How to remove Virus from USB Drives

One of the ways by which a virus can infect your PC is through USB/Pen drives. Commonviruses such as ’Ravmon’ , ‘New Folder.exe’, ‘Orkut is banned’ etc are spreading throughUSB drives. Most anti virus programs are unable to detect them and even if they do, in most cases they are unable to delete the file, only quarantine it. Here are the things which you can do if you want to remove such viruses from your USB Drive

Whenever you plug a USB drive in your system, a window will appear similar to the one shown below

Don’t click on Ok , just choose ‘Cancel’. Open the Command Prompt by typing ‘cmd‘ in the run box. In the command prompt type the drive letter: and press enter . Now type dir /w/a and press enter.

This will display a list of the files in the pen drive. Check whether the following files are there or not

• Autorun.inf
• Ravmon.exe
• New Folder.exe
• svchost.exe
• Heap41a
• or any other exe file which may be suspicious.

If any of the above files are there, then probably the USB drive is infected. In command prompt type attrib -r -a -s -h *.* and press enter. This will remove the Read Only, Archive, System and hidden file attribute from all the files. Now just delete the files using the command del filename. example del Ravmon.exe. Delete all the files that are suspicious. To be on a safer side, just scan the USB drive with an anti virus program to check whether it is free of virus or not. Now remove the drive and plug it again. In most of the cases, the real culprit turns out to be the “Autorun.inf” file which mostly gets executed when someone clicks Ok in the dialog window which appears above. Thus the infections can spread

Security Tip

Disable the Autoplay feature of USB drives. If you disable the Autoplay feature of USB drives, then there are lesser chances of the virus spreading. A tool which can perform such a function is Tweak UI. Download it from here install it.

Run the program. Now you can disable the Autoplay feature of the removable drives as shown above. By following the above steps, you can keep your USB drives clean.

Update: Tweak UI is a freeware software you can download it here:http://www.filehippo.com/download_tweakui/

How To Uninstall GrooveMonitor.exe

GrooveMonitor is a service utility that tracks groove behavour and creates reports for error reporting to MS (what else does it report?). It loads on startup. It gets installed when you install Office 2007. However it doesn't get uninstalled when you uninstall Office 2007. GrooveMonitor starts upon Windows startup (via registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run).

To remove GrooveMonitor from your machine you have to go to Control Panel and then select Add/Remove programs. GrooveMonitor is one of the displayed applications. Uninstall it from there. That should do it for any normal windows program. Not surprisingly Microsoft himself often violates this basic principle (which surprisingly would give you more control over their crappy [pardon my French] software), and GrooveMonitor will still load on startup.

You can however use msconfig to prevent it from coming up on Windows startup.
1. Go to Start menu and click Run
2. Type msconfig and press Enter.
3. Go to Startup tab and then uncheck any reference to "groovemonitor"
4. Reboot

Note: Some malware may also camouflage themselves as GrooveMonitor.exe, particularly if they are located in c:\windows or c:\windows\system32 folder.

GrooveMonitor is currently owned by Microsoft Corporation.