A computer virus can come from just about anywhere — even removable storage devices. When an infected USB flash drive finds its way to your PC, it will be activated thanks to a built-in Windows function called AutoRun.
Fortunately, there is a way to disable the feature.
In this article, we’ll show you how you can remove the shortcut virus using the command prompt and safeguard your computer from future attacks. What Is AutoRun?
To understand what a shortcut virus is, you need to know what AutoRun does and why it does it.
Windows launches a file called autorun.inf when external devices (USB, memory card, CDs, DVDs, SD cards) are plugged into the computer. Features like AutoRun are designed to improve the PC experience.
In most cases, they aid non-technical users by automatically launching applications found on external devices like pen drives instead of having them manually navigate important files and folders.
The best example would be the installation CDs that come with the programs you purchase. Each CD would likely have an autorun.inf file so the installer would launch as soon as you insert the CD in your computer.
Make sure to read my previous post on the difference between autorun and autoplay, which are similar, but different. How Does a Shortcut Virus Work?
Unfortunately, the AutoRun feature had been abused by some malicious people. A virus from USB flash can now be attached to autorun.inf so both would launch at the same time. This means you’re essentially installing a virus the second you plug in your USB.
What the virus does would depend on what it’s been programmed to do. Some are known to add what’s called a keylogger to your system. This would allow hackers to track your keystrokes to steal personal information like passwords and banking information. Disabling AutoRun
While AutoRun is a great feature, disabling it might be the best way to prevent infected autorun.inf files from doing damage.
Here are the steps you should follow to disable Windows AutoRun:
Go to Settings (Windows + I) > Devices > AutoPlay.
Disable AutoPlay by switching the toggle to the Off position.
Note: You can also use the drop-down menu to select the default action whenever you insert an external device. Deleting the Autorun.inf File
If you suspect that your USB drive has a virus, deleting the autorun.inf file will prevent the virus from launching.
Here’s how to delete the autorun.inf file by running CMD otherwise known as the command prompt:
Open Run and type CMD to open the Command Prompt.
Enter the USB drive letter (example: “G:” or “F:” without the quotation marks) and press Enter.
Type ATTRIBUTE -H -R -S AUTORUN.INF in the command line then press Enter.
Type DEL AUTORUN.INF and press Enter.
Here’s how to delete the autorun.inf file using Windows Explorer:
Launch Windows Explorer (Windows + E).
Open the USB drive found on the left-hand side panel. This action will show you the content of the USB.
Select autorun.inf from the list and press Delete.
Note: Autorun.inf is usually a hidden file. Make sure you have Show Hidden Files enabled by going to View and ticking Hidden Items.
Deleting the autorun.inf file through either method should help keep your computer safe from malicious virus. However, you should use an antivirus software to scan your USB drive for malware immediately after as an added security measure.