Drive.bat is a malicious program from the Trojan horse class that is typically used for system destruction, espionage, and data theft. If Drive.bat has nested inside your computer, it most probably will provide its criminal creators with remote access to the entire OS and all the information that you keep there.
If your computer has been infected by the nasty Drive.bat, we are here to help you get rid of it as well as regain access to your files that this virus has hidden from you. Judging by the number of questions we have received in recent times starting with the phrase “como eliminar virus drive.bat” and “drive.bat solucion” it is quite clear that this is an issue requiring our immediate attention. However, before checking out our Drive.bat Removal guide, we advise you to read everything that this article has to offer if you want to successfully eliminate the malware without allowing it to cause any more trouble. Bear in mind that this Trojan type of virus is quite devious and tricky to fully eliminate. There aren’t any actual symptoms of the infection and sometimes you might think that you’ve succeeded in removing it when in reality it is still on your PC. It is also known to spread very quickly and without being noticed.
What does it do?
As you might have already found out for yourself, the virus targets your USB devices and seemingly removes the files that are on them. Do not be worried though, since your files are merely hidden, so that you cannot access them. What usually happens when you have the Drive.bat on your PC is that once you connect a USB device to the computer and try to access its contents, instead of folders and files, you will only see a single shortcut file that has the same icon and/or name as your USB drive. All content that has been on the device has been moved to a hidden folder that you cannot access, unless the malware is removed from your computer. Your data normally does not actually get harmed or deleted by the Drive.bat, so as soon as you deal with the infection, things should be back to normal.
Stay away from the shortcut
Under no circumstances should you attempt to open the virus-created shortcut – it will not lead you to your files. Instead, opening the said shortcut would result into the virus spreading throughout your PC (if it hasn’t done that already) and also infecting all other USB devices that you have connected or might connect. This Drive.bat Virus is known to target all types of USB devices – flash drives, SD cards, external hard-drives, mp3 players and so on. If you have already double-clicked on it, then you will have to scan your whole system for the virus. Our guide will help you with that. If you strictly follow the steps and complete every single one of them, most of the time the infection should be gone. However, know that Trojan horse viruses like the one that’s currently on your PC can be used as backdoors into your system. Thus, the Drive.bat might also infect your computer with more malware. That is why, we also advise you to get a reliable scanner tool – this will help you detect any other malicious software that the Drive.bat might have infected your computer with.
Tips for protecting your PC from the Drive.bat in the future
This particular Trojan seems to be very widely spread and a lot of users have already gotten infected by it. That is why you need to have a good understanding of how it gets onto people’s computers so that you can prevent it from attacking your system again.
- Trojans like “Are you the one in the video”, Wup.exe are often spread via sketchy online ads within websites with shady contents. Therefore, make sure that you stay away from any sketchy sites/pages that could potentially be used for spreading the malware. Keep in mind that even though the virus we are currently focusing on is quite nasty, handling it is still manageable in the majority of cases. However, there are other forms of malicious software, such as the infamous Ransomware that can also be distributed via such shady and potentially illegal sites and if you land one of those, there’s a high chance that you’d be unable to deal with it.
- Another extremely common method for spreading Trojan Horses is via spam emails/text messages. Always take a second look at new letters in your inbox before opening them. If anything looks like spam, be sure to delete it without interacting with any of its contents – better safe than sorry!
- A very simple, but also very important piece of advice, is to make sure that files cannot be automatically downloaded on your machine without you giving your permission beforehand. This is done through your browser settings, so make sure to do it.
- One more very effective technique for spreading the Drive.bat is the so called file-bundling. This is when a piece of software is put inside the installer of another program. Therefore, always make sure to check the setup wizard of programs you are about to install, to see if there is anything added. If there are any added applications, make sure to leave them out if they appear shady and potentially harmful. If you are given the option to use a Custom/Advanced installation menu, make sure to go for that, since this is usually where the added content can be seen.
- Last but not least, never open any obscure files that have gotten on your PC and you do not know what they are, especially if they are executables. If you cannot verify that a file is safe, deleting it is always the best option.
|Danger Level||High (Trojans are often used as a backdoor for Ransomware)|
|Symptoms||Usually, it is difficult to notice any visible symptoms of the Trojan in the system since this malware hides its traces well.|
|Distribution Method||Spam, malicious email attachments, infected ads and links, illegal websites, torrents, pirated content, cracked software.|
Some threats reinstall themselves if you don't delete their core files. We recommend downloading SpyHunter to remove harmful programs for you. This may save you hours and ensure you don't harm your system by deleting the wrong files.
Remove Drive.bat Virus
If you have a Windows virus, continue with the guide below.
If you have a Mac virus, please use our How to remove Ads on Mac guide.
If you have an Android virus, please use our Android Malware Removal guide.
If you have an iPhone virus, please use our iPhone Virus Removal guide
Some of the steps will likely require you to exit the page. Bookmark it for later reference.
Reboot in Safe Mode (use this guide if you don’t know how to do it).
WARNING! READ CAREFULLY BEFORE PROCEEDING!
Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous.
Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:
After you open their folder, end the processes that are infected, then delete their folders.
Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.
This step will restore your files and delete the treacherous shortcut created by the virus. Instructions for deleting the virus follow after it. However none of these steps can remove any extra viruses that may have been loaded into your machine while Drive.bat was operational. To do that use an automated scan tool from an anti-virus or anti-malware program. If you don’t have one or the one you use did not find the virus (your computer was infected after all) please look at our recommendation above.
Hold the Start Key and R together. Write cmd in the field, then click OK.
You are now in the Command Prompt panel. Now go to My Computer and see which name windows assigned to your drive.
In my case it’s drive F. Now you have to go to the Control Panel window that we opened and type the letter of the drive followed by semi-columns – in my case it is like this F: Then hit Enter. A new like will appear that will look like this F:\>
Now type the following: attrib F:*.* /d /s -h -r -s . (Replace F: with the drive name of your drive)
Now hit Enter. All of your files will now be recovered and the Drive.bat deleted from this drive.
Repeat this step for all affected drives – simply change the F letter from the example with the proper letter assigned to the drive you are currently cleaning!
- NOTE: it is entirely possible you have contracted a virus that is the first step towards a “ransomware.” Ransomware completely encrypt your personal files and demand money to release them. Trojans are the primary source of such threats – and the Drive.bat comes via Trojans. Be careful to observe not only how to remove Drive.bat, but look around for other problems. It is highly recommended to use a professional scanner as well.
Step 3B (Optional)
Perform this step if the instructions of Step 3 somehow didn’t work and you can still see the Drive.bat on your drive.
- First create a new .txt file (Mouse right click -> New->Text Document) and open it via NotePad
- Copy the following instructions in the NotePad file:
@echo off attrib -h -s -r -a /s /d F:*.* attrib -h -s -r -a /s /d F:*.* attrib -h -s -r -a /s /d F:*.* @echo complete
- As beforel F: is just a placeholder! Replace F with the appropriate Drive letter on your computer!
- Now go to Files (found upper left site of window)->Save As… and change the save as type to “All files(*.*)” from “Text documents” and rename it to cleaner.bat and save it on your desktop.
- Simply close NotePad and double click on the newly created file.
- All Drive.bates from the respective drive will now be removed and your data will be restored!
- Repeat these instructions if necessary for each affected drive (don’t forget to change the letter!).
You are not done yet! We have to remove any traces of the virus that remain. Please keep reading.
Hold together the Start Key and R. Type appwiz.cpl –> OK.
You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:
Type msconfig in the search field and hit enter. A window will pop-up:
Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.
- Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.
Hold the Start Key and R – copy + paste the following and click OK:
A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:
If there are suspicious IPs below “Localhost” – write to us in the comments.
Type Regedit in the windows search field and press Enter.
Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:
- HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random
If the guide didn’t help you, download the anti-virus program we recommended or ask us in the comments for guidance!