USB stick poisoning phenomenon and removal method

Source: Internet
Author: User

Have you ever encountered a file when using a USB flash drive? Or is there a phenomenon that can't be opened? In fact, these conditions indicate that your USB stick has been poisoned. So how exactly can be determined is a U disk poisoning phenomenon? Let's talk about this.

If you are using a USB flash drive and other mobile storage devices, the following symptoms indicate that your USB flash drive has been poisoned:

1. The words "Auto Play", "Auto" appear in the right-click menu of U disk

2., open the USB flash drive is very slow, double-click on the entry always show the use of a program such as a hint

3, in the root directory of the USB stick appear some inexplicable hidden files, such as "Autorun.inf, Msvcr71.dl,ravmone.exe, Tel.xls.exe" and hidden Directory "Recycler".

The method of virus removal of u disk

One of the countermeasures: Manually remove the USB stick virus

First, Show hidden files and check for "Auto Run.info, Msvcr71.dl, Ravmone.exe" and hidden Directory "Recycler" in the USB drive directory. If present, you can be sure that the USB stick is infected with the virus. --(note: Sometimes a cunning virus will invalidate the settings that show hidden files, thus avoiding avira.) Can be in the root directory of the USB stick, press the "CTRL + a" key combination, if you are prompted "The file contains hidden files, then it is certain that the virus destroyed the folder options related settings, so that the file cannot be displayed." Open My Computer in turn--control Panel--Folder ——— View--Hide folders and files--show all. This will be able to delete the virus file one by one, if you encounter a virus file can not be deleted, press the "Ctrl+alt+delete" key combination, open Task Manager, the shape of "ravmone.exe,svohost.exe" such as the end of the virus, again deleted. Then, search the above virus file, focus on finding "c:windows" directory and "C:windows system" and "c:windowssystem32" Directory of illegal programs, found after one by one delete. Next, go to Registry Editor, search by virus name keyword, find after one by one delete. Focus on the [hk-loacal Machinesoftwaremicrosoftwindowscurrentversionrun] Branch, and the pane on the right is typically visible as "c:windowsravmone.exe" or " C:windowsystem32svohost.exe "To delete a virus boot entry like this. Finally, in the Run dialog box, type "Msconfig", enter the System Utility Configuration window to open, the addition of anti-virus software, firewall and input, all other than the boot entry, the virus was completely removed.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.