The Flashdisk Data can not be opened? Solved virus VBS Shortcut

A few days (weeks), I have been receiving a lot of 'patients' were exposed to the virus (worm to be exact). Laptop and flash relatives, neighbors and friends turned out to be much affected by the virus, which after checking, it turns out all kind of virus. All data on the flash can not be opened or suddenly 'disappear' from view.

When the USB drive is inserted into a computer that is infected with the virus, just all of the data in the flash is turned into a shortcut and the data in it 'disappeared'. After the check turns out to all affected by the virus (worm) that is identical (same), which is a small script which is a program code in Visual Basic (Visual Basic Script or VBS).

This worm name change and using a random name, for example arejwygjro..vbs, uwpkhsaqup..vbs and others. When the virus is already running on your computer, so no flash is included, all files and folders in it will be hidden (hidden), and a shortcut will be replaced with the same name as the file name and the folder contents of the flash, so for those who are less observant feel flashdisk safe. Do not forget it also copies the virus itself (a vbs file) with random names as I have mentioned.

All the shortcut on the flash if the run (DoubleClick) , then it would actually run a vbs file (the worm or virus) that has been previously copied and the computer will be infected with this virus . This virus will automatically run (always active) when the windows were lit and will infect a new flash when inserted. 

Detecting the presence of the virus VBS 

How to detect the presence of this virus is quite easy. Just use a software named Autoruns (actually this software is  "mandatory" must-have computer users) . When autoruns run , check the tab "Logon" , then when there is an application or a list of files of type VBS in some places (usually more than 2 points) , and active (a check mark) , it is likely a sign of computers already infected with the virus . As shown in the following figure.Just to make sure , put simply flash a clean (not exposed to the virus) to the computer . If in the flash files and folders lost and replaced with shortcuts , it is certain the virus is active (running) on the computer . Do not do if not sure of this or a lot of important data in the flash.

Eradicate the virus VBS

This virus is actually quite easy to remove, just follow these steps, and make sure the Autoruns program is already on the computer and place it in the location that will be easy to open, for example, drive D: or C:. do as follows: 

1. Restart the computer, and then press the F8 key repeatedly until a lot of options to get to a computer (Windows)
2. Select "Safe Mode". Guide to get into Safe Mode can also be read in my previous writings Safe Mode, Benefits and Uses.
3. After successfully entering Safe Mode, if the user's choice, first select Administrator (usually without a password).  
4. Once inside the windows, looking Autoruns program that previously had been prepared, and run.  
5. Select the tab "Logon" and see the list of files that a VBS file. Delete all the vbs file from the list (or if you do not want to remove, it could also just unchecking it in order not to automatically run on your computer) 
6. Once completed, before entering Safe Mode if there are multiple users other than the administrator, repeat steps 1 through 5 for the other users.  
7. After that, restart the computer again, this time let the computer go into a normal state (not safe mode) and should no longer active virus on the computer. If previously removed from Autoruns not open again autoruns and remove from here (unless you want collect it).

Why should of Safe Mode? because of the safe mode, the virus will not be active, so it is easy to remove or disable access to it. To make sure the computer is no longer the file, the search can be done with the file extension to *.vbs. But keep in mind that not all vbs file is a virus, so be careful not to carelessly delete. This virus usually uses random names and the amount is above 100 KB or thereabouts.

Restoring data in the USB flash

Once the computer is clean from viruses, then the next step is to remove the virus and restore the data in the flash if any. The first step is to remove the virus and the shortcut on the flash, then restore the data.

1. Hold down the SHIFT key on the computer / laptop and insert the flash. Pressing and holding the SHIFT key is for security, ensuring that no program in flash that directly executed without the user's knowledge (autorun.inf).
2. After that delete all files and folders, which are shortcuts (please see the TYPE column in Windows Explorer). Make sure that the shortcut is removed, and no mistake doing double click (open shortcut). 

3. To restore all the data hidden viruses, can use my creation program "Hidden Files Tool" or directly via the Command Prompt. Please select one or if the Hidden Files Tool there is not successfully displayed (for example filenames using unicode letters: Arabic, Chinese, Japanese, etc.) can be added using the Command Prompt. 

• Using Hidden File Tool, click the Browse button and select the flash drive. Then click the - = SEARCH = -. Once the results are displayed, select all the items (click on the top file, press and hold down SHIFT and click the last file). Then click the APPLY button, so that all the files and folders on the flash will pop up all. 
• Using the Command Prompt. Open Command Prompt via the Start Menu> Run and write or type: CMD and Enter. Or via the Start Menu> All Programs> Accessories> Command Prompt. Then type the letter is the drive flashdisk. For example, the flash is on drive E, type E: (E followed by a colon) and press Enter. After successfully performing the E:\> in the command prompt screen, type the following command: ATTRIB -S -H -R *.* /S /D then press Enter.

If a virus / worm VBS could not be solved by means of the above, please write in the comments or email me directly. Hopefully this article useful.