How to Recover Files from a Virus Infected USB Drive

Computer viruses account for about 6 percent of data loss situations. While that may seem insignificant, the volume of data that is lost to malware and viruses is certainly huge. This further reinforces the fact that many data storage devices are prone to viruses and that includes USB drives.

Due to the nature of USB flash drives, they can easily become carriers of viruses from other computers especially when virus-infected files are being transferred to them. The result is usually a corruption of pre-existing data and in some scenarios, leads to the deletion of files.

To recover files from the virus-infected USB drive, there are a couple of tools out there capable of helping you get those files back.

What is Flash Drive Virus & What are their Types?

Flash drives viruses are very common these days with each of them posing similar threats but often in a different way. To provide a breakdown of some of the different viruses and how they affect your files or PC, you first need to understand what a flash drive virus is.

A flash drive virus is essentially a malicious program that infiltrates your computer and does damage to it by either slowing it down or corrupting the data stored on it. As already mentioned, there are many flash drive viruses and the kind of exploits they are designed to do.

• 🦠 Ransomware. Ransomware has gained notoriety in recent years with attacks skyrocketing for businesses and individuals alike. Ransomware is essentially a type of malware that prevents users from gaining access to their files and computer systems until a ransom has been paid to the perpetrators. Ransomware is commonly spread through deceptive links and emails which trick users into opening them to access some information. In some cases, the links are spread through phishing emails that appear to have been sent legitimately.
• 🔐 PHUKD. Also known as “THATSPHUKD” & “URFUKED”, this type of virus affects your PC by encrypting files based on the timing provided by hackers who control it. Unlike other viruses that immediately encrypt your files when they are infected, the PHUKD virus could remain invisible before it starts to do any damage to your files.
• 🔑 Rubber Ducky Firmware. The Rubber Ducky Firmware virus is quite similar to the PHUKD virus in that it also encrypts your files. The major difference is that this virus encrypts your files almost immediately and uses pre-existing keystrokes to make your files inaccessible. It’s able to do this by tricking your Computer system to believe that it is a generic keyboard.
• 🛡️ Password Protection Bypass Patch. To protect our files from illegal access, we often create passwords to limit their access. However, the sad news is that the Password Protection Bypass Patch is capable of overriding password-protected files and assumes control of them. By making changes to the firmware of your USB drive, the virus cracks open your encrypted files. If for some reason you believe your flash drive has been compromised by this virus, it is recommended that you discontinue its use.
• 👾 Shortcut Virus. The shortcut virus is pretty common and as the name suggests, the virus conceals your files and folders and replaces them with a shortcut that maintains the attributes of the original files and folders. The sneaky virus is capable of replicating itself unto other files when you click on files and folders that have already been infected. The Shortcut virus runs your PC performance down and could potentially expose your data to third parties. This type of virus is usually transmitted when files are being transferred to your PC physically.

What Happens When Viruses Infect Your USB Drive?

When your USB drive is infected by a virus, it immediately becomes a carrier of that virus and could potentially transfer the virus to other PCs and devices it’s connected to.

While the effects of an infected USB drive vary based on the nature of the virus, the result is pretty much the same thing – deletion or encryption of your files.

How Do USB Devices Get Infected with Malware?

USB devices are predisposed to viruses of all kinds. It’s also a known fact that USB drives get infected with malware deliberately or unintentionally.

Hackers who seek to exploit a computer system may infect a USB malware to gain access and control over a system or network. This is an example of deliberate infection.

USB flash drives are like taxicabs for malware. Virus scan them before use and don't use unfamiliar ones! #cybersecurity #tips pic.twitter.com/ITQHTFp9mJ

— DigitalSecurityWatch (@DS_Watch) April 15, 2021

Users may also get USB drives infected unknowingly when they plug them into an unsecured network or PC. For example, public networks in schools, airports, and Internet cafes are some of the most vulnerable networks that could pose a threat to your USB drive when connected.

How to Remove USB Viruses & Recover Files from Virus Infected USB Drives

USB drives are common targets for malware, which can cause all sorts of problems, including data loss. Use the techniques below to combat it.

Recover Deleted Files from Virus Infected USB Flash Drive Using Recovery Software

One of the major setbacks associated with an infected USB Flash Drive is when your files get deleted. Knowing how important our files can be, losing them should never be an option. Attempting to recover your deleted files from your infected drive requires reliable USB data recovery software.

For good reasons, we will demonstrate how you can use Disk Drill USB Recovery to recover your deleted files from a virus-infected USB flash drive. Having used Disk Drill in the past, we were able to recover more than 90% of our files that were lost through the virus attack. We can also vouch for its user-friendly interface and its ease of use.

Scenario #1: Damaged Master Boot Record (MBR) or Master File Table (MFT)

When viruses disorient the MBR or MFT components of your USB devices, that device can no longer be accessed via explorer or finder even when the files still exist on the drive. In this case, Disk Drill can restore the original structure that was before virus infection to save lost data.

Scenario #2: Unbootable USB Flash Drives

Viruses are capable of replacing the main record that stores boot information with its bootable record. This denies the user access to their files and folders. Now the user is prompted about the infected drive and is required to pay a ransom to unlock the files. As you may already be aware, giving out your money will not guarantee an unlock code. We recommend that you attempt to boot from a live USB device and scan it with Disk Drill which will reveal the files that are on the drive.

Scenario #3: Inaccessible Files & Folders (Resident virus)

Disk Drill puts devices in read-only mode before the scan process. This feature prevents the virus from further monitoring the drive, therefore significantly increasing the chances of restoring files from the virus-infected flash drive

To recover files from the virus-infected USB drive using Disk Drill, you need to follow these instructions.

1. Download and install Disk Drill.
2. Plug the flash drive into your computer using any of the available USB Ports.
3. Launch the Disk Drill app.
4. Select the flash drive from the list of available partitions.
5. Proceed to click “Search for lost data” to begin the scan process.
6. Review the files after the scan and choose which ones you intend to recover.
7. Finally, click the “Recover” button to restore the files to a new location.

Remove USB Virus Using Windows Security (Windows 10)

It’s common knowledge that the Windows Platform is widely susceptible to viruses especially when it’s compared to Mac OS X and Linux-based systems.

The reason is that Windows is the most widely used and also because of how the operating system handles Administrator privileges and rights.

It’s only logical for hackers to focus more on a widely used medium because it increases the chances of a successful mass exploit.

For example, the Windows Security utility continues to evolve and has seen some massive security updates in recent times. It’s also possible to recover files from virus-infected USB pen drives using Windows Security for Windows 10. To do this, attempt the following:

1. Plug your USB drive into your Windows 10 PC. The first step is to insert your flash drive into your PC. At this point, you shouldn’t attempt to open the drive or view the files stored in it yet.
2. Launch the Windows Settings App. The Settings App can be found on the left-side panel of the start menu.
3. Click “Update & Security”. Launching the settings app reveals several options which include “Update & Security”. Proceed to click on it.
4. Open Windows Security. Under “Update & Security”, go ahead and open Windows Security.
5. Select Virus and Threat Protection. Click “Virus and Threat Protection” under Windows & Security.
6. Check for updates. Clicking on “Check for Updates” will scan for available security software from Microsoft’s server and downloads the necessary updates.
7. Scan Option. The next step would be to scan your PC for potential viruses. You can choose between 4 scan options (Quick scan, Full Scan, Custom Scan & Windows Defender Offline Scan). Since we are focused on scanning a USB drive, proceed to select Custom scan. This gives you the option to select your preferred scan location. Finally, click “Scan now”
8. Select the USB Drive. Now select the appropriate USB flash drive and choose the folders you intend to scan. Windows will now scan your files and folders for viruses. Depending on the volume of files, this process may take a while to complete.
9. Follow instructions to remove viruses. Once the scan process is complete, a window will appear indicating whether any viruses were detected or not. If present, follow the on-screen guide to remove the viruses.

This process is straightforward and can help you to recover hidden files in USB caused by viruses. The good part also is that this process is free and you can do this without downloading additional software.

Remove a “Shortcut Virus” Using attrib Command (CMD)

The Shortcut virus as already indicated is one of the most common viruses capable of concealing your important files and documents. Using a few tricks such as a CMD method can get rid of it almost immediately. To do this, you need to follow these instructions.

1. Launch the CMD tool. You can do this by clicking the Windows Key on your PC and then typing “cmd” in the search bar. Right-click on the Command prompt and choose “Run as Administrator”
2. Navigate to the USB Drive by typing its letter. [ Let’s assume the letter X] and hit Enter.  You can double-check the letter assigned to your drive by launching “File Explorer” and then capturing the letter that precedes your USB drive.
3. Type chkdsk X: /f
4. Finally, type ATTRIB -H -R -S /S /D X:*.*( x represents the specific letter assigned to your USB drive) and hit Enter. This simple command can restore files hidden by viruses and enable you to regain control over your files and folders.

How to Protect Your Thumb Drive from Viruses

There are many precautionary measures to keep your Thumb Drive free from viruses. Maintaining a high level of restraint when transferring items to your drive should protect it from some of the most common viruses.

• 🌐 Verify Computer System or Network. Ideally, what you need to is to verify from the Computer System or network you intend to connect your flash drive to. This allows you information on whether the network is secure or not. For Public networks and devices especially, doing this is very important.
• 🖥️ Scan your Drive Regularly. You need to habitually scan your Flash Drive for viruses using Antivirus software. Based on your usage, you may opt to do this Daily or Weekly. Either way, just ensure that you do this religiously to keep your drive safe and secure.
• 🚧 Avoid Suspicious Websites. Reckless online activity can greatly increase the chances of infecting your Flash Drive when it’s connected to your PC. Hackers can exploit users through unsecured websites – especially file sharing sites that allow users to download files onto their PCs.
• 🔒 Write Protect your Flash Drive. Another way to keep your USB drive secure is by write-protecting it. Modern flash drives are often endowed with such a capability. Enabling this feature will prevent files of all types from being written to your drive without your permission.
• 📁 Identify Files to Be Transferred. Before attempting to transfer any files to your flash drive, manually identify if the files are indeed what you intend to transfer. Additionally, it is recommended that you avoid transferring files in bulk if you’re suspicious.

FAQ

Bottom Line

The risk of getting a USB drive infected with a virus is high. The average computer user should have encountered a virus situation at least once in their lifetime. It’s common and it is bound to happen. So long as you continue to share files and download items from the internet, your drive remains at risk.

That said, there are many preventive measures you can employ to keep your flash drive safe and secure. Always remember that preventive measures often save you time and money.