USB Flash drives have become vastly popular during recent times. Almost everyone who work in the IT industry (and many other industries) nowadays possess one of these magic sticks. Ease of use, good performance and large capacity have made the flash drives a must have for most individuals who work with computers. But one should be extremely careful when plugging your flash drive to public computers. Uninvited visitors may sneak into your PC through USB flash drives and may screw your computer and destroy data.
Judging by the emails we get, one of the most common viruses that spread through USB drives is the 'New Malware.j' (McAfee detection) virus. you'll know that you have this virus when folders in your flash drive (or hard drive) are converted to .exe files which cannot be opened in explorer. Hold on to your testicles. Your data is not lost. You can recover the folders using a simple attribute command.
1. Open start menu --> run. Type cmd and press enter. Command Prompt will open.
2. Navigate to the drive/folder which contains the screwed up folders (.exe files with folder name), using the command prompt. Note: Don't execute the command on your system drive, on which Windows is installed. (you will not be able to do so even if you tried)
3. Execute the following command to restore folders.
X:\attrib -S -H *.* /s /d
(Where X is the name of drive which was affected by virus)
4. Browse to location using my computer. You should be able to see the lost folders now. It is now safe to delete the .exe files with folder names.
If only one folder is affected, you can use the following attrib command to recover it:
X:\attrib -S -H C:\ScrewedLocation\Foldername /s /d
(Where ScrewedLocation is the parent folder and Foldername is the name of affected folder.)
What this virus does is simple. It doesn't delete any of your folders. Instead, it uses the attrib command with +S and +H switches to make the folders hidden, system folders. Once a folder is given +S, it will not be visible in explorer (even with hidden files on) because Windows File Protection will treat it as a protected system folder.
Another virus that circulates via flash drives is the RavMon virus. Symptoms of infection will be that .exe files with the same name as folder names created in every directory of flash drive including inside subdirectories. You pendrive's autorun menu will default to a program named "Auto". You will not be able to double click and open the pen drive from my computer.
Usually, a format of the pen drive should get rid of the virus. but before that, make sure you use an AntiVirus app to scan and clean the infected exes or delete them manually.
Recommended Anti Virus application by FILEnetworks is: McAfee VirusScan Enterprise 8.5i + AntiSpyware module enterprise 8.5i or later. Whatever the AntiVirus app you sure, make sure you keep it updated with latest definition files.