How to remove shortcut virus and recover files

While using our pen drives and other mass storage devices, we often fall in a situation where our device shows the space occupied and inside it doesn’t show any file or folder or just display shortcuts of them. I am going to share this because it happened to me lots of time whenever I used my pen drive in my institute

Before explaining the process of recovering your files let us understands why this actually happens. This is usually done by a virus, which creates shortcut of files and remove the original ones. But in actual these files are not completely deleted. These are just got hidden, but in that case you cannot access to them by using ‘windows show hidden files and folders’ option, because this option allow you to display only those files which have hidden ‘h’ attribute set. This virus not only sets the h attribute only but it also sets the ‘s’ attribute i.e. the system attribute which in turn make you files system files.


One can easily got access to these files by simply choosing one more option just below the show hidden files and folders option:

Hide protected operating system files

In order to view your data uncheck this option and you’ll be warned by your windows just select Yes and you can get access to your files. This method is just to show these files but in actual these are still system files.



After getting access to your files the next task to recover these files as normal user files. In order to do that you need to remove the ‘s’ attribute from these files. This can achieved by following simple steps :

Press windows + r and run dialog will appear on your screen, type ‘cmd’ in the provided text box and hit enter, after that Command Prompt window will appear.


Inside this window type the drive letter followed by the colon ‘:’ and then hit enter. In our case the drive letter for our device is ‘E’. As soon you hit enter the prompt will change from C:\ to E:\. This indicate that now you are working on E drive of your system now.

C:\Users\D-Kay> E:



After that run the following command this command will delete all shortcuts created by the virus, also you can delete them manually.

E:\>  del *.lnk


Now it’s time to recover your files to the original state, in order to do that, simply run the following command and hit enter. This command will remove the s as well as h attribute from all infected files and these files are then restored back to the original position. Close the command prompt and browse back to your device. Your data is recovered, enjoy  :) .

E:\>  attrib –h –s –r *.* /s d /l


With all this let us give you a simple tip on hiding you personal data from others which can not be accessed from windows ‘Show hidden files and folders’ option as well.

Suppose you want to hide the folder name abc located in the root of the E drive your computer. Simply run the following command.

E:\ >  attrib +h +s abc


Now, in order to recover your files do some reverse engineering , run the following command and hit enter.

E:\>  attrib –h –s abc


Spread the love...Share on FacebookShare on Google+Pin on PinterestShare on RedditTweet about this on TwitterEmail this to someone