What is Shortcut virus?
Shortcut virus is a fusion or combination of Trojan and Worm that keeps your files and folders hidden. Then, creates a shortcuts decoy of all of your files with .exe, .lnk and.vbs extensions.
It’s a worm since it has the ability to replicate itself over and over again. Trojan because of its stealth behavior, you will never know that it’s already in your computer system. How it infects USB Flash drive and computer?
If you insert a shortcut virus infected flash drive into your PC, most likely, the computer will get infected. On the other hand, if the computer is infected, any flash drive or portable device you plug into it will also get shortcut virus.
Why my PC and Flash drive files became shortcuts? Definitely, that question is the very reason why you are here. Another question that you might ask is, “I have an antivirus but how come I still got infected with this shortcut virus?” The short answer is, not all antivirus can detect shortcut virus.
However, the good news it’s not that hard to remove. In less than a minute you can easily remove, terminate and prevent shortcut virus from your computer by yourself. All you need is to follow the step by step guide below.
Recommended reading: 7 Signs of Virus infected flashrive
- Types of Shortcut Virus?
- File and Folder Shortcut virus.
- Flash Drive Shortcut virus.
- Shortcut virus first aide (things you need to do before removing shortcut virus).
- How to remove shortcut virus easily in 4 clicks using shortcut virus remover?
- How to remove it using CMD/Command Prompt?
- How to remove shortcut virus via registry?
- How to delete shortcut virus effectively and permanently?
- How to block and prevent shortcut virus?
Recommended reading:11 ways to prevent computer viruses
Shortcut virus has two types; the most common is Flash drive Shortcut virus, then the File and Folder Shortcut virus. These two includes the following shortcut virus variants:
- Emsisoft – Trojan.VBS.TTE (B), Trojan.Generic.7206697 (B).
- ESET – VBS/Autorun.EY worm, Win32/Ramnit.A virus.
- Microsoft Security Essential – Worm:VBS/Cantix.A.
- McAfee – VBS/Autorun.worm.k virus.
- AVG – VBS/Worm.BH.
- Bitdefender – Trojan.VBS.TTE.
- ClamWin – VBS.Agent-35.
- Quickheal – VBS/Canteix.AK.
- Sophos – Troj/Agent-NXIMal/FakeAV-BW, Mal/Bundpil-LNK.
- ClamAV – W32.Trojan.Starter-2, W32.Exploit.CVE-2010_2568-1.
- Avira – W32/Sality.AB.2
- SmadAV – VBS.Serviks, Serviks.Shortcut, Ramnit.CPL and Bundpil.Shortcut.
- Norton – Trojan.Gen.2 (Shortcut virus)
Most shortcut virus ends with .EXE, .VBS. LNK and .INI file extensions.
This will replicate your files and folders, hide and replace it with shortcuts.exe, shortcut.lnk, file.ini (desktop.ini) and shortcut.vbs. This is a combination of Trojan and Worm. The bad thing about this, it will leave you no options but to click it in order to open your files and folders. Then after executing it, the virus starts to duplicate itself and install malicious software that monitors your computing habit and worst, steal your important data and credit card information.
Unfortunately, as what I have said earlier, not all antivirus can detect this type of virus. So, the best thing you can do, is to make-it-a-habit not to open your portable devices or hard drive via autorun or from “my computer”. Here’s the complete Shortcut virus First Aide to do lists;
- Do not open your Flash Drive via autorun and from My Computer.
- Open your Flash Drive and Hard Disk by right-clicking it, then click explore or type its drive letter in the windows address bar to prevent any script from running.
- Follow the instruction here how to unhide Files hidden by the virus, to see the real files which are hidden by the Trojan.VBS.TTE virus and to avoid executing it.
The above steps are designed to prevent shortcut virus from infecting your computer. It will also help you distinguish the real file from the virus-made files. As what I have said earlier, even prominent antivirus failed to catch VBS.Serviks virus. Nonetheless, I will be sharing you 3 methods to remove it, follow the guide below;
Download these two tools, namely: Trojorm Removal Tool and Shortcut virus fixfolder
You should proceed this method if the first one doesn’t work. This involves a “command prompt”. Now click “start“, “run“, “type CMD” “type the drive letter of your flash drive or external hard disk and a colon after it “eg F:” Once done type this attribute “attrib f:*.* /d /s -h -r -s”. You should see your files now and Shortcut VBS.Agent-35 virus must be removed.
Please take note that this guide is for advance users only. I will not be liable of whatever consequences that may take place after following this guide. I am not trying to frighten you but one mistake may affect your PC’s normal operation.
- Press the windows key + R, type “regedit” to enter the registry.
- Navigate through HKEY_CURRENT_USER / Software / Microsoft / Windows / CurrentVersion / Run. Normally, you shouldn’t see any key except the default as you can see in the image below. Any key that is unusual such as WXCKYz, OUzzckky and other that ends with VBS, INI, LNK and EXE extension are safe to delete. However, this is a case to case basis, do this in your own discretion. Besides you are the only one who knows what software you install in your computer.
- Press the windows key + R again, type “msconfig” click “OK“, in “Startup” tab uncheck everything except your antivirus. Click “OK” and “Restart now”.
Shortcut virus remover tools and command prompt access denied problem
Shortcut virus remover and CMD attrib command are two best methods of removing shortcut VBS/Autorun.worm.k virus ill-effects. However, in some occasion using these methods returns an access denied error. This problem is common on hard disk that uses NTFS this is rare on Flash drives (FAT & FAT32).
- In fixfolder, see to it that you change the drive according to your Flash drive and hard disk drive letter.
- In the command prompt, make sure that you typed the command correctly including the spaces.
What if you did everything right, from changing drive letter and typing the attrib command accurately as it is and still receive the access denied error?
- Run chkdsk command using CMD. If you don’t know how to do it? Please visit this guide Windows detected a hard disk problem.
You followed the virus remover guide above and found it helpful. In fact, your shortcut-virus problem is now solved. However, after plugging again your Flash drive, external hard drive (HDD) and SD card it became infected again. Why this happen?
Reason: Your computer is extremely infected with shortcut-virus.
Solutions: You should clean your PC first and protect it before inserting any of your storage devices. How?
- Download RKill and run it. To stop any malicious processes.
- Download RogueKiller and run it as well. To remove any variants of trojans.
- Download Malwarebytes , install, update and run a scan. For more malware removal that RogueKiller might missed.
- Install SmadAV Antivirus. A finishing touch, this also removes Bundpil.Shortcut-virus and act as computer shield against it. Thus, preventing future infections.
Note: Please do not restart your PC until you finished installing SmadAV antivirus.
How to remove shortcut virus Video Tutorial
This video tutorial, is an answer to all emails, requesting me to make a video tutorial of this post. It will be the best solution for those who are fond or more comfortable on video tutorial. In this tutorial also, you will learn the two types of this virus. It is all in one Shortcut Virus removal How-to.
Shortcut Virus Remover
Finally, if you followed the two methods above and still you see the shortcuts, use this Serviks.Shortcut remover to remove those shortcuts remnants.
Download: HFV HFV Hidden Folder Virus is my favorite shortcut remover. It is easy to use and you don’t need to install it in your system because it works as a standalone application. If run in the first time, it will prompt you to enter your desired password.
HFV can disinfect and remove shortcut virus both from internal and portable devices. To clean your Hard Drive, Folder, Files or Portable device just simply click the “ADD” or “BROWSE”, select the desired drive, folder or file, then choose the “Delete Virus” after that click “Unhide Files” to recover your files. That’s how easy HFV removes shortcut Trojan.Gen.2 virus.
If you are not comfortable of using HFV, other shortcut virus remover and alternatives are given below.
USBFix is a USB utility software designed primarily on Flash drive or portable devices disinfection but also able to clean your computer partitions. An installation is required to vaccinate your PC or SD card, flash drive and external drives.
The good thing about USB Fix is it’s updated, they released the 2018 version already. To remove it simply click the “vaccinate” and the rest is automatic.
- Download USBFix here.
Shortcut Virus Remover v3.1 this is one of the most popular shortcut virus remover on the web. Like HFV, you don’t have to install this. By double clicking shortcut remover 3.1, a pop up box will appear, giving you two options. If you want to remove it from your pen drive, simply choose “Pen Drive”, select the drive letter and click scan. However, if you want your PC to be cleaned then select “Computer” then “Scan”.
- Download here.
Shortcut Virus Remover BAT this is a BAT file, very light with just 3.6Kb yet effective in removing shortcut virus with just one click.
- Download here.
Install HFV or SmadAV as your primary defense and a good antivirus. Then do a weekly scan with Malwarebytes to complete your solid protection. Your comments and suggestions are highly appreciated to improve this How to Remove Tutorial. Speak up your mind in the comment box below.