press Enter.
Type DELAUTORUN.INF and press Enter.
Delete Using Windows Explorer
Here’s how todelete the autorun.inf file using Windows Explorer:
Launch Windows Explorer (Windows + E).
Open the USBdrive found on the left-hand side panel. This action will show you the contentof the USB.
Select autorun.inf from the list and pressDelete.
Note: Autorun.inf is usually ahidden file. Make sure you have Show Hidden Files enabled by going to View and ticking Hidden Items.
Deleting theautorun.inf file through either method should help keep your computer safe frommalicious virus. However, you should use an antivirus software to scan your USBdrive for malware immediately after as an added security measure.