How It Create ?
- Open WinRAR application. (If you don’t have this software installed yet, download it fromhere.)
- From inside WinRAR interface, move on to your infected drive. Inside it, you’ll find all your files safe and clearly visible.
- Select them all, right click -> Add Files to Archive and choose a name like USB Drive Backup.rar (anything you like). With this, you’ve created an archive of all the files inside the infected drive.
- Open My Computer -> and open your infected drive. You’ll find your created archive there. Right click on it -> Cut. Paste it somewhere safe in your hard disk drive.
- Open My Computer, Right-click on your infected drive -> Format. Chose Quick Formatoption and Start.
- After the format is over, just extract the backed up .rar file back into the removable drive.
- Plug your USB drive in PC.
- Open Start Menu –> Run. (To open run dialog, you can alternatively type Win+R). In the Run dialog box, type cmd.
- Copy the below code and paste it into CMD:
- ATTRIB -H -R -S /S /D G:*.*
orOpen Start Menu –> Run. (To open run dialog, you can alternatively type Win+R). In the Run dialog box, type cmd.
- c:usersPC NAME>g: ( G is the removal drive which is infected by shortcut)
G:>attrib -s -h /s /d *.*
The explanation of the above code:
Attrib specifies the attribute (as you might have guessed it)
-H is to unhide all the files on Flash Drive (which were hidden as shortcuts due to the virus)
-R is to create the files in your Pen Drive (recreate the shortcut files retrieving the original contents)
-S makes all the file on your USB drive not to be the part of system again (which makes it easy to do the process)
G is the Assumed USB Drive’s Letter (you’ll have to change it according to your Pen Drive / External HDD drive’s letter)
Steps To Remove Shortcut Virus From Registry:
- Open Task Manager by encircling Ctrl + Shift + Esc.
- Click on the Processes tab, and find Wscript.exe. If you find it, select it and then click End Processes.
- Open Run dialog box (Win + R key), type in regedit. This will open the Registry Editor.
- Navigate to HKEY_CURRENT_USER / Software / Microsoft / Windows / CurrentVersion / Run.
- Here, look for a registry key named odwcamszas, right click on it and Delete it.
Steps To Remove Shortcut Virus By Tweaking Config:
- Open the Run box and type in %temp%. This will open the Temporary Files folder.
- Search in that folder for nkvasyoxww.vbs. If found, delete it.
- Again, open the Run box and type in msconfig.
- Go to Startup Tab, disablenkvasyoxww.vbs from there. (In Windows 8, open Task Manager, go to Startup tab, and disable nkvasyoxww.vbs)