Virus that infects thumb drives and renames folders with .exe extension

ADVERTISEMENT

USB flash drives are a common way of spreading malware among computers. Users typically plug in USB drives into public computers and 3rd party workstations at office, college, libraries or labs without being careful about what they might expose their data to, or the kind of malware (virus, worms, trojans etc.) that get into their pen drives.

Recently, my favorite 16GB San Disk Cruzer drive got infected by a virus. All folders apparently got a .exe joined at the end, ie. Pictures folder became “Pictures.exe”. Clicking the folders opened a command prompt that flashed for a second. No folder could be opened. It seemed as if I lost all the data inside folders.

The virus seems to affect only portable drives, and left my permanent hard drives untouched.

Identifying the USB virus

Seeing the .exe extension, I became suspicious, and ran an antivirus program, Avast, that was on the system. It failed to detect any malware in the flash drive. As a last resort, I tried enabling “Show hidden files, folders and drives” and “Hide protected operating system files” (in Tools > Folder Options > View tab). This revealed all the actual folders that contain data.

ADVERTISEMENT

So, it was identified that the virus creates duplicates of the folders and fools the user into thinking that all the files and folders have disappeared, whereas, in reality, they have been merely hidden.

Removing the virus, restoring folders and files

The virus has been in existence for several years (according to some research paper, I forgot where I found it), but unfortunately, Avast and AVG, the two antivirus software I tried to use initially, failed.

Malwarebytes Antimalware detected and removed the virus, so I recommend giving that a try. In its free version, you can only scan (and not use it as realtime protection), which is plenty good enough for most users.

Though the virus would be gone after you followed the above step, your folders will still retain their hidden and protected attributes.

To change that, download and use Attribute Changer, a handy free utility to change the hidden / system / protected attributes of files and folders.