How I beat shortcut virus

​A few days ago, I repaired an external hard drive of a friend who’s drive happens to be infected by a shortcut virus, which hides your files in a hidden folder and makes you think they’re gone or corrupted, and makes you think  you have nothing to do other than to reformat your hard drive. I repaired his drive by going into Safe Mode, ticking “Show hidden items, folders, and drives”, “Hide extensions for known file types” and “Hide protected operating system files” on the Folder Options Advanced settings. I deleted the Javascript and batch file associated with the problem, and before I go out of Safe Mode, the problem didn’t came back. Or so I thought it didn’t.

Although it did ultimately repaired my friend’s external hard disk drive, little did I know that it already infected my computer. Just yesterday, I noticed that when I inserted my USB thumb drive; I was surprised that the same thing is happening again. “No worries”, I said. I simply did all the things I did before. I entered Safe Mode, enabled “Show hidden items, folders, and drives”, “Hide extensions for known file types”and “Hide protected operating system files” on the Folder Options Advanced settings and deleted the batch file named “Drive.bat” and a hidden folder with a Javascript file. I even reformatted the thumb drive for good measure. Upon restarting the computer and after booting normally, the problem is back. That’s where I started to think that the computer is infected. Baffled, I started finding answers on the Internet, which often advices to download various anti-malware programs. I already have Avira as an antivirus but it didn’t detect the shortcut virus. Nonetheless, I did downloaded all the programs said to remove the malware. The next problem is, the virus won’t let me open them. Frustrated, I thought of pinpointing the virus’ source myself. I ran Task Manager and look for suspicious programs running in the background. There, I saw two very suspicious-looking programs named gorajol.exe and txnqegjc.exe. I opened their file locations and saw that they are residing in the AppData/Roaming folder, inside a folder named kdrfddg. Obviously, this is a red flag. I tried killing them using Task Manager but they’ll just simply pop right back. Next step, I ran gpedit.msc (Local Group Policy Editor), enabled “Don’t run specified Windows applications” policy and added the suspicious programs on the “List of disallowed applications”. After that, I went back to Task Manager to kill those programs, and upon doing so, my computer shuts down after a few seconds. Aha! So you finally showed yourself. I once again entered Safe Mode, opened the AppData/Roaming folder and deleted the folder where the suspicious programs resides. After that, I ran CCleaner to clean the files and registry, then restarted the computer and booted normally. Voilà! Problem solved. I didn’t know it was that simple. And I didn’t even used an anti-malware program to begin with. 

Advertisements
This entry was posted in Tech and tagged , . Bookmark the permalink.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s