How to Recover Files from a Virus Infected USB Drive

USB drives help you conveniently transfer data from one device to another—thanks to their small form factor, reasonable cost, and widespread availability. But, these factors also make USB drives easy vectors, and victims of virus attacks.

Computer viruses can erase the data on your USB drive, corrupt it, or lock you out of it. So, how do you recover your data from a virus-infected USB drive?

It involves two steps—remove the virus from your USB drive and PC using an antivirus program, then recover any deleted data using a capable data recovery tool. Let’s take a detailed look at how to do both.

Is It Possible to Recover Data from Virus-Infected USB Drive?

Data recovery chances from a virus-infected flash drive primarily depend on the type of virus that infected it, and what the virus did to your data.

Here’s an overview of some common ways in which viruses may affect your files:

• 💿 Data Hiding: Some viruses hide your data instead of outright deleting it. The infamous, “shortcut virus,” is one such virus—it hides your original files and folders, replacing them with malicious shortcuts. To recover your files after a data hiding virus infects your USB drive, first remove the virus by scanning your PC using an antivirus tool (Malwarebytes is a good, free option), and then reveal your files.
• 🗑️ Data Deletion: There are plenty of viruses that are designed solely to destroy the victim’s data. In such cases, you can usually recover your data using a decent data recovery tool.
• 🔏 Data Encryption: These viruses are known as Ransomware. They encrypt your files, holding them ransom, unless you pay a certain fee. It’s not recommended that you pay the fee because there’s no guarantee the hackers will give you the decryption key. The No More Ransom website is an exhaustive resource on what you should, and shouldn’t do when dealing with Ransomware.
• ❌ Data Corruption: Often, viruses are specifically designed to corrupt your data. However, corrupted data can also be a byproduct of the virus’ attempt to spread to other computers—the virus injects malicious code into a regular file so that it can spread to whatever devices or computers the file is copied to. Most antivirus programs can remove such viruses and undo the corruption. It’s also best to scan the USB drive using a good data recovery program.
• 📂 File Replacement and Modification: There’s a class of virus, known as “overwriting virus,” that replaces the original code of your files with malicious code. These viruses overwrite the files on your USB drive with random data. Unfortunately, there’s little you can do to recover your data after an overwrite virus attack. Your only hope is restoring a previously created backup.

Except for the overwrite virus, and ransomware, most viruses won’t impact your files to the point of non-recovery. However, It’s crucial to find and remove the virus from your USB drive, before proceeding to recover data from it using the data recovery guide in the next section.

What Happens When Viruses Infect Your USB Drive?

When your USB drive is infected by a virus, it immediately becomes a carrier of that virus and could potentially transfer the virus to other PCs and devices it’s connected to.

While the effects of an infected USB drive vary based on the nature of the virus, the result is pretty much the same thing – deletion or encryption of your files.

How to Recover Files from a Virus-Infected Flash Drive

Third-party data recovery programs are a user-friendly way to recover deleted files from virus-infected drives. It’s important to choose a good USB data recovery app from the get-go, as the first data recovery scan is typically the most successful. This list of the best data USB data recovery programs is a good place to begin your search.

For this tutorial, we opted to use Disk Drill—a trustworthy USB data recovery tool equipped with a robust data recovery algorithm. Its modern UI with in-built tutorials makes it perfect for novice PC users. Disk Drill detects your pen drive, regardless of its file system. It recovers data from USB drives with a missing (RAW), or corrupt file system as well.

Here’s how to recover data from a virus-infected USB drive using Disk Drill:

1. Download Disk Drill and install it on your PC.
2. Connect the USB drive to your PC.
3. Open Disk Drill, select the USB drive, and click Search for lost data.
4. Click on Review found items once the scan completes. To view specific file types, click on the relevant tile—Pictures, Videos, Audio, Documents, Archives, and Other.
5. Expand the Deleted or lost and Reconstructed sections. To view existing files (even hidden ones), expand the Existing section.
6. Tick the files you wish to recover. Disk Drill displays a preview of the currently selected file, but you can manually preview any file by hovering the cursor on it and clicking the eye button that appears. Click on Recover once you’re done selecting the files.
7. Choose a recovery destination for the files and click Next. We recommend recovering the files to a separate location, instead of the affected USB drive.
8. Disk Drill will recover the selected files.

Disk Drill can help recover your data in three major virus-related scenarios:

Scenario 1: Damaged Master Boot Record (MBR) or Master File Table (MFT)

When viruses disorient the MBR or MFT components of your USB devices, that device can no longer be accessed via Explorer or Finder even when the files still exist on the drive. In this case, Disk Drill can restore the original structure that was before virus infection to save lost data.

Scenario 2: Unbootable USB Flash Drives

Viruses are capable of replacing the main record that stores boot information with its bootable record. This denies the user access to their files and folders. Now the user is prompted about the infected drive and is required to pay a ransom to unlock the files. As you may already be aware, giving out your money will not guarantee an unlock code. We recommend that you attempt to boot from a live USB device and scan it with Disk Drill which will reveal the files that are on the drive.

Scenario 3: Inaccessible Files & Folders (Resident virus)

Disk Drill puts devices in read-only mode before the scan process. This feature prevents the virus from further monitoring the drive, therefore significantly increasing the chances of restoring files from the virus-infected flash drive

How to Remove a Virus From the USB Drive

Removing the virus from your USB drive is simple—scan the drive using an antivirus program. Windows Defender does a good enough job, but you can use third-party antivirus tools for added peace of mind.

Recovering your files after removing the shortcut virus entails unhiding the affected files and folders.

Here’s how to remove viruses from your USB drive:

Remove USB Virus Using Windows Security (Windows Defender) on Windows 10 and Windows 11

It’s common knowledge that the Windows Platform is widely susceptible to viruses especially when it’s compared to Mac OS X and Linux-based systems.

The reason is that Windows is the most widely used and also because of how the operating system handles Administrator privileges and rights.

It’s only logical for hackers to focus more on a widely used medium because it increases the chances of a successful mass exploit.

For example, the Windows Security utility continues to evolve and has seen some massive security updates in recent times. It’s also possible to recover files from virus-infected USB pen drives using Windows Security for Windows 10. To do this, attempt the following:

Windows 10

1. Right-click the Start button and choose Settings. Ensure the USB drive is connected to your PC.
2. Click on Update & Security.
3. Click Windows Security, and then choose Virus & threat protection.
4. Click on Check for updates under Virus & threat protection updates.
5. Under Current threats, click on Scan options.
6. Select Custom scan and then click the Scan now button.
7. Select the USB drive and click Select folder.
8. Windows will scan the drive and remove any viruses.

Windows 11

1. Connect your USB drive to the PC. Right-click on the Start button and click on Settings.
2. Click on Privacy & Security in the sidebar.
3. Click on Windows Security.
4. Clickon Virus & threat protection.
5. Select Protection updates under Virus & threat protection updates.
6. Click on Check for updates.
7. Go back to the previous screen, and click Scan options, under Current threats.
8. Choose Custom scan > Scan now.
9. Browse for the pen drive and choose Select folder.
10. Wait while Windows scans the USB drive.

This process is straightforward and can help you to recover hidden files in USB caused by viruses. The good part also is that this process is free and you can do this without downloading additional software.

Remove a “Shortcut Virus” Using attrib Command (CMD)

The Shortcut virus as already indicated is one of the most common viruses capable of concealing your important files and documents. Using a few tricks such as a CMD method can get rid of it almost immediately. To do this, you need to follow these instructions.

1. Type “cmd” in Windows Search (Windows Key + S). In the search results, right-click on Command Prompt > Run as Administrator.
2. Type ATTRIB -H -R -S /S /D X: *.* in the Command Prompt console and press Enter. Replace X with the USB drive’s drive letter (you can find this in Windows Explorer > This PC, or Windows Disk Management).

Consider Formatting Your USB Drive

Formatting your USB drive wipes out all its stored files, including the virus. Use this method if antivirus programs were unable to effectively detect and delete the virus from your USB drive.

While most data recovery programs can recover your files after a quick format, there’s a high chance the recovered files have malicious code in them because of the virus.

Here’s how to format a pen drive on Windows:

1. Press Windows Key + E to launch File Explorer.
2. Go to This PC, right-click on your pen drive, and choose Format.
3. You can modify the format parameters if you wish to, or simply clickthe Start button right away. Unchecking the Quick format option will perform a full format. This removes all files from the drive and overwrites them with zeroes.This is much safer than using the Quick format option, but you cannot recover any files after a full-format.
4. Windows will format the USB drive.

What is Flash Drive Virus & What are their Types?

Flash drives viruses are very common these days with each of them posing similar threats but often in a different way. To provide a breakdown of some of the different viruses and how they affect your files or PC, you first need to understand what a flash drive virus is.

A flash drive virus is essentially a malicious program that infiltrates your computer and does damage to it by either slowing it down or corrupting the data stored on it. As already mentioned, there are many flash drive viruses and the kind of exploits they are designed to do.

• 🦠 Ransomware. Ransomware has gained notoriety in recent years with attacks skyrocketing for businesses and individuals alike. Ransomware is essentially a type of malware that prevents users from gaining access to their files and computer systems until a ransom has been paid to the perpetrators. Ransomware is commonly spread through deceptive links and emails which trick users into opening them to access some information. In some cases, the links are spread through phishing emails that appear to have been sent legitimately.
• 🔐 PHUKD. Also known as “THATSPHUKD” & “URFUKED”, this type of virus affects your PC by encrypting files based on the timing provided by hackers who control it. Unlike other viruses that immediately encrypt your files when they are infected, the PHUKD virus could remain invisible before it starts to do any damage to your files.
• 🔑 Rubber Ducky Firmware. The Rubber Ducky Firmware virus is quite similar to the PHUKD virus in that it also encrypts your files. The major difference is that this virus encrypts your files almost immediately and uses pre-existing keystrokes to make your files inaccessible. It’s able to do this by tricking your Computer system to believe that it is a generic keyboard.
• 🛡️ Password Protection Bypass Patch. To protect our files from illegal access, we often create passwords to limit their access. However, the sad news is that the Password Protection Bypass Patch is capable of overriding password-protected files and assumes control of them. By making changes to the firmware of your USB drive, the virus cracks open your encrypted files. If for some reason you believe your flash drive has been compromised by this virus, it is recommended that you discontinue its use.
• 👾 Shortcut Virus. The shortcut virus is pretty common and as the name suggests, the virus conceals your files and folders and replaces them with a shortcut that maintains the attributes of the original files and folders. The sneaky virus is capable of replicating itself unto other files when you click on files and folders that have already been infected. The Shortcut virus runs your PC performance down and could potentially expose your data to third parties. This type of virus is usually transmitted when files are being transferred to your PC physically.

How to Protect Your Thumb Drive from Viruses

There are many precautionary measures to keep your Thumb Drive free from viruses. Maintaining a high level of restraint when transferring items to your drive should protect it from some of the most common viruses.

• 🌐 Verify Computer System or Network. Ideally, what you need to is to verify from the Computer System or network you intend to connect your flash drive to. This allows you information on whether the network is secure or not. For Public networks and devices especially, doing this is very important.
• 🖥️ Scan your Drive Regularly. You need to habitually scan your Flash Drive for viruses using Antivirus software. Based on your usage, you may opt to do this Daily or Weekly. Either way, just ensure that you do this religiously to keep your drive safe and secure.
• 🚧 Avoid Suspicious Websites. Reckless online activity can greatly increase the chances of infecting your Flash Drive when it’s connected to your PC. Hackers can exploit users through unsecured websites – especially file sharing sites that allow users to download files onto their PCs.
• 🔒 Write Protect your Flash Drive. Another way to keep your USB drive secure is by write-protecting it. Modern flash drives are often endowed with such a capability. Enabling this feature will prevent files of all types from being written to your drive without your permission.
• 📁 Identify Files to Be Transferred. Before attempting to transfer any files to your flash drive, manually identify if the files are indeed what you intend to transfer. Additionally, it is recommended that you avoid transferring files in bulk if you’re suspicious.

How Do USB Devices Get Infected with Malware?

USB devices are predisposed to viruses of all kinds. It’s also a known fact that USB drives get infected with malware deliberately or unintentionally.

Hackers who seek to exploit a computer system may infect a USB malware to gain access and control over a system or network. This is an example of deliberate infection.

USB flash drives are like taxicabs for malware. Virus scan them before use and don’t use unfamiliar ones! #cybersecurity #tips pic.twitter.com/ITQHTFp9mJ

— DigitalSecurityWatch (@DS_Watch) April 15, 2021

Users may also get USB drives infected unknowingly when they plug them into an unsecured network or PC. For example, public networks in schools, airports, and Internet cafes are some of the most vulnerable networks that could pose a threat to your USB drive when connected.

FAQ

Bottom Line

The risk of getting a USB drive infected with a virus is high. The average computer user should have encountered a virus situation at least once in their lifetime. It’s common and it is bound to happen. So long as you continue to share files and download items from the internet, your drive remains at risk.

That said, there are many preventive measures you can employ to keep your flash drive safe and secure. Always remember that preventive measures often save you time and money.