Get rid of drive.bat computer virus that makes data on thumb drives and SD memory cards inaccessible by replacing their folders and files with shortcuts.
The ill-famed shortcut virus has become a buzzword over the years that’s it has been circulating, but not everyone knows there’s a number of its spinoffs that operate somewhat differently. One of the mutations spreads via a Windows batch file named drive.bat, which is effectively an object that forces the host operating system to execute certain commands. Regarding the concept proper, it’s quite bizarre that an infection as ostensibly primitive as this is still in the wild in the era of high-profile threats like ransomware, rootkits and banking trojans. And yet, the fact remains that lots of users around the globe keep catching the thumb drive shortcut malware through physical means, that is, by inserting their removable media into contaminated computers which, most likely, got infected via a virus-tainted memory stick themselves. Why the cybercrooks behind this plague are distributing it is quite a puzzle, but it does cause a lot of harm to victims despite the whole simplicity.
Now, back to the point – the drive.bat virus transforms all the contents of an infested memory medium into shortcuts, usually 1 KB in size, which open up blank or cannot be opened at all. At the first blush, this predicament looks like a complete loss of data stored on the drive. In fact, though, the infection simply corrupts the display of data hierarchy, which is good news to anyone that’s hit. A thumb drive becomes a carrier of the contagion when it’s plugged into a Windows machine with the virus on board. The PC, in its turn, may get exposed to the malady after the user unknowingly downloads the drive.zip file off of the Internet. This may be a stealthy drive-by download invisible to the naked eye, or a part of a bundle trespassing on the system with packaged installations of freeware or shareware. One way or another, the drive.zip archive is automatically extracted to every USB drive or SD card inserted into the computer henceforth. So much for the propagation routine.
Once drive.bat is copied to removable media, it runs automatically and causes all the files and directories to morph into shortcuts. Another likely adverse effect is the termination of popular antimalware suites running on the system at the time of the attack. This is, obviously, a more straightforward and aggressive methodology than the commonplace AV evasion. To top it off, the virus may also prevent the victim from accessing Registry Editor. Fortunately, all the information hidden behind the veil of shortcuts can be reinstated in its original form. Peruse the troubleshooting part below to find out how.
Automated removal of drive.bat virus
Owing to an up-to-date database of malware signatures and intelligent behavioral detection, the recommended software can quickly locate the infection, eradicate it and remediate all harmful changes. So go ahead and do the following:
1. Download and install the antimalware tool. Open the solution and have it check your PC for PUPs and other types of malicious software by clicking the Start Computer Scan button
2. Rest assured the scan report will list all items that may harm your operating system. Select the detected entries and click Fix Threats to get the troubleshooting completed.
Use batch file to remove drive.bat virus and restore data
• Open Notepad and paste the following command in it, replacing “F” with the infected drive name:
attrib -h -s -r -a /s /d F:*.*
• Save the Notepad file as fixvirus.bat or similar – the .bat part is mandatory.
• Double-click the .bat file you just created. This will run the executable. The shortcuts for affected drive and its contents should now be replaced with normal data objects. If this didn’t help, try the following recommendations.
Use Command Prompt to fix the drive.bat problem
• Type cmd in your Windows Search box and press Enter to open the command-line interface
• Now type the following string in the command-line interpreter (put the name of the infected drive instead of “F” in the example):
attrib -h -s -r -a /s /d F:*.*
• Hit Enter to execute the command. You should be good to go now.
Revise your security status
Post-factum assessment of the accuracy component in malware removal scenarios is a great habit that prevents the comeback of harmful code or replication of its unattended fractions. Make sure you are good to go by running an additional safety checkup.
- “The requested resource is in use” virus popups in Windows
- AES-NI Ransomware removal: decrypt .aes_ni_0day files
- Eccentric “Rensenware” infection demands Touhou game score instead of Bitcoin
- Wcry ransomware: .wcry files decryptor and virus removal
- Microsoft Warning Alert scam: remove fake virus popups