All my pen-drive content appear inside a single shortcut

I have been noticing this problem in a few pen-drives for quite a lot of time, and now this has occurred to mine.

When I double click on the pen-drive icon, I find a pen-drive short-cut icon to %windir%\System32\rundll32.exe \~$n.dqu,cxcxcscxgxcbgpzm.

Here is a screen-shot: problem1

When I open it, this appears: problem2

What is the problem? Is it safe? And how can I make it normal?

If it helps, I am using this pen-drive on Windows 8.1 and 7 laptops. The problem started after plugging it to the Windows 7 one (not immediately after plugging it, but after a few weeks).

Switch

Posted 2015-05-16T16:40:33.763

Reputation: 311

Answers

I bet this is a virus. This occurs when you plug your USB on a system that has this virus. It just hides all the files in the drive, and creates a shortcut to a virus exe. That shortcut surprises the users of other systems, and when they run it, it's activated.

You can simply get rid of this with a boot time antivirus scan, and WinRar (Trial version works) or also 7-zip if you want opensource free tools. Using it, type the drive letter in the address bar, you can see all the files, and the shortcut along with the virus executable.

Delete all of them, un-hide your files (right-click and properties). Now do a boot scan (scanning before the OS boots, avast supports this in the free edition) to prevent any other viruses that might be crept in.

EDIT: I have got this virus again when I used my pendrive in a cafe, so I made a video showing how to recover the files.

https://www.youtube.com/watch?v=jyf1U1uSx2E

Sri Harsha Chilakapati

Posted 2015-05-16T16:40:33.763

Reputation: 397

Can you explain how WinRAR and 7-Zip will be helpful? – Karan – 2015-05-17T22:07:52.277

@Karan both WinRar and 7-Zip can display the files in a directory, and they show the files even if they are hidden. – Sri Harsha Chilakapati – 2015-05-18T02:33:39.843

Oh, that way. Explorer by itself would suffice then. – Karan – 2015-05-18T02:34:39.217

@Karan Windows explorer doesn't work here, since the files will be hidden. I suggested this in case the op is not a power user. If he is, he can use command prompt to unhidden those files. – Sri Harsha Chilakapati – 2015-05-18T02:37:58.020

Explorer can easily be set to display hidden and system files, so why do you say it won't work? – Karan – 2015-05-18T02:39:46.873

@Karan That doesn't work for me when I got this virus way back in 2006, in xp. This workaround helped me then which I suggested here. – Sri Harsha Chilakapati – 2015-05-18T02:41:44.107

Ok, it must have affected Explorer too somehow in your case. Here at least the OP is able to see his files in Explorer but your advice might be useful when Explorer itself is unable to display the files. – Karan – 2015-05-18T02:44:31.533

This appears to be a long-standing virus.

I recommend ensuring that your virus checker is up-to-date and running a full scan. You might want to also investigate some additional anti-malware tools such as:

SuperAntiSpyware
Malwarebytes
SlimClean
BleachBit

There are a number of places giving advice on how to remove the virus including "How to Remove Shortcut Virus in PC and Flash Drive". They have a tool for removing the virus though they don't claim a 100% success rate and offer alternative approaches if it doesn't work.

To be able to see your files directly without having to click on the shortcut (which activates the virus), from a command prompt:

attrib f:*.* /d /s -h -r -s

Where f: is the drive letter of your pen drive.

Julian Knight

Posted 2015-05-16T16:40:33.763

Reputation: 13 389

that Win7 laptop runs AVG anitvirus – Switch – 2015-05-16T17:13:00.470

No anti-virus tool is 100% successful at finding malware which is why I'm recommending some additional tools. Start with the one I've linked to to fix the immediate problem and then run some or all of the others to discover any other problems. – Julian Knight – 2015-05-17T08:48:29.977

Check for some other common problems like:

Unable to make visible hidden and system files
Unable to Safely remove that external device
Same kind of shortcuts started appearing in other external devices that you connect
Some new unusual processes found in task manager

If some of these problems are there in your system then it is most probably occurring due to some Trojan Horse already present in that system. That Trojan Horse might replicate itself to any external device that is attached to this computer.

You need to install a good anti-virus program that you trust the most. As per my recommendation you can use:

Malwarebytes Anti-Malware (Free)
Kaspersky Anti-Virus (Trial)

In addition to these you can generate hijackthis report and show it to a security expert for detailed analysis.

n0noob

Posted 2015-05-16T16:40:33.763

Reputation: 25