USB stick poisoning phenomenon and removal method

Have you ever encountered a file when using a USB flash drive? Or is there a phenomenon that can't be opened? In fact, these conditions indicate that your USB stick has been poisoned. So how exactly can be determined is a U disk poisoning phenomenon? Let's talk about this.

If you are using a USB flash drive and other mobile storage devices, the following symptoms indicate that your USB flash drive has been poisoned:

1. The words "Auto Play", "Auto" appear in the right-click menu of U disk

2., open the USB flash drive is very slow, double-click on the entry always show the use of a program such as a hint

3, in the root directory of the USB stick appear some inexplicable hidden files, such as "Autorun.inf, Msvcr71.dl,ravmone.exe, Tel.xls.exe" and hidden Directory "Recycler".

The method of virus removal of u disk

One of the countermeasures: Manually remove the USB stick virus

First, Show hidden files and check for "Auto Run.info, Msvcr71.dl, Ravmone.exe" and hidden Directory "Recycler" in the USB drive directory. If present, you can be sure that the USB stick is infected with the virus. --(note: Sometimes a cunning virus will invalidate the settings that show hidden files, thus avoiding avira.) Can be in the root directory of the USB stick, press the "CTRL + a" key combination, if you are prompted "The file contains hidden files, then it is certain that the virus destroyed the folder options related settings, so that the file cannot be displayed." Open My Computer in turn--control Panel--Folder ——— View--Hide folders and files--show all. This will be able to delete the virus file one by one, if you encounter a virus file can not be deleted, press the "Ctrl+alt+delete" key combination, open Task Manager, the shape of "ravmone.exe,svohost.exe" such as the end of the virus, again deleted. Then, search the above virus file, focus on finding "c:windows" directory and "C:windows system" and "c:windowssystem32" Directory of illegal programs, found after one by one delete. Next, go to Registry Editor, search by virus name keyword, find after one by one delete. Focus on the [hk-loacal Machinesoftwaremicrosoftwindowscurrentversionrun] Branch, and the pane on the right is typically visible as "c:windowsravmone.exe" or " C:windowsystem32svohost.exe "To delete a virus boot entry like this. Finally, in the Run dialog box, type "Msconfig", enter the System Utility Configuration window to open, the addition of anti-virus software, firewall and input, all other than the boot entry, the virus was completely removed.