Scribd
Upload
62 views

How To Fix Shortcuts Virus Problem?

This document provides instructions to remove a shortcuts virus from Windows XP, Vista, or 7 systems. It is a 4 step process: 1. Make hidden files visible and remove protections on system files. 2. Check for and remove any virus processes and files, including taking ownership of infected files. 3. Delete any fake shortcut files created by the virus. 4. Use the command prompt to permanently remove hidden, read-only, and system file attributes added by the virus.

Uploaded by

Hamdy Mhran
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
62 views

How To Fix Shortcuts Virus Problem?

This document provides instructions to remove a shortcuts virus from Windows XP, Vista, or 7 systems. It is a 4 step process: 1. Make hidden files visible and remove protections on system files. 2. Check for and remove any virus processes and files, including taking ownership of infected files. 3. Delete any fake shortcut files created by the virus. 4. Use the command prompt to permanently remove hidden, read-only, and system file attributes added by the virus.

Uploaded by

Hamdy Mhran
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

How to fix...

Shortcuts Virus Problem?



PS: Dont worry if my pictures are in Spanish.
Im gonna explain all the steps in English, and
the process is much simpler than it looks.

Step One
The following steps apply for Windows XP, Vista and 7

1. Click on Start
2. Click on Control Panel
3. Pick Folder Options
4. Click on View tab
5. Clear the following check boxes:
6. Clear the check box Hide protected operating
system files (Recommended)
7. Clear the check box Hide extensions for known
file types
8. Click Accept to apply the changes

Step Two
We need to make sure that your computer is
clean from the infection. If a healthy USB
memory remains clean after plugging it in, this
means your computer is clean and you can jump
directly to step three.
1. Open Task Manager (Ctrl+Alt+Del(
2. Go to the Processes tab
3. Look for WSCRIPT.EXE that is currently
running.

But wait!
Before ending the process, right click on the virus
name and pick Open File Location. After the
Windows Explorer tab pops up, you can end the
process.

Lets go to our new Explorer Window. When you


try to delete the virus executable file, an error will
occur. Cannot Delete!

Dont panic, this is normal.


As strange as it sounds, we need to take ownership
of the file. Right click on the file and select
Properties

Now on the dialog box that appears:


1. Pick Security and then Advanced
2. On the new dialogue box, pick Owner
3. In the example screenshot you will see that the
virus changed the Current Owner to
TrustedInstaller. So, from the list called
Change Owner to: pick your Administrator
name and click OK.

Now that you own the virus, lets go back to the


beginning
1.
2.
3.
4.

Again, Right click on the virus file


Pick Properties
and again Security.
But this time, on the dialog that pops-up click
on Edit

A new (almost identical) window will pop up.


1. Click on SYSTEM and deny Read &
Execute and Read.
2. Repeat the same operation with all the
elements of Group and user Names

You will not be able to delete the file, but dont


worry. The computer will not be able to run this
virus executable file.

Step Three
If step one and two went great, you should
be able to see your files again.
Unfortunately they are still marked as
hidden (hence the ghostly look of the
icons). We are going to fix that in a moment,
but first we are going to delete these crappy
shortcuts that were created by the virus and
have nothing to do with your real files.

Proceed to delete the shortcuts, the


Autorun.inf, any .vbs or .exe file, in fact
delete everything you dont recognize as
yours.

Step Four (Last one!)


To permanently change the properties of
your files and return their appareance back
to normal we need to open the Command
Prompt.
On Windows Vista and 7:
1. Click on Start
2. Type cmd in the first box you see
3. Press ENTER

On Windows XP:
1.
2.
3.
4.

Click on Start
Click on Run
Type cmd
Press ENTER

On the black Window that appears -technically


called the Command prompt- write the commands
shown on the picture.
attrib -h -r -s /s /d X:\*.*

Dont forget to replace the letter X with the letter


of your infected drive.

For example, if your affected drive letter is F then


the command should be attrib -h -r -s /s /d F:\*.*
After writing the command hit enter and wait a
few seconds while the changes are made.

Done!
Go back to the file explorer and see if the file
attributes are back to normal.

You might also like