Fix autorun virus infected USB flash drive on macOS
Just one command to solve the troubles caused by autorun virus.
annoyance
As a teacher, I often need to bring a flash drive to the classroom. However, in recent times, whenever I copied slides to the classroom computer, the flash drive was immediately poisoned.
The virus, which is the most common autorun virus in print shops. It infects all external USB devices by exploiting the security vulnerability of auto-executing files on USB drives.
After being infected, the USB drive is infectious and can infect other Windows systems.
It's a good thing my computer is macOS, because the execution mechanism is different and doesn't poison it. But when I got home and opened the flash drive, I couldn't find any of the files, they were in this state.
The two exe files are obviously not in my original documentation directory. I executed the show all files command in command line mode and all the bull shit brought by the virus showed up.
My old teaching directory "teaching" is still there, but it doesn't show up properly anymore. There are many more miscellaneous exe files in the root directory, not just the two that show up inside the Finder.
Opening the autorun.inf file, we see the following message.
[autorun]
open=Recycled.{645FF040-5081-101B-9F08-00AA002F954E}winlog.EXE
shellopen=??(&O)
shellopenCommand=Recycled.{645FF040-5081-101B-9F08-00AA002F954E}winlog.EXE
shellopenDefault=1
shellexplore=??Դ??????(&X)
shellexploreCommand=Recycled.{645FF040-5081-101B-9F08-00AA002F954E}winlog.EXEThese exe-terminated files are executed as soon as you connect a USB drive to your Windows system. It's scary.
fix
The first step in the solution needs to be to delete these harmful exe files to avoid further harm.
sudo rm -f *.exe ; sudo rm -f .*.exe ; sudo rm -f autorun.inf ; sudo rm -rf Recycled*
We list all the files again, much more refreshing.
Go back under the Finder and take a look.
Where is my TEACHING folder? The infected files and directories have been removed, but the TEACHING folder is still not displayed.
I found after repeated testing that all I had to do was rename the directory to the temporary directory name and rename it back, and the original normal folder would display properly.
For example, first execute.
mv teaching teaching-new
And change back to.
mv teaching-new teaching
List the documents to see.
It doesn't seem to have changed much from earlier. Don't worry, at this point look again at Finder.
It worked. The teaching folder is back.
automate
But the whole classroom computer virus thing can't be prevented. It's annoying to perform this all over again every time to fix the YouTubes. And there are times when there are multiple folders on the flash drive and adjusting them one by one is simply physical work.
So I made up a script and shared it for your use.
All you need to do to download it is to execute the following statement.
git clone https://github.com/wshuyi/usbstick_autorun_fix_mac.git
The execution starts by going to the tools directory.
cd usbstick_autorun_fix_mac
Then find the path to the YouTubes you need to repair. I am here./Volumes/SANDISK32G . Then I need to perform.
python remove_autorun.py /Volumes/SANDISK32G
When you execute it, please just replace the final youtubes path with your own.
Take a look and see if the infected USB drive is good as new again?
discussions
What other easier ways do you know to repair infected USB drives on macOS? Feel free to leave a comment and we'll share and discuss.
Recommended>>
1、Classic UG programming tutorials let you benefit from a lifetime of zerobased purely dry explanation
2、Driverless technology
3、What did Satoshi Nakamoto say before he disappeared
4、Just love innovation BMW pilots blockchain to track leased vehicle mileage
5、Chinas first beauty robot using school girls as a reference almost seems real