Today, many users on the Web "pick up" some unusual viruses that affect executable files, and even so that not all antivirus programs cope with them. Let's try to figure out what can be done in this situation, and at the same time consider the problem of how to remove the "EXE" virus from a flash drive.
How do viruses infecting EXE files work?
The situation with the manifestation of the activity of viruses of this type is not new. This has happened before. The most widespread today is a computer pest Trojan called Virus.Win32.Expiro. (Versions “w”, “ao”, “bc”, etc.).
You can pick it up on the Internet quite simply, and then think about what to do with it and how to remove it. The virus deletes EXE files, or rather, makes them inaccessible for execution. It is not surprising that when you try to open any program or application due to exposure to malicious virus code, the system does not recognize the executable file and displays a message stating that such and such a file was not found.
What is most sad, this applies not only to installed programs, but to the installer’s first launch (meaning if the distribution is downloaded from the Internet and is located on the hard disk). In the case of installing the program from optical media, the threat can appear later, at the end of the installation process. You probably shouldn't say that when you start the installation process from a USB drive, the virus automatically jumps onto it and infects all files with the .exe extension.
But the action of the virus can be recognized only when the executable file is launched. That is why, while the file is not running, some anti-virus threat packages do not identify, and the presence of the virus is not detected at all.
Antivirus Software Issues
Let's see what and how to remove. The virus deletes EXE files or blocks them, in this case it does not matter. But here, as it turns out, a double-edged sword. On the one hand, we are dealing with file blocking by the virus itself, on the other hand, the antivirus programs are reacting incorrectly.
So, for example, today there are quite a lot of cases when the virus nevertheless determines the same Avast package with a user-defined scan (and not with the penetration of a threat initially). True, the definition comes down only to the fact that it shows infected EXE files and, due to the impossibility of treatment, deletes them indiscriminately. There you have the situation. It would seem that everything is simple: everyone knows what and how to remove. The virus does not delete EXE files even by itself, but (paradox!) Does it with the hands of an anti-virus scanner. Naturally, such a pest is able to create its own copies and disguise itself even under system processes like svchost.
How to remove a virus (EXE files are infected)?
As regards the fight against such a threat, not everything is simple. First of all, most users can be advised not to use free antivirus programs and utilities such as Avast, AVG, etc. In extreme cases, it would be better if the system had a cloud-based antivirus like Panda.
The best option is a powerful antivirus software from Kaspersky Lab or ESET Corporation. By the way, you can resort to utilities such as Kaspersky Virus Removal Tool, only first you need to burn the program in the form of a portable version to an optical disc using an uninfected computer and run it from a CD or DVD media. Otherwise, successful treatment is not guaranteed.
You can also use small programs such as CureIt, which treat infected files rather than delete them.
But since the virus, as a rule, “sits” in the RAM, the most optimal solution would be to use the launch from an optical medium of programs with the general name Rescue Disc.
They check all the components of the system before it starts. In most cases, this method is effective. By the way, this technique is also suitable for flash drives, only in the scanning parameters of storage devices you will need to additionally tick the USB-stick.
Conclusion
In general, I think some tips will help most users understand how to remove the virus. The virus itself deletes EXE files or performs unauthorized blocking of executable files, you will not understand immediately. But if there is even the slightest suspicion of his presence, it is highly recommended not to run a single program until the end of the full process of scanning, disinfecting files and removing the threat.
Among other things, it is desirable to have in the system some kind of package such as Internet Security that can prevent the penetration of threats even at the initial stage.