How to Remove an Autorun Virus from Your Flash Drive
Clean Your Drive Even If the Command Prompt is Blocked
First, it was just a few of the old Macintosh computers. They would load an autorun.inf file and a hidden .exe file onto my flash drive whenever I used them. Pain in the butt, yes. Major problem, no. I could easily clean the files off my flash drive.
At the end of last year, we got a whole new set of Dell PCs in school, and the virus eventually spread to them. I can't clean the virus off the PC in my room, thanks to the permissions set by the system administrator. My only choice is to watch the flash drive and continue to manually clean it off every time it gets infected.
How do I do it? It's simple. As long as you're brave enough to use the command prompt.
[Note: If the command prompt is disabled on your networked computer, skip to the end for a workaround solution.]
The Command Prompt...?
You've never used the command prompt before? Oh, you must be new to computers...
I'm not so old (25 years old), but we owned our first family computer a long time ago. You know, before Windows existed. When you had to type commands into the computer (MS-DOS) to get things to happen.
Thanks to this experience, I'm familiar with the command prompt - which continues to exist in Windows XP and Windows Vista, although it's nicely hidden away. It's not as scarey as you think, and a few quick commands will let you clean off your flash drive.
First, you need to open up a command prompt window. In Windows XP, you can go to the Start menu, select run, and type "cmd." In Vista, you can open the start menu and type "cmd" into the search box. Both methods will lead to the same outcome - a small black box will open up with a blinking cursor.
Now, you have to navigate to your flash drive. To do so, you need to know what letter your flash drive is assigned to. This can vary a lot depending on the way your system is set up. When you open up "Computer" or "My Computer," you should see your flash drive listed - along with a letter and a colon. A lot of systems will list a USB flash drive as "F:" but my system lists it as "M:". Figure out what letter (hint: it'll be between D and Z) is assigned to your flash drive, and then type the letter and a colon into your command prompt window. Hit enter.
Did you expect something spectacular to happen? Hope not. If you got some kind of error message (like "Device not ready"), you typed the wrong letter. If your command prompt now looks something like "M:>" you did something right. You can double check by typing "dir" into your command prompt and hitting enter.
If all is well, you should see a list of files and directories that are on your flash drive ("dir" is short for "directory," and tells the command prompt to list the contents of the current directory). If your flash drive is infected with some version of the autorun virus, though, you probably won't see autorun.inf listed. Why? It's hidden.
Doh! You might see the file listed in Windows Explorer, because you can set that to show you hidden files. You can do something similar in the command prompt. Type "attrib" into the command prompt and hit enter.
This will list all files on your flash drive that have special attributes - like "hidden" or "read only." The file name is listed on the right, and its attributes are listed on the left (A = Archive, S = System File, H = Hidden, R = Read Only). Some of these files are ok, but a hidden autorun.inf and a hidden executable file (something ending in ".exe") are causes for concern.
To clean these files off your flash drive, you need to delete them. But you can't just do it straight away... that would be too simple.
The command prompt won't let you delete certain files - like hidden or system files. First, you need to clear these attributes away. You can do this with the following command: attrib -s -h -r autorun.inf
That removes the system, hidden, and read-only attribute from the autorun.inf file. After that, you can type del autorun.inf into your command prompt, and autorun.inf will go *poof* into oblivion!
You should repeat this process for any hidden executable (.exe) files on your flash drive. For example, if there was a file "student.exe" on your flash drive, you would type...
attrib -s -h -r student.exe
Doing this will clean the autorun file and the executable file off your flash drive. It will then be clean from infection... until you put it back into an infected computer.
But I Can't Get to the Command Prompt...!
Unfortunately, network systems administrators like to restrict your access to things like the command prompt. They think you might use it for naughty purposes - not for cleaning up after their mistakes.
If you don't have a "Run" option in XP, or if you get an error message like "The command prompt has been disabled by your administrator," you just have to be a bit more creative.
You can run any command that you want from a batch file (*.bat), as if you were typing it directly into the command prompt. You can create one of these batch files in Notepad. Open a new file. Click on "File -> Save As." Under "Save As," choose "All files." Then enter a filename ending in ".bat." For example, I named my batch file "clean.bat" - because it's intended to clean my flash drive.
Now, type the commands you want to run into the file. If you know that the autorun virus on the computer always creates an autorun.inf and a student.exe file, you can clean them up with the following lines...
attrib -s -h -r autorun.inf
attrib -s -h -r student.exe
If you open your flash drive in Windows Explorer or My Computer, you should see your batch file (like clean.bat). Double click on it, and a command prompt window will briefly open up while the commands are executed. For this quick batch file, the window will probably be gone before you know what happened... but it will have cleaned up the mess!
What If I Don't Know What Files are Created...?
A final tip. Let's say you don't know the name of the executable file that is being created. You can use a command prompt tool (wild cards) to handle this situation. Rather than typing in the actual ".exe" file, type in "*.exe". The command prompt will then run the command on every executable file in the directory.
So, your batch file should look something like this...
attrib -s -h -r autorun.inf
attrib -s -h -r *.exe
Warning: If you have any other executable files in the root directory of your flash drive, they will also be deleted. This is not a problem if you organize all of your files into directories.
Now that you've created this batch file to clean up the virus, go talk to your system administrator. Tell him or her to get up off their lazy butt and wipe the virus off the networked computers! Then you won't have to go to all this trouble...
Published by Brian Rock
I m an educator, a photographer, and a writer. I work as a high school teacher in New Jersey, teaching social studies. I ve worked with every grade level, and I ve taught every level of course from specia... View profile
- Autorun viruses are a pain, but you can clear them off your flash drive in the command prompt.
- Use the "attrib" command to take the "read-only" attribute away from a file.
- If you can't access the command prompt, write a short batch file to do the work for you.