Recover Files from a Virus Infected USB Drive

How to Recover Files from a Virus Infected USB Drive

Last updated:

No robots used, our articles are crafted by humans under strict Editorial Guidelines.

Written by Michael Alimo Michael Alimo Contributing Writer • 9 articles Michael Alimo, formerly a contributing writer for Handy Recovery, specialized in data recovery and technology articles. Now focusing on his small business, his expertise spans from dealing with corrupted devices to file recovery. With over six years in technology content writing, Michael’s areas include AI, IoT, and Cybersecurity. LinkedIn Edited by Manuviraj Godara Manuviraj Godara Staff Writer • 65 articles Manuviraj Godara recently joined the staff writers team at Handy Recovery Advisor, having initially contributed as a writer in 2021. His primary expertise lies in resolving data issues on Windows machines, and he has recently begun to explore Apple-related topics. LinkedIn Approved by Andrey Vasilyev Andrey Vasilyev Editor Andrey Vasilyev is an Editorial Advisor for Handy Recovery. Andrey is a software engineer expert with extensive expertise in data recovery, computer forensics, and data litigation. Andrey brings over 12 years of experience in software development, database administration, and hardware repair to the team. LinkedIn

USB drives help you conveniently transfer data from one device to another—thanks to their small form factor, reasonable cost, and widespread availability. But, these factors also make USB drives easy vectors, and victims of virus attacks.

Computer viruses can erase the data on your USB drive, corrupt it, or lock you out of it. So, how do you recover your data from a virus-infected USB drive?

It involves two steps—remove the virus from your USB drive and PC using an antivirus program, then recover any deleted data using a capable data recovery tool. Let’s take a detailed look at how to do both.

⚠️

Keep in mind that you need to act quickly and recover your data before it gets overwritten. Do not use the USB drive in question until you read this article.

Is It Possible to Recover Data from Virus-Infected USB Drive?

Data recovery chances from a virus-infected flash drive primarily depend on the type of virus that infected it, and what the virus did to your data.

Here’s an overview of some common ways in which viruses may affect your files:

  • 💿 Data Hiding: Some viruses hide your data instead of outright deleting it. The infamous, “shortcut virus,” is one such virus—it hides your original files and folders, replacing them with malicious shortcuts. To recover your files after a data hiding virus infects your USB drive, first remove the virus by scanning your PC using an antivirus tool (Malwarebytes is a good, free option), and then reveal your files.
  • 🗑️ Data Deletion: There are plenty of viruses that are designed solely to destroy the victim’s data. In such cases, you can usually recover your data using a decent data recovery tool.
  • 🔏 Data Encryption: These viruses are known as Ransomware. They encrypt your files, holding them ransom, unless you pay a certain fee. It’s not recommended that you pay the fee because there’s no guarantee the hackers will give you the decryption key. The No More Ransom website is an exhaustive resource on what you should, and shouldn’t do when dealing with Ransomware.
  • Data Corruption: Often, viruses are specifically designed to corrupt your data. However, corrupted data can also be a byproduct of the virus’ attempt to spread to other computers—the virus injects malicious code into a regular file so that it can spread to whatever devices or computers the file is copied to. Most antivirus programs can remove such viruses and undo the corruption. It’s also best to scan the USB drive using a good data recovery program.
  • 📂 File Replacement and Modification: There’s a class of virus, known as “overwriting virus,” that replaces the original code of your files with malicious code. These viruses overwrite the files on your USB drive with random data. Unfortunately, there’s little you can do to recover your data after an overwrite virus attack. Your only hope is restoring a previously created backup.

Except for the overwrite virus, and ransomware, most viruses won’t impact your files to the point of non-recovery. However, It’s crucial to find and remove the virus from your USB drive, before proceeding to recover data from it using the data recovery guide in the next section.

What Happens When Viruses Infect Your USB Drive?

When your USB drive is infected by a virus, it immediately becomes a carrier of that virus and could potentially transfer the virus to other PCs and devices it’s connected to.

While the effects of an infected USB drive vary based on the nature of the virus, the result is pretty much the same thing – deletion or encryption of your files.

How to Recover Files from a Virus-Infected Flash Drive

Third-party data recovery programs are a user-friendly way to recover deleted files from virus-infected drives. It’s important to choose a good USB data recovery app from the get-go, as the first data recovery scan is typically the most successful. This list of the best data USB data recovery programs is a good place to begin your search.

For this tutorial, we opted to use Disk Drill—a trustworthy USB data recovery tool equipped with a robust data recovery algorithm. Its modern UI with in-built tutorials makes it perfect for novice PC users. Disk Drill detects your pen drive, regardless of its file system. It recovers data from USB drives with a missing (RAW), or corrupt file system as well.

👀

For an in-depth look at the tool—its features, and its shortcomings—read through our Disk Drill review.

Here’s how to recover data from a virus-infected USB drive using Disk Drill:

  1. Download Disk Drill and install it on your PC.
  2. Connect the USB drive to your PC.
  3. Open Disk Drill, select the USB drive, and click Search for lost data. Disk Drill's data recovery section highlighting a generic flash disk USB device ready for a search for lost data.
  4. Click on Review found items once the scan completes. To view specific file types, click on the relevant tile—Pictures, Videos, Audio, Documents, Archives, and Other.USB drives help you conveniently transfer data from one device to another—thanks to their small form factor, reasonable cost, and widespread availability. But, these factors also make USB drives easy vectors, and victims of virus attacks. Computer viruses can erase the data on your USB drive, corrupt it, or lock you out of it. So, how do you recover your data from a virus-infected USB drive? It involves two steps—remove the virus from your USB drive and PC using an antivirus program, then recover any deleted data using a capable data recovery tool. Let’s take a detailed look at how to do both. </p><div class="sc_text "notice""><div class="sc_text--arrows">❗️</div><div class="sc_text--text"><p>Keep in mind that you need to act quickly and recover your data before it gets overwritten. Do not use the USB drive in question until you read this article.</p></div></div><p> Data recovery chances from a virus-infected flash drive primarily depend on the type of virus that infected it, and what the virus did to your data. Here’s an overview of some common ways in which viruses may affect your files: 🫥 Data Hiding: Some viruses hide your data instead of outright deleting it. The infamous, “shortcut virus,” is one such virus—it hides your original files and folders, replacing them with malicious shortcuts. To recover your files after a data hiding virus infects your USB drive, first remove the virus by scanning your PC using an antivirus tool (Malwarebytes is a good, free option), and then reveal your files. 🗑️ Data Deletion: There are plenty of viruses that are designed solely to destroy the victim’s data. In such cases, you can usually recover your data using a decent data recovery tool. 🔏 Data Encryption: These viruses are known as Ransomware. They encrypt your files, holding them ransom, unless you pay a certain fee. It’s not recommended that you pay the fee because there’s no guarantee the hackers will give you the decryption key. The No More Ransom website is an exhaustive resource on what you should, and shouldn’t do when dealing with Ransomware. ❌ Data Corruption: Often, viruses are specifically designed to corrupt your data. However, corrupted data can also be a byproduct of the virus’ attempt to spread to other computers—the virus injects malicious code into a regular file so that it can spread to whatever devices or computers the file is copied to. Most antivirus programs can remove such viruses and undo the corruption. It’s also best to scan the USB drive using a good data recovery program. 📂 File Replacement and Modification: There’s a class of virus, known as “overwriting virus,” that replaces the original code of your files with malicious code. These viruses overwrite the files on your USB drive with random data. Unfortunately, there’s little you can do to recover your data after an overwrite virus attack. Your only hope is restoring a previously created backup. Except for the overwrite virus, and ransomware, most viruses won’t impact your files to the point of non-recovery. However, It’s crucial to find and remove the virus from your USB drive, before proceeding to recover data from it using the data recovery guide in the next section. What Happens When Viruses Infect Your USB Drive? When your USB drive is infected by a virus, it immediately becomes a carrier of that virus and could potentially transfer the virus to other PCs and devices it’s connected to. While the effects of an infected USB drive vary based on the nature of the virus, the result is pretty much the same thing - deletion or encryption of your files. How to Recover Files from a Virus-Infected Flash Drive Third-party data recovery programs are a user-friendly way to recover deleted files from virus-infected drives. It’s important to choose a good USB data recovery app from the get-go, as the first data recovery scan is typically the most successful. This list of the best data USB data recovery programs is a good place to begin your search. For this tutorial, we opted to use Disk Drill—a trustworthy USB data recovery tool equipped with a robust data recovery algorithm. Its modern UI with in-built tutorials makes it perfect for novice PC users. Disk Drill detects your pen drive, regardless of its file system. It recovers data from USB drives with a missing (RAW), or corrupt file system as well. For an in-depth look at the tool—its features, and its shortcomings—read through our Disk Drill review. Here’s how to recover data from a virus-infected USB drive using Disk Drill: Download Disk Drill and install it on your PC. Connect the USB drive to your PC. Open Disk Drill, select the USB drive, and click Search for lost data. Click on Review found items once the scan completes. To view specific file types, click on the relevant tile—Pictures, Videos, Audio, Documents, Archives, and Other. Expand the Deleted or lost and Reconstructed sections. To view existing files (even hidden ones), expand the Existing section. Tick the files you wish to recover. Disk Drill displays a preview of the currently selected file, but you can manually preview any file by hovering the cursor on it and clicking the eye button that appears. Click on Recover once you’re done selecting the files. Choose a recovery destination for the files and click Next. We recommend recovering the files to a separate location, instead of the affected USB drive Disk Drill will recover the selected files. Note: Disk Drill’s free trial lets you preview all recoverable files, and recover up to 500 MB of data for free. Further recovery requires a Disk Drill PRO license. Disk Drill can help recover your data in three major virus-related scenarios: Scenario 1: Damaged Master Boot Record (MBR) or Master File Table (MFT) When viruses disorient the MBR or MFT components of your USB devices, that device can no longer be accessed via explorer or finder even when the files still exist on the drive. In this case, Disk Drill can restore the original structure that was before virus infection to save lost data. Scenario 2: Unbootable USB Flash Drives Viruses are capable of replacing the main record that stores boot information with its bootable record. This denies the user access to their files and folders. Now the user is prompted about the infected drive and is required to pay a ransom to unlock the files. As you may already be aware, giving out your money will not guarantee an unlock code. We recommend that you attempt to boot from a live USB device and scan it with Disk Drill which will reveal the files that are on the drive. Scenario 3: Inaccessible Files & Folders (Resident virus) Disk Drill puts devices in read-only mode before the scan process. This feature prevents the virus from further monitoring the drive, therefore significantly increasing the chances of restoring files from the virus-infected flash drive How to Remove a Virus From the USB Drive Removing the virus from your USB drive is simple—scan the drive using an antivirus program. Windows Defender does a good enough job, but you can use third-party antivirus tools for added peace of mind. Recovering your files after removing the shortcut virus entails unhiding the affected files and folders. Here’s how to remove viruses from your USB drive: Remove USB Virus Using Windows Security (Windows Defender) on Windows 10 and Windows 11 It’s common knowledge that the Windows Platform is widely susceptible to viruses especially when it’s compared to Mac OS X and Linux-based systems. The reason is that Windows is the most widely used and also because of how the operating system handles Administrator privileges and rights. It’s only logical for hackers to focus more on a widely used medium because it increases the chances of a successful mass exploit. </p><div class="sc_text "success""><div class="sc_text--arrows">❗️</div><div class="sc_text--text"><p>Windows, despite being extremely vulnerable to viruses, has seen a lot of changes over the years with Microsoft focusing more resources to make the Windows platform more and more secure.</p></div></div><p> For example, the Windows Security utility continues to evolve and has seen some massive security updates in recent times. It’s also possible to recover files from virus-infected USB pen drives using Windows Security for Windows 10. To do this, attempt the following: Windows 10 Right-click the Start button and choose Settings. Ensure the USB drive is connected to your PC. Click on Update & Security. Click Windows Security, and then choose Virus & threat protection. Click on Check for updates under Virus & threat protection updates. Under Current threats, click on Scan options. Select Custom scan and then click the Scan now button. Select the USB drive and click Select folder. Windows will scan the drive and remove any viruses. Windows 11 Connect your USB drive to the PC. Right-click on the Start button and click on Settings. Click on Privacy & Security in the sidebar. Click on Windows Security. Clickon Virus & threat protection. Select Protection updates under Virus & threat protection updates. Click on Check for updates. Go back to the previous screen, and click Scan options, under Current threats. Choose Custom scan > Scan now. Browse for the pen drive and choose Select folder. Wait while Windows scans the USB drive. This process is straightforward and can help you to recover hidden files in USB caused by viruses. The good part also is that this process is free and you can do this without downloading additional software. Remove a “Shortcut Virus” Using attrib Command (CMD) The Shortcut virus as already indicated is one of the most common viruses capable of concealing your important files and documents. Using a few tricks such as a CMD method can get rid of it almost immediately. To do this, you need to follow these instructions. Type “cmd” in Windows Search (Windows Key + S). In the search results, right-click on Command Prompt > Run as Administrator. Type ATTRIB -H -R -S /S /D X: *.* in the Command Prompt console and press Enter. Replace X with the USB drive’s drive letter (you can find this in Windows Explorer > This PC, or Windows Disk Management). Consider Formatting Your USB Drive Formatting your USB drive wipes out all its stored files, including the virus. Use this method if antivirus programs were unable to effectively detect and delete the virus from your USB drive. While most data recovery programs can recover your files after a quick format, there’s a high chance the recovered files have malicious code in them because of the virus. Here’s how to format a pen drive on Windows: Press Windows Key + E to launch File Explorer. Go to This PC, right-click on your pen drive, and choose Format. You can modify the format parameters if you wish to, or simply clickthe Start button right away. Unchecking the Quick format option will perform a full format. This removes all files from the drive and overwrites them with zeroes.This is much safer than using the Quick format option, but you cannot recover any files after a full-format. Windows will format the USB drive. </p><div class="sc_text "notice""><div class="sc_text--arrows">❗️</div><div class="sc_text--text"><p>Important: Formatting only removes local viruses from the USB drive. More sophisticated viruses like firmware viruses, bootkits, and rootkits remain on the drive as they reside in the MBR (Master Boot Record) which remains untouched during a format. To remove viruses that dwell in the MBR, use a tool like HDD Low Level Format—the tool’s trial version can clean the flash drive’s MBR.</p></div></div><p> What is Flash Drive Virus & What are their Types? Flash drives viruses are very common these days with each of them posing similar threats but often in a different way. To provide a breakdown of some of the different viruses and how they affect your files or PC, you first need to understand what a flash drive virus is. A flash drive virus is essentially a malicious program that infiltrates your computer and does damage to it by either slowing it down or corrupting the data stored on it. As already mentioned, there are many flash drive viruses and the kind of exploits they are designed to do. 🦠 Ransomware. Ransomware has gained notoriety in recent years with attacks skyrocketing for businesses and individuals alike. Ransomware is essentially a type of malware that prevents users from gaining access to their files and computer systems until a ransom has been paid to the perpetrators. Ransomware is commonly spread through deceptive links and emails which trick users into opening them to access some information. In some cases, the links are spread through phishing emails that appear to have been sent legitimately. 🔐 PHUKD. Also known as “THATSPHUKD” & “URFUKED”, this type of virus affects your PC by encrypting files based on the timing provided by hackers who control it. Unlike other viruses that immediately encrypt your files when they are infected, the PHUKD virus could remain invisible before it starts to do any damage to your files. 🔑 Rubber Ducky Firmware. The Rubber Ducky Firmware virus is quite similar to the PHUKD virus in that it also encrypts your files. The major difference is that this virus encrypts your files almost immediately and uses pre-existing keystrokes to make your files inaccessible. It’s able to do this by tricking your Computer system to believe that it is a generic keyboard. 🛡️ Password Protection Bypass Patch. To protect our files from illegal access, we often create passwords to limit their access. However, the sad news is that the Password Protection Bypass Patch is capable of overriding password-protected files and assumes control of them. By making changes to the firmware of your USB drive, the virus cracks open your encrypted files. If for some reason you believe your flash drive has been compromised by this virus, it is recommended that you discontinue its use. 👾 Shortcut Virus. The shortcut virus is pretty common and as the name suggests, the virus conceals your files and folders and replaces them with a shortcut that maintains the attributes of the original files and folders. The sneaky virus is capable of replicating itself unto other files when you click on files and folders that have already been infected. The Shortcut virus runs your PC performance down and could potentially expose your data to third parties. This type of virus is usually transmitted when files are being transferred to your PC physically. How to Protect Your Thumb Drive from Viruses There are many precautionary measures to keep your Thumb Drive free from viruses. Maintaining a high level of restraint when transferring items to your drive should protect it from some of the most common viruses. 🌐 Verify Computer System or Network. Ideally, what you need to is to verify from the Computer System or network you intend to connect your flash drive to. This allows you information on whether the network is secure or not. For Public networks and devices especially, doing this is very important. 🖥️ Scan your Drive Regularly. You need to habitually scan your Flash Drive for viruses using Antivirus software. Based on your usage, you may opt to do this Daily or Weekly. Either way, just ensure that you do this religiously to keep your drive safe and secure. 🚧 Avoid Suspicious Websites. Reckless online activity can greatly increase the chances of infecting your Flash Drive when it’s connected to your PC. Hackers can exploit users through unsecured websites – especially file sharing sites that allow users to download files onto their PCs. 🔒 Write Protect your Flash Drive. Another way to keep your USB drive secure is by write-protecting it. Modern flash drives are often endowed with such a capability. Enabling this feature will prevent files of all types from being written to your drive without your permission. 📁 Identify Files to Be Transferred. Before attempting to transfer any files to your flash drive, manually identify if the files are indeed what you intend to transfer. Additionally, it is recommended that you avoid transferring files in bulk if you’re suspicious. How Do USB Devices Get Infected with Malware? USB devices are predisposed to viruses of all kinds. It’s also a known fact that USB drives get infected with malware deliberately or unintentionally. Hackers who seek to exploit a computer system may infect a USB malware to gain access and control over a system or network. This is an example of deliberate infection. </p><script type="text/javascript">
var fired2 = false;
window.addEventListener('scroll', () => {
 if (fired2 === false) {
 fired2 = true;
 setTimeout(() => {
 var headID = document.getElementsByTagName("head")[0]; 
 var newScript = document.createElement('script');
 newScript.type = 'text/javascript';
 newScript.src = 'https://platform.twitter.com/widgets.js';
 headID.appendChild(newScript);
 }, 1000)
 } // endif
});
</script> USB flash drives are like taxicabs for malware. Virus scan them before use and don't use unfamiliar ones! #cybersecurity #tips pic.twitter.com/ITQHTFp9mJ — DigitalSecurityWatch (@DS_Watch) April 15, 2021  Users may also get USB drives infected unknowingly when they plug them into an unsecured network or PC. For example, public networks in schools, airports, and Internet cafes are some of the most vulnerable networks that could pose a threat to your USB drive when connected. </p><div class="sc_text "error""><div class="sc_text--arrows">❗️</div><div class="sc_text--text"><p>If care is not taken, you could expose your USB drive to a malware attack since such networks often lack a robust and secure infrastructure to mitigate against a possible virus attack.</p></div></div><p> FAQ </p><h2 class="faq">FAQ</h2><section itemscope="" itemtype="https://schema.org/FAQPage"> <div class="panel panel-default" itemprop="mainEntity" itemscope="" itemtype="https://schema.org/Question">
 <div class="panel-heading" id="heading"1"">
 <div class="panel-title">
 <h3 class="panel-title panel-title__heading" itemprop="name">"Can</h3> 
 </div>
 </div>
 <div class="panel-body" itemprop="acceptedAnswer" itemscope="" itemtype="https://schema.org/Answer">
 <div itemprop="text"><p> Yes. Previous versions of Windows included the Autorun feature which instantly opened USB drives once they were connected to a PC. This made flash drives instant victims to viruses that were present on a host PC. While the Autorun feature is no longer available for modern versions of Windows, you can transfer viruses to a drive when you manually open a file or folder on the flash drive while it’s connected to an infected PC.</p></div>
 </div>
</div> <div class="panel panel-default" itemprop="mainEntity" itemscope="" itemtype="https://schema.org/Question">
 <div class="panel-heading" id="heading"2"">
 <div class="panel-title">
 <h3 class="panel-title panel-title__heading" itemprop="name">"Does</h3> 
 </div>
 </div>
 <div class="panel-body" itemprop="acceptedAnswer" itemscope="" itemtype="https://schema.org/Answer">
 <div itemprop="text"><p> Contrary to popular belief, the usual formatting of your flash drive in Windows will not remove viruses. Low-level formatting, however, can guarantee some level of success with virus removal. </p></div>
 </div>
</div> <div class="panel panel-default" itemprop="mainEntity" itemscope="" itemtype="https://schema.org/Question">
 <div class="panel-heading" id="heading"3"">
 <div class="panel-title">
 <h3 class="panel-title panel-title__heading" itemprop="name">"How</h3> 
 </div>
 </div>
 <div class="panel-body" itemprop="acceptedAnswer" itemscope="" itemtype="https://schema.org/Answer">
 <div itemprop="text"><p> Several Data Recovery Applications can recover files from virus-infected USB pen drives. Tools such as Disk Drill, EaseUS, and Recoverit are capable of getting your permanently deleted files back from your Pendrive.</p></div>
 </div>
</div> <div class="panel panel-default" itemprop="mainEntity" itemscope="" itemtype="https://schema.org/Question">
 <div class="panel-heading" id="heading"4"">
 <div class="panel-title">
 <h3 class="panel-title panel-title__heading" itemprop="name">"Does</h3> 
 </div>
 </div>
 <div class="panel-body" itemprop="acceptedAnswer" itemscope="" itemtype="https://schema.org/Answer">
 <div itemprop="text"><p> Yes. Formatting a flash drive removes any viruses that were stored on it. However, boot-sector viruses, and rootkits remain unaffected by a format.</p></div>
 </div>
</div> <div class="panel panel-default" itemprop="mainEntity" itemscope="" itemtype="https://schema.org/Question">
 <div class="panel-heading" id="heading"5"">
 <div class="panel-title">
 <h3 class="panel-title panel-title__heading" itemprop="name"></h3> 
 </div>
 </div>
 <div class="panel-body" itemprop="acceptedAnswer" itemscope="" itemtype="https://schema.org/Answer">
 <div itemprop="text"><p>How to recover virus-infected files using CMD? You can only recover files infected by the Shortcut virus using CMD. These files are technically hidden, not deleted. To recover deleted, or corrupted files, use a good data recovery program, or a professional data recovery service. Here’s how to use the Command Prompt to recover files infected by the Shortcut virus: Search for “command prompt” or “cmd” in Windows Search (Windows Key + S). Right-click on Command Prompt > Run as administrator. Type ATTRIB -H -R -S /S /D X: *.*, replacing X with the drive’s drive letter, and press Enter. </p></div>
 </div>
</div> </section><p> Bottom Line The risk of getting a USB drive infected with a virus is high. The average computer user should have encountered a virus situation at least once in their lifetime. It’s common and it is bound to happen. So long as you continue to share files and download items from the internet, your drive remains at risk. That said, there are many preventive measures you can employ to keep your flash drive safe and secure. Always remember that preventive measures often save you time and money.
  5. Expand the Deleted or lost and Reconstructed sections. To view existing files (even hidden ones), expand the Existing section.Disk Drill interface with a message stating all recovery methods are complete, showing categories of recovered files.
  6. Tick the files you wish to recover. Disk Drill displays a preview of the currently selected file, but you can manually preview any file by hovering the cursor on it and clicking the eye button that appears. Click on Recover once you’re done selecting the files.File preview in Disk Drill showing 45 files found with details and recovery chances, including a video file selected.
  7. Choose a recovery destination for the files and click Next. We recommend recovering the files to a separate location, instead of the affected USB drive.Disk Drill recovery selection screen for 2 files from a generic flash disk with various destination folders to choose from.
  8. Disk Drill will recover the selected files.Disk Drill data recovery software showing a complete recovery of 2 files totaling 42.5 MB from a generic flash disk.
👀

Note: Disk Drill’s free trial lets you preview all recoverable files, and recover up to 500 MB of data for free. Further recovery requires a Disk Drill PRO license.

Disk Drill can help recover your data in three major virus-related scenarios:

Scenario 1: Damaged Master Boot Record (MBR) or Master File Table (MFT)

When viruses disorient the MBR or MFT components of your USB devices, that device can no longer be accessed via Explorer or Finder even when the files still exist on the drive. In this case, Disk Drill can restore the original structure that was before virus infection to save lost data.

Damaged Master Boot Record

Scenario 2: Unbootable USB Flash Drives

Viruses are capable of replacing the main record that stores boot information with its bootable record. This denies the user access to their files and folders. Now the user is prompted about the infected drive and is required to pay a ransom to unlock the files. As you may already be aware, giving out your money will not guarantee an unlock code. We recommend that you attempt to boot from a live USB device and scan it with Disk Drill which will reveal the files that are on the drive.

Unbootable USB Flash Drives

Scenario 3: Inaccessible Files & Folders (Resident virus)

Disk Drill puts devices in read-only mode before the scan process. This feature prevents the virus from further monitoring the drive, therefore significantly increasing the chances of restoring files from the virus-infected flash drive

Inaccessible Files & Folders (Resident virus)

How to Remove a Virus From the USB Drive

Removing the virus from your USB drive is simple—scan the drive using an antivirus program. Windows Defender does a good enough job, but you can use third-party antivirus tools for added peace of mind.

Recovering your files after removing the shortcut virus entails unhiding the affected files and folders.

Here’s how to remove viruses from your USB drive:

Remove USB Virus Using Windows Security (Windows Defender) on Windows 10 and Windows 11

It’s common knowledge that the Windows Platform is widely susceptible to viruses especially when it’s compared to Mac OS X and Linux-based systems.

The reason is that Windows is the most widely used and also because of how the operating system handles Administrator privileges and rights.

It’s only logical for hackers to focus more on a widely used medium because it increases the chances of a successful mass exploit.

Windows, despite being extremely vulnerable to viruses, has seen a lot of changes over the years with Microsoft focusing more resources to make the Windows platform more and more secure.

For example, the Windows Security utility continues to evolve and has seen some massive security updates in recent times. It’s also possible to recover files from virus-infected USB pen drives using Windows Security for Windows 10. To do this, attempt the following:

Windows 10

  1. Right-click the Start button and choose Settings. Ensure the USB drive is connected to your PC.
  2. Click on Update & Security.Windows Settings home screen highlighting the Update & Security option.
  3. Click Windows Security, and then choose Virus & threat protection.Windows Settings panel with Windows Security, and Virus and threat protection highlighted under Update & Security.
  4. Click on Check for updates under Virus & threat protection updates.Windows Security screen with a Check for updates button highlighted under Virus & threat protection updates.
  5. Under Current threats, click on Scan options.Windows Security main menu with Scan options highlighted in the Virus & threat protection section.
  6. Select Custom scan and then click the Scan now button.Windows Security showing scan options with Custom scan selected and a button to Scan now.
  7. Select the USB drive and click Select folder.Windows Security dialog box open on the Select Folder tab with USB Drive (E:) highlighted for a custom scan.
  8. Windows will scan the drive and remove any viruses.

Windows 11

  1. Connect your USB drive to the PC. Right-click on the Start button and click on Settings.
  2. Click on Privacy & Security in the sidebar.Windows Settings window with Privacy & security selected, showing options including Windows Security.
  3. Click on Windows Security.Windows Settings screen showing Privacy & security section with a focus on Security settings including Windows Security.
  4. Clickon Virus & threat protection. Windows Settings with Privacy & security section open, showing Virus & threat protection as having no actions needed.
  5. Select Protection updates under Virus & threat protection updates.Windows Security window showing Virus & threat protection updates, indicating security intelligence is up to date.
  6. Click on Check for updates.Windows Security window showing Protection updates section with a button to Check for updates for security intelligence.
  7. Go back to the previous screen, and click Scan options, under Current threats.Windows Security window with Virus & threat protection highlighted and Scan options link available.
  8. Choose Custom scan > Scan now.Windows Security window displaying scan options with Custom scan selected and a button to initiate the scan.
  9. Browse for the pen drive and choose Select folder.Windows Security Scan options window with a file explorer dialog open to select a specific folder for scanning.
  10. Wait while Windows scans the USB drive.

This process is straightforward and can help you to recover hidden files in USB caused by viruses. The good part also is that this process is free and you can do this without downloading additional software.

Remove a “Shortcut Virus” Using attrib Command (CMD)

The Shortcut virus as already indicated is one of the most common viruses capable of concealing your important files and documents. Using a few tricks such as a CMD method can get rid of it almost immediately. To do this, you need to follow these instructions.

  1. Type “cmd” in Windows Search (Windows Key + S). In the search results, right-click on Command Prompt > Run as Administrator.
  2. Type ATTRIB -H -R -S /S /D X: *.* in the Command Prompt console and press Enter. Replace X with the USB drive’s drive letter (you can find this in Windows Explorer > This PC, or Windows Disk Management).Command Prompt window open with administrative rights, showing a command entered to change file attributes on the E: drive.

Consider Formatting Your USB Drive

Formatting your USB drive wipes out all its stored files, including the virus. Use this method if antivirus programs were unable to effectively detect and delete the virus from your USB drive.

While most data recovery programs can recover your files after a quick format, there’s a high chance the recovered files have malicious code in them because of the virus.

Here’s how to format a pen drive on Windows:

  1. Press Windows Key + E to launch File Explorer.
  2. Go to This PC, right-click on your pen drive, and choose Format.File Explorer window open with a context menu for USB Drive (E:), with the 'Format...' option highlighted.
  3. You can modify the format parameters if you wish to, or simply clickthe Start button right away. Unchecking the Quick format option will perform a full format. This removes all files from the drive and overwrites them with zeroes.This is much safer than using the Quick format option, but you cannot recover any files after a full-format.Format USB Drive (E:) window displaying capacity, file system, and allocation unit size with options to restore device defaults and start the format.
  4. Windows will format the USB drive.
⚠️

Important: Formatting only removes local viruses from the USB drive. More sophisticated viruses like firmware viruses, bootkits, and rootkits remain on the drive as they reside in the MBR (Master Boot Record) which remains untouched during a format. To remove viruses that dwell in the MBR, use a tool like HDD Low Level Format—the tool’s trial version can clean the flash drive’s MBR.

What is Flash Drive Virus & What are their Types?

Flash drives viruses are very common these days with each of them posing similar threats but often in a different way. To provide a breakdown of some of the different viruses and how they affect your files or PC, you first need to understand what a flash drive virus is.

Virus Infected USB Drive

A flash drive virus is essentially a malicious program that infiltrates your computer and does damage to it by either slowing it down or corrupting the data stored on it. As already mentioned, there are many flash drive viruses and the kind of exploits they are designed to do.

  • 🦠 Ransomware. Ransomware has gained notoriety in recent years with attacks skyrocketing for businesses and individuals alike. Ransomware is essentially a type of malware that prevents users from gaining access to their files and computer systems until a ransom has been paid to the perpetrators. Ransomware is commonly spread through deceptive links and emails which trick users into opening them to access some information. In some cases, the links are spread through phishing emails that appear to have been sent legitimately.
  • 🔐 PHUKD. Also known as “THATSPHUKD” & “URFUKED”, this type of virus affects your PC by encrypting files based on the timing provided by hackers who control it. Unlike other viruses that immediately encrypt your files when they are infected, the PHUKD virus could remain invisible before it starts to do any damage to your files.
  • 🔑 Rubber Ducky Firmware. The Rubber Ducky Firmware virus is quite similar to the PHUKD virus in that it also encrypts your files. The major difference is that this virus encrypts your files almost immediately and uses pre-existing keystrokes to make your files inaccessible. It’s able to do this by tricking your Computer system to believe that it is a generic keyboard.
  • 🛡️ Password Protection Bypass Patch. To protect our files from illegal access, we often create passwords to limit their access. However, the sad news is that the Password Protection Bypass Patch is capable of overriding password-protected files and assumes control of them. By making changes to the firmware of your USB drive, the virus cracks open your encrypted files. If for some reason you believe your flash drive has been compromised by this virus, it is recommended that you discontinue its use.
  • 👾 Shortcut Virus. The shortcut virus is pretty common and as the name suggests, the virus conceals your files and folders and replaces them with a shortcut that maintains the attributes of the original files and folders. The sneaky virus is capable of replicating itself unto other files when you click on files and folders that have already been infected. The Shortcut virus runs your PC performance down and could potentially expose your data to third parties. This type of virus is usually transmitted when files are being transferred to your PC physically.

How to Protect Your Thumb Drive from Viruses

There are many precautionary measures to keep your Thumb Drive free from viruses. Maintaining a high level of restraint when transferring items to your drive should protect it from some of the most common viruses.

  • 🌐 Verify Computer System or Network. Ideally, what you need to is to verify from the Computer System or network you intend to connect your flash drive to. This allows you information on whether the network is secure or not. For Public networks and devices especially, doing this is very important.
  • 🖥️ Scan your Drive Regularly. You need to habitually scan your Flash Drive for viruses using Antivirus software. Based on your usage, you may opt to do this Daily or Weekly. Either way, just ensure that you do this religiously to keep your drive safe and secure.
  • 🚧 Avoid Suspicious Websites. Reckless online activity can greatly increase the chances of infecting your Flash Drive when it’s connected to your PC. Hackers can exploit users through unsecured websites – especially file sharing sites that allow users to download files onto their PCs.
  • 🔒 Write Protect your Flash Drive. Another way to keep your USB drive secure is by write-protecting it. Modern flash drives are often endowed with such a capability. Enabling this feature will prevent files of all types from being written to your drive without your permission.
  • 📁 Identify Files to Be Transferred. Before attempting to transfer any files to your flash drive, manually identify if the files are indeed what you intend to transfer. Additionally, it is recommended that you avoid transferring files in bulk if you’re suspicious.

How Do USB Devices Get Infected with Malware?

USB devices are predisposed to viruses of all kinds. It’s also a known fact that USB drives get infected with malware deliberately or unintentionally.

Hackers who seek to exploit a computer system may infect a USB malware to gain access and control over a system or network. This is an example of deliberate infection.

Users may also get USB drives infected unknowingly when they plug them into an unsecured network or PC. For example, public networks in schools, airports, and Internet cafes are some of the most vulnerable networks that could pose a threat to your USB drive when connected.

❗️

If care is not taken, you could expose your USB drive to a malware attack since such networks often lack a robust and secure infrastructure to mitigate against a possible virus attack.

FAQ

Can viruses be transferred through USB?

Yes. Previous versions of Windows included the Autorun feature which instantly opened USB drives once they were connected to a PC. This made flash drives instant victims to viruses that were present on a host PC. While the Autorun feature is no longer available for modern versions of Windows, you can transfer viruses to a drive when you manually open a file or folder on the flash drive while it’s connected to an infected PC.

Does formatting a flash drive remove viruses?

Contrary to popular belief, the usual formatting of your flash drive in Windows will not remove viruses. Low-level formatting, however, can guarantee some level of success with virus removal.

How can I recover my permanently deleted files from Pendrive?

Several Data Recovery Applications can recover files from virus-infected USB pen drives. Tools such as Disk Drill, EaseUS, and Recoverit are capable of getting your permanently deleted files back from your Pendrive.

Does formatting a flash drive remove viruses?

Yes. Formatting a flash drive removes any viruses that were stored on it. However, boot-sector viruses, and rootkits remain unaffected by a format.

How to recover virus-infected files using CMD?

You can only recover files infected by the Shortcut virus using CMD. These files are technically hidden, not deleted. To recover deleted, or corrupted files, use a good data recovery program, or a professional data recovery service.

Here’s how to use the Command Prompt to recover files infected by the Shortcut virus:

  1. Search for “command prompt” or “cmd” in Windows Search (Windows Key + S).
  2. Right-click on Command Prompt > Run as administrator.
  3. Type ATTRIB -H -R -S /S /D X: *.*, replacing X with the drive’s drive letter, and press Enter.

Bottom Line

The risk of getting a USB drive infected with a virus is high. The average computer user should have encountered a virus situation at least once in their lifetime. It’s common and it is bound to happen. So long as you continue to share files and download items from the internet, your drive remains at risk.

That said, there are many preventive measures you can employ to keep your flash drive safe and secure. Always remember that preventive measures often save you time and money.

About article
Contributing Writer Michael Alimo

This article was written by Michael Alimo, a Contributing Writer at Handy Recovery Advisor. It was recently updated by Manuviraj Godara. It was also verified for technical accuracy by Andrey Vasilyev, our editorial advisor.

Curious about our content creation process? Take a look at our Editor Guidelines.

How do you rate the article? Submitted: