Recovering Files From a Virus-Infected USB Drive

What to do if a piece of malware has deleted or blocked data on a USB drive? How to recover data from a virus-infected USB drive. We’ll explore all methods to help you recover files from a virus-infected USB drive.

Recovering Files From a Virus-Infected USB Drive

Every PC user has faced viruses – at least once in a lifetime. Viruses and other malware can cause lots of trouble as they attack all kinds of electronic devices. Most often, they infiltrate your computer from removable devices such as USB drives, external hard disks etc. As they settle on your hard disk, they can spoil and corrupt important data such as videos, photos and documents. Computer viruses are capable of erasing data from a USB drive, damaging it or blocking the device, and as a result, you’re going to lose important files. So what shall we do if a piece of malware has deleted or blocked data on a USB drive?

The basic algorithm is pretty simple, and it includes only two steps: one – remove the virus from the USB drive and the computer, and two – recover all deleted files with the help of a data recovery tool.

Go to view
⚕️ How to Recover Deleted Files from a USB Drive after Formatting or a Virus Attack in 2021 🔥

⚕️ How to Recover Deleted Files from a USB Drive after Formatting or a Virus Attack in 2021 🔥

Why USB drives get virus-infected

UBS drives often fall prey to viruses and other malware because of their versatility and ease of use. The main causes for virus infestation are listed below:

Cause Description
Using them on virus-infected devices Connecting a USB drive to a computer infected with malware may result in the virus getting automatically copied to your device.
No autoplay protection many viruses use the autoplay feature (autorun) to get activated when a drive is connected.
Downloading suspicious files Writing to your drive which involves infected files downloaded from unreliable sources such as doubtful websites or using pirated content.
Social engineering Some viruses get to your device because of careless user actions – when people open suspicious files or apps.
No antiviral protection If there is no antivirus software on the computer or USB drive, malware can sneak to your device easily.

Symptoms of a virus-infected USB drive

An infected USB drive typically has the following symptoms:

Symptom Description
Disappearing files Files on your USB drive disappear or become hidden, although they still take up the disk space.
Unknown files appear out of nowhere. Suspicious files and folders with unknown names appear on your drive.
Encountering errors when opening files Files on your USB drive won’t open or display an error message when you try to do it.
Your device slows down The USB drive works slower than usual, or takes longer time to be detected by the system.
Unexpected autoplay When you connect the USB drive to a computer, suspicious apps or files open automatically.
Your antivirus identifies threats As soon as you connect a drive, the antivirus warns you about the presence of malware.

Can we recover data from a virus-infected USB drive?

The probability of data recovery depends primarily on the type of virus and on how it interacts with information.

  • Some viruses just hide data instead of deleting it.

  • Also, there are many viruses which are exclusively designed to erase the data on USB drives. In such cases, you’ll be able to bring it back it with a good recovery tool.

  • Another malware type is encrypting viruses. They encrypt user files and then ask for a certain ransom to unlock the data.

    Encrypting virus

  • Often, viruses are designed to damage data. A virus implements malicious code into an ordinary file, so that it could spread to any other devices or computers where such file is copied. Most antivirus products can remove such viruses and repair the damage.

  • The nastiest kind of viruses is the overwriting viruses which replace the original file code with malicious code. These viruses can overwrite files with random data. In this case, there is little you can do to recover your data. Your only hope is your backups.

How to remove a virus from the USB drive

To remove a virus from the USB drive, connect it to a computer and scan it with an integrated antivirus – Windows Defender or any similar tool.

To do it, click on StartSettingsPrivacy & securityWindows SecurityVirus & threat protection.

Start – Settings – Privacy and security – Windows Security – Virus & threat protection

Below, click on Protection updates and then – Check for updates. This is how you updated the antivirus database, and now it’s ready to scan the USB drive for viruses.

Updating Windows Security

Find the tab Current threats: open Scan options, check the box for Customised scan, and click Scan now. After that, you’ll be able to choose a specific folder or disk to scan.

Customised scan in Windows Defender

When it’s over, Defender will display the scan results. If any viruses are detected, they will be placed into the quarantine and removed from the drive.

.

If this method failed to remove viruses, run a local scan. As a result, the operating system will restart and disks will be scanned without booting Windows, which allows to clean even the most hardcore malware.

How to recover files from a virus-infected USB drive

Method 1.Data recovery tools

After deleting viruses, it’s time to recover any lost data. Hetman Partition Recovery is an effective tool to bring back the files you have lost after a virus attack.

This software has a unique feature of repairing data which was damaged, blocked or lost after malware activities. Thanks to using cutting-edge algorithms, it can effectively restore files lost after virus attacks, including cases when data is erased, or access to data is lost. It makes this software product an ultimate choice to protect and recover user data after any virus-related issues.

Partition Recovery™ 5.0
The tool recovers data from any devices, regardless of the cause of data loss.
Download

Download, install and start the program. Select the disk to recover lost files from, right-click on it and choose Open.

Hetman Partition Recovery: Select the disk to recover lost files from

Choose the scan type – Fast scan or Full analysis. Run a Fast scan first – it will take less time. As a result, the tool will scan the disk quickly and display all of its contents.

Hetman Partition Recovery: run a Fast scan

If the utility failed to find the necessary files, then run Full analysis. To do it, return to the main menu, right-click on the disk and choose Analyze againFull analysis.

Hetman Partition Recovery: Analyze again - Full analysis

Full analysis will take much longer, so you need to wait until it is over. When the scan is over, go to the folder where the deleted files used to be, select them and click Recovery. Then choose where to save the items (the disk and folder) and hit Recovery again. In the end, you will find the recovered files in the folder you have chosen.

Hetman Partition Recovery: choose the files to restore and click Recovery

A virus attack may result in serious damage to the file system structure, MBR components, or MFT components of your USB devices. As a result, you won’t be able to access their data via Windows Explorer. If the files are still on the disk, Hetman Partition Recovery will be able to restore the initial file structure, and retrieve the lost data from such disk.

For recovery operations, the utility switches all devices to read-only mode before starting a scan. This feature prevents the virus from controlling the disk and it increases greatly the chances to recover files from a virus-infected USB drive.

Also, you should remember that any operations involving an infected device can make the situation even worse, so it’s recommended to create a disk image before you start the recovery, to ensure extra protection for your data. With Hetman Partition Recovery, you’ll be able to create a disk image and then recover data from such image, even if all information has been deleted from such disk.

To do it, select the required disk and click on Save Disk. Now click here to create a Full image and choose where you want to save it.

Hetman Partition Recovery: creating a disk image

When the image is ready, you’ll be able to upload it into the recovery tool and scan it. To do it, click on Mount Disk, and give the path to the image file. After that, you’ll see the disk image in the app window. The last step is to scan it and recover the necessary files.

Hetman Partition Recovery: mounting the disk image

An important note to make: when recovering files from an infected USB drive, there’s a risk of some malware getting inside your computer in the process.

To reduce the risk of virus infestation, use an isolated environment to handle infected USB drives: For example: virtual machine.

Install a virtual machine (for example, VirtualBox or VMware) and work with removable drives in such machine. Even if the virus tries to get activated, it won’t be able to go anywhere beyond the virtual machine, which will protect your main operating system.

Method 2. System utilities

As I said before, the shortcut virus is one of the most common types of malware, and it can hide all your files. However, as soon as the virus is removed, everything can be fixed easily with the command prompt.

Launch the command prompt as administrator and type the following command:

attrib -h -r -s /s /d :\*.*

(At the end of the line, specify the drive letter for the infected disk.)

The command will start by itself and remove all virus shortcuts and malicious files from the disk.

attrib -h -r -s /s /d :\*.*

Method 3. Formatting the drive

If your antivirus utility fails to remove the threat, it’s recommended to format the drive. Formatting a USB drive will erase all the files it contains, including the virus.

Since most recovery tools are capable of recovering files after a quick format, you can recover the required data using the previous method - with Hetman Partition Recovery.

To format a drive, right-click on and choose Disk Management.

Then select the drive to be formatted, right-click on it - Format - Quick Format.

Disk Management: Format

Be careful when choosing the format type. A Full Format will overwrite the drive with zeroes, and after that you won’t be able to recover your files.

How to protect a flash drive from viruses

There are numerous precautions meant to protect your computer from viruses:

  • A perfect solution would be to check the computer or network for viruses before connecting your USB drive there.

  • Also, it’s recommended to scan your USB drives for viruses regularly with specialized antivirus tools.

  • One more precaution concerns suspicious websites. Don’t download suspicious files from the Internet.

  • Another way to protect your USB drive is to make it read-only. When this option is enabled, no files will ever get to such drive without your permission.

    Disable writing to USB drive

  • Before trying to transfer any files to the USB drive manually, make sure that these files are the ones you want to copy to your disk. In addition, we recommend to avoid transferring all files if you have any suspicions.

Conclusion

Any user can get their USB drives infected without even knowing it, when they connect them to an unprotected network or computer. Keep to simple rules to avoid virus infestations. If something went wrong and a virus got through, the methods we have described will help you recover files from an infected USB drive. Always remember to back up important data as this will help you prevent loss of important files in situations like that.

Vladimir Artiukh

Author: , Technical Writer

Vladimir Artiukh is a technical writer for Hetman Software, as well as the voice and face of their English-speaking YouTube channel, Hetman Software: Data Recovery for Windows. He handles tutorials, how-tos, and detailed reviews on how the company’s tools work with all kinds of data storage devices.

Oleg Afonin

Editor: , Technical Writer

Oleg Afonin is an expert in mobile forensics, data recovery and computer systems. He often attends large data security conferences, and writes several blogs for such resources as xaker.ru, Elcomsoft and Habr. In addition to his online activities, Oleg’s articles are also published in professional magazines. Also, Oleg Afonin is the co-author of a well-known book, Mobile Forensics - Advanced Investigative Strategies.

  • Evaluations:
  • 1
  • /
  • :

Share

Questions and answers

  • Is it possible to recover files if the storage device does not open?

    It may be possible to recover files from a storage device that does not open, but it will depend on the specific issue causing the device to not open. In some cases, the data may still be recoverable by using data recovery software or by taking the device to a professional data recovery service. However, if the storage device is physically damaged or has suffered catastrophic failure, it may be more difficult or even impossible to recover the files. It is always recommended to back up important files regularly to prevent data loss in case of a storage device failure.

  • What to do if files on a flash drive become hidden?

    If files on a flash drive become hidden, you can try the following steps to unhide them:

    1. Show hidden files and folders: In Windows, go to File Explorer, click on the View tab, and check the box next to "Hidden items." This will show any hidden files or folders on the flash drive.
    2. Use the Command Prompt: You can use the Command Prompt to unhide files on a flash drive. Open Command Prompt and navigate to the flash drive's directory. Then, type the command "attrib -h -r -s /s /d *.*" and press Enter. This will remove the hidden, read-only, and system attributes from all files on the flash drive.
    3. Use a third-party file recovery tool: If the above methods do not work, you can try using a third-party file recovery tool to unhide the files on the flash drive.
    4. Check for viruses: Sometimes, viruses can hide files on a flash drive. Run a full system scan with your antivirus software to check for any malicious programs that may be hiding the files.
    5. Backup and format the flash drive: If all else fails, you can backup any important files on the flash drive and then format it. This will remove all data on the flash drive, including any hidden files, and restore it to its original state.

    It's important to be cautious when using Command Prompt or third-party tools to unhide files, as you could accidentally delete or damage important files. Always make sure to backup your data before attempting any troubleshooting steps.

  • Why did the files disappear after the USB drive was infected with a virus?

    When a USB drive is infected with a virus, it can corrupt or delete files stored on the drive. The virus may spread through the drive and infect files, causing them to become inaccessible or be deleted entirely. In some cases, the virus may also hide files or change their file extensions, making them appear as if they have disappeared. It is important to regularly scan USB drives for viruses and malware to prevent data loss and protect your files.

  • How do I recover files from a USB stick if a virus has turned them into shortcuts?

    To recover files from a USB drive that have been turned into shortcuts by a virus, you can use the following methods:

    • Use antivirus software to remove the virus from the USB drive. After the virus is removed, the files may return to their original state.
    • Try data recovery software such as Hetman Partition Recovery to restore the files.
    • Check for hidden files and folders on the USB drive. The virus may have hidden the files, and you can bring them back to their original state by disabling the "Hidden files and folders" option in your operating system settings.
    • If all else fails, consider professional data recovery services. They can help recover lost files from the USB drive.

    Important: In such cases, avoid copying or moving files on the USB drive to prevent damage or overwriting. It's best to try specialized recovery software first or consult professionals for assistance.

  • Can I recover files if a USB drive is formatted after infection?

    Yes, in most cases, files can be recovered after formatting a USB drive, even if it was infected with a virus. There is specialized software, such as Hetman Partition Recovery, that can help restore deleted files. However, the sooner you begin the recovery process after formatting, the greater the chances of successful data restoration. It's important to note that not all files can be recovered, especially if new data has been written to the USB drive after formatting.

Comments (1)

  • Hetman Software
    Hetman Software 14.03.2025 10:13 #
    If you have any questions about recovering files from a virus-infected USB drive, leave a comment to ask us.
    Reply
Post comment
User
Leave a reply
Your email address will not be published. Required fields are marked *

Recommended For You
This website uses cookies to improve your experience. Description
Hello! This is AI-based Hetman Software virtual assistant, and it will answer any of your questions right away.
Start Chat