Académique Documents
Professionnel Documents
Culture Documents
Every one of us has experienced the Shortcut Virus atleast once in our lifetime. Actually, it has
become so common that people often overlook and underestimate it. In the beginning, it looks like
nothing problematic has happened to be worried about. Afterall, it’s just a shortcut file.
Get rid of drive.bat computer virus that makes data on thumb drives and SD memory cards inaccessible by replacing their
folders and files with shortcuts.
The ill-famed shortcut virus has become a buzzword over the years that’s it has been circulating, but not everyone knows there’s
a number of its spinoffs that operate somewhat differently. One of the mutations spreads via a Windows batch file named
drive.bat, which is effectively an object that forces the host operating system to execute certain commands. Regarding the
concept proper, it’s quite bizarre that an infection as ostensibly primitive as this is still in the wild in the era of high-profile
threats like ransomware, rootkits and banking trojans. And yet, the fact remains that lots of users around the globe keep catching
the thumb drive shortcut malware through physical means, that is, by inserting their removable media into contaminated
computers which, most likely, got infected via a virus-tainted memory stick themselves. Why the cybercrooks behind this plague
are distributing it is quite a puzzle, but it does cause a lot of harm to victims despite the whole simplicity.
Now, back to the point – the drive.bat virus transforms all the contents of an infested memory medium into shortcuts, usually 1
KB in size, which open up blank or cannot be opened at all. At the first blush, this predicament looks like a complete loss of data
stored on the drive. In fact, though, the infection simply corrupts the display of data hierarchy, which is good news to anyone
that’s hit. A thumb drive becomes a carrier of the contagion when it’s plugged into a Windows machine with the virus on board.
The PC, in its turn, may get exposed to the malady after the user unknowingly downloads the drive.zip file off of the Internet.
This may be a stealthy drive-by download invisible to the naked eye, or a part of a bundle trespassing on the system with
packaged installations of freeware or shareware. One way or another, the drive.zip archive is automatically extracted to every
USB drive or SD card inserted into the computer henceforth. So much for the propagation routine.
Once drive.bat is copied to removable media, it runs automatically and causes all the files and directories to morph into shortcuts.
Another likely adverse effect is the termination of popular antimalware suites running on the system at the time of the attack.
This is, obviously, a more straightforward and aggressive methodology than the commonplace AV evasion. To top it off, the
virus may also prevent the victim from accessing Registry Editor. Fortunately, all the information hidden behind the veil of
shortcuts can be reinstated in its original form. Peruse the troubleshooting part below to find out how.
2. Rest assured the scan report will list all items that may harm your operating system. Select the detected entries and click Fix
Threats to get the troubleshooting completed.
@echo off
attrib -h -s -r -a /s /d F:*.*
@echo complete
• Save the Notepad file as fixvirus.bat or similar – the .bat part is mandatory.
• Double-click the .bat file you just created. This will run the executable. The shortcuts for affected drive and its contents should
now be replaced with normal data objects. If this didn’t help, try the following recommendations.
Use Command Prompt to fix the drive.bat problem
• Type cmd in your Windows Search box and press Enter to open the command-line interface
• Now type the following string in the command-line interpreter (put the name of the infected drive instead of “F” in the
example):
attrib -h -s -r -a /s /d F:*.*