How to Remove Drive.bat Virus (August 2017 Update)

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.


This page aims to help you remove Drive.bat Virus. These Drive.bat Virus removal instructions work for every version of Windows.

If your computer has been infected by the nasty Drive.bat, we are here to help you get rid of it as well as regain access to your files that this virus has hidden from you. Judging by the number of questions we have received in recent times starting with the phrase “como eliminar virus drive.bat” and “drive.bat solucion” it is quite clear that this is an issue requiring our immediate attention. However, before checking out our Drive.bat Removal guide, we advise you to read everything that this article has to offer if you want to successfully eliminate the malware without allowing it to cause any more trouble. Bear in mind that this Trojan type of virus is quite devious and tricky to fully eliminate. There aren’t any actual symptoms of the infection and sometimes you might think that you’ve succeeded in removing it when in reality it is still on your PC. It is also known to spread very quickly and without being noticed.

What does it do?

As you might have already found out for yourself, the virus targets your USB devices and seemingly removes the files that are on them. Do not be worried though, since your files are merely hidden, so that you cannot access them. What usually happens when you have the Drive.bat on your PC is that once you connect a USB device to the computer and try to access its contents, instead of folders and files, you will only see a single shortcut file that has the same icon and/or name as your USB drive. All content that has been on the device has been moved to a hidden folder that you cannot access, unless the malware is removed from your computer. Your data normally does not actually get harmed or deleted by the Drive.bat, so as soon as you deal with the infection, things should be back to normal.

Stay away from the shortcut

Under no circumstances should you attempt to open the virus-created shortcut – it will not lead you to your files. Instead, opening the said shortcut would result into the virus spreading throughout your PC (if it hasn’t done that already) and also infecting all other USB devices that you have connected or might connect. This Drive.bat Virus is known to target all types of USB devices – flash drives, SD cards, external hard-drives, mp3 players and so on. If you have already double-clicked on it, then you will have to scan your whole system for the virus. Our guide will help you with that. If you strictly follow the steps and complete every single one of them, most of the time the infection should be gone. However, know that Trojan horse viruses like the one that’s currently on your PC can be used as backdoors into your system. Thus, the Drive.bat might also infect your computer with more malware. That is why, we also advise you to get a reliable scanner tool – this will help you detect any other malicious software that the Drive.bat might have infected your computer with.

Tips for protecting your PC from the Drive.bat in the future

This particular Trojan seems to be very widely spread and a lot of users have already gotten infected by it. That is why you need to have a good understanding of how it gets onto people’s computers so that you can prevent it from attacking your system again.

  • Trojans like this one are often spread via sketchy online ads within websites with shady contents. Therefore, make sure that you stay away from any sketchy sites/pages that could potentially be used for spreading the malware. Keep in mind that even though the virus we are currently focusing on is quite nasty, handling it is still manageable in the majority of cases. However, there are other forms of malicious software, such as the infamous Ransomware that can also be distributed via such shady and potentially illegal sites and if you land one of those, there’s a high chance that you’d be unable to deal with it.
  • Another extremely common method for spreading Trojan Horses is via spam emails/text messages. Always take a second look at new letters in your inbox before opening them. If anything looks like spam, be sure to delete it without interacting with any of its contents – better safe than sorry!
  • A very simple, but also very important piece of advice, is to make sure that files cannot be automatically downloaded on your machine without you giving your permission beforehand. This is done through your browser settings, so make sure to do it.
  • One more very effective technique for spreading the Drive.bat is the so called file-bundling. This is when a piece of software is put inside the installer of another program. Therefore, always make sure to check the setup wizard of programs you are about to install, to see if there is anything added. If there are any added applications, make sure to leave them out if they appear shady and potentially harmful. If you are given the option to use a Custom/Advanced installation menu, make sure to go for that, since this is usually where the added content can be seen.
  • Last but not least, never open any obscure files that have gotten on your PC and you do not know what they are, especially if they are executables. If you cannot verify that a file is safe, deleting it is always the best option.

 

SUMMARY:

Name Drive.bat
Type Trojan
Danger Level  High (Trojans are often used as a backdoor for Ransomware)
Symptoms  All files on the USB devices you connect to your PC seem to be lost and replaced with an obscure icon that is the same as the icon of your USB device.
Distribution Method  File-bundles, sketchy online ads and banners, illegal torrents and spam junk mail letters.
Detection Tool We generally recommend SpyHunter or a similar anti-malware program that is updated daily.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

How To Remove Drive.bat Virus


 

Step1

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

Step2

WARNING! READ CAREFULLY BEFORE PROCEEDING!

We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. If you want a fast safe solution, we recommend SpyHunter. 

>> Click to Download Spyhunter. If you don't want this software, continue with the guide below.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 

malware-start-taskbar

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/




Scan Results


Virus Scanner Result
ClamAV
AVG AV
Maldet

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 

Step2

WARNING!
To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

This step will restore your files and delete the treacherous shortcut created by the virus. Instructions for deleting the virus follow after it. However none of these steps can remove any extra viruses that may have been loaded into your machine while Drive.bat was operational. To do that use an automated scan tool from an anti-virus or anti-malware program. If you don’t have one or the one you use did not find the virus (your computer was infected after all) please look at our recommendation above.

Hold the Start Key and R together. Write cmd in the field, then click OK.

CMD command

You are now in the Command Prompt panel. Now go to My Computer and see which name windows assigned to your drive.

drive letter

In my case it’s drive F. Now you have to go to the Control Panel window that we opened and type the letter of the drive followed by semi-columns – in my case it is like this F: Then hit Enter. A new like will appear that will look like this F:\>

F

Now type the following: attrib F:*.* /d /s -h -r -s . (Replace F: with the drive name of your drive)

drive command

Now hit Enter. All of your files will now be recovered and the Drive.bat deleted from this drive.

Repeat this step for all affected drives – simply change the F letter from the example with the proper letter assigned to the drive you are currently cleaning!

  • NOTE: it is entirely possible you have contracted a virus that is the first step towards a “ransomware.” Ransomware completely encrypt your personal files and demand money to release them. Trojans are the primary source of such threats – and the Drive.bat comes via Trojans. Be careful to observe not only how to remove Drive.bat, but look around for other problems. It is highly recommended to use a professional scanner as well.  

Step 3B (Optional)

Perform this step if the instructions of Step 3 somehow didn’t work and you can still see the Drive.bat on your drive.

  1. First create a new .txt file (Mouse right click -> New->Text Document) and open it via NotePad
  2. new file
  3. Copy the following instructions in the NotePad file:
    @echo off
    
    attrib -h -s -r -a /s /d F:*.*
    
    attrib -h -s -r -a /s /d F:*.*
    
    attrib -h -s -r -a /s /d F:*.*
    
    @echo complete
  4. As beforel F: is just a placeholder! Replace F with the appropriate Drive letter on your computer!
  5. Now go to Files (found upper left site of window)->Save As… and change the save as type to “All files(*.*)” from “Text documents” and rename it to cleaner.bat and save it on your desktop. remover
  6. Simply close NotePad and double click on the newly created file.
  7. All Drive.bates from the respective drive will now be removed and your data will be restored!
  8. Repeat these instructions if necessary for each affected drive (don’t forget to change the letter!).

You are not done yet! We have to remove any traces of the virus that remain. Please keep reading.

Step3

Hold together the Start Key and R. Type appwiz.cpl –> OK.

appwiz

You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:

virus-removal1

Step4

Type msconfig in the search field and hit enter. A window will pop-up:

msconfig_opt

Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

  • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Step5

WARNING!
To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

If the guide didn’t help you, download the anti-virus program we recommended or ask us in the comments for guidance!


  • Annitagrace

    Hi. Thank you. But how will I know if the one listed below the local host are suspicious?

    • HowToRemove.Guide Team

      Send the IP’s to us and we will tell you whether you should remove them.

  • HowToRemove.Guide Team

    If you complete the guide with all of its steps, strictly following the instructions, there’s a high chance that you’d be able to handle the issue.

  • HowToRemove.Guide Team

    Did you complete all steps from our removal guide?