How to Remove Drive.bat Virus (Dec. 2017 Update)

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

This page aims to help you remove Drive.bat Virus. These Drive.bat Virus removal instructions work for every version of Windows.

If your computer has been infected by the nasty Drive.bat, we are here to help you get rid of it as well as regain access to your files that this virus has hidden from you. Judging by the number of questions we have received in recent times starting with the phrase “como eliminar virus drive.bat” and “drive.bat solucion” it is quite clear that this is an issue requiring our immediate attention. However, before checking out our Drive.bat Removal guide, we advise you to read everything that this article has to offer if you want to successfully eliminate the malware without allowing it to cause any more trouble. Bear in mind that this Trojan type of virus is quite devious and tricky to fully eliminate. There aren’t any actual symptoms of the infection and sometimes you might think that you’ve succeeded in removing it when in reality it is still on your PC. It is also known to spread very quickly and without being noticed.

What does it do?

As you might have already found out for yourself, the virus targets your USB devices and seemingly removes the files that are on them. Do not be worried though, since your files are merely hidden, so that you cannot access them. What usually happens when you have the Drive.bat on your PC is that once you connect a USB device to the computer and try to access its contents, instead of folders and files, you will only see a single shortcut file that has the same icon and/or name as your USB drive. All content that has been on the device has been moved to a hidden folder that you cannot access, unless the malware is removed from your computer. Your data normally does not actually get harmed or deleted by the Drive.bat, so as soon as you deal with the infection, things should be back to normal.

Stay away from the shortcut

Under no circumstances should you attempt to open the virus-created shortcut – it will not lead you to your files. Instead, opening the said shortcut would result into the virus spreading throughout your PC (if it hasn’t done that already) and also infecting all other USB devices that you have connected or might connect. This Drive.bat Virus is known to target all types of USB devices – flash drives, SD cards, external hard-drives, mp3 players and so on. If you have already double-clicked on it, then you will have to scan your whole system for the virus. Our guide will help you with that. If you strictly follow the steps and complete every single one of them, most of the time the infection should be gone. However, know that Trojan horse viruses like the one that’s currently on your PC can be used as backdoors into your system. Thus, the Drive.bat might also infect your computer with more malware. That is why, we also advise you to get a reliable scanner tool – this will help you detect any other malicious software that the Drive.bat might have infected your computer with.

Tips for protecting your PC from the Drive.bat in the future

This particular Trojan seems to be very widely spread and a lot of users have already gotten infected by it. That is why you need to have a good understanding of how it gets onto people’s computers so that you can prevent it from attacking your system again.

  • Trojans like this one are often spread via sketchy online ads within websites with shady contents. Therefore, make sure that you stay away from any sketchy sites/pages that could potentially be used for spreading the malware. Keep in mind that even though the virus we are currently focusing on is quite nasty, handling it is still manageable in the majority of cases. However, there are other forms of malicious software, such as the infamous Ransomware that can also be distributed via such shady and potentially illegal sites and if you land one of those, there’s a high chance that you’d be unable to deal with it.
  • Another extremely common method for spreading Trojan Horses is via spam emails/text messages. Always take a second look at new letters in your inbox before opening them. If anything looks like spam, be sure to delete it without interacting with any of its contents – better safe than sorry!
  • A very simple, but also very important piece of advice, is to make sure that files cannot be automatically downloaded on your machine without you giving your permission beforehand. This is done through your browser settings, so make sure to do it.
  • One more very effective technique for spreading the Drive.bat is the so called file-bundling. This is when a piece of software is put inside the installer of another program. Therefore, always make sure to check the setup wizard of programs you are about to install, to see if there is anything added. If there are any added applications, make sure to leave them out if they appear shady and potentially harmful. If you are given the option to use a Custom/Advanced installation menu, make sure to go for that, since this is usually where the added content can be seen.
  • Last but not least, never open any obscure files that have gotten on your PC and you do not know what they are, especially if they are executables. If you cannot verify that a file is safe, deleting it is always the best option.



Name Drive.bat
Type Trojan
Danger Level  High (Trojans are often used as a backdoor for Ransomware)
Symptoms  All files on the USB devices you connect to your PC seem to be lost and replaced with an obscure icon that is the same as the icon of your USB device.
Distribution Method  File-bundles, sketchy online ads and banners, illegal torrents and spam junk mail letters.
Detection Tool We generally recommend SpyHunter or a similar anti-malware program that is updated daily.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

How To Remove Drive.bat Virus



Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. If you want a fast safe solution, we recommend SpyHunter. 

>> Click to Download Spyhunter. If you don't want this software, continue with the guide below.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at:

Scan Results

Virus Scanner Result

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 


To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

This step will restore your files and delete the treacherous shortcut created by the virus. Instructions for deleting the virus follow after it. However none of these steps can remove any extra viruses that may have been loaded into your machine while Drive.bat was operational. To do that use an automated scan tool from an anti-virus or anti-malware program. If you don’t have one or the one you use did not find the virus (your computer was infected after all) please look at our recommendation above.

Hold the Start Key and R together. Write cmd in the field, then click OK.

CMD command

You are now in the Command Prompt panel. Now go to My Computer and see which name windows assigned to your drive.

drive letter

In my case it’s drive F. Now you have to go to the Control Panel window that we opened and type the letter of the drive followed by semi-columns – in my case it is like this F: Then hit Enter. A new like will appear that will look like this F:\>


Now type the following: attrib F:*.* /d /s -h -r -s . (Replace F: with the drive name of your drive)

drive command

Now hit Enter. All of your files will now be recovered and the Drive.bat deleted from this drive.

Repeat this step for all affected drives – simply change the F letter from the example with the proper letter assigned to the drive you are currently cleaning!

  • NOTE: it is entirely possible you have contracted a virus that is the first step towards a “ransomware.” Ransomware completely encrypt your personal files and demand money to release them. Trojans are the primary source of such threats – and the Drive.bat comes via Trojans. Be careful to observe not only how to remove Drive.bat, but look around for other problems. It is highly recommended to use a professional scanner as well.  

Step 3B (Optional)

Perform this step if the instructions of Step 3 somehow didn’t work and you can still see the Drive.bat on your drive.

  1. First create a new .txt file (Mouse right click -> New->Text Document) and open it via NotePad
  2. new file
  3. Copy the following instructions in the NotePad file:
    @echo off
    attrib -h -s -r -a /s /d F:*.*
    attrib -h -s -r -a /s /d F:*.*
    attrib -h -s -r -a /s /d F:*.*
    @echo complete
  4. As beforel F: is just a placeholder! Replace F with the appropriate Drive letter on your computer!
  5. Now go to Files (found upper left site of window)->Save As… and change the save as type to “All files(*.*)” from “Text documents” and rename it to cleaner.bat and save it on your desktop. remover
  6. Simply close NotePad and double click on the newly created file.
  7. All Drive.bates from the respective drive will now be removed and your data will be restored!
  8. Repeat these instructions if necessary for each affected drive (don’t forget to change the letter!).

You are not done yet! We have to remove any traces of the virus that remain. Please keep reading.


Hold together the Start Key and R. Type appwiz.cpl –> OK.


You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:



Type msconfig in the search field and hit enter. A window will pop-up:


Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

  • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.


To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

If the guide didn’t help you, download the anti-virus program we recommended or ask us in the comments for guidance!

  • Annitagrace

    Hi. Thank you. But how will I know if the one listed below the local host are suspicious?

    • HowToRemove.Guide Team

      Send the IP’s to us and we will tell you whether you should remove them.

  • HowToRemove.Guide Team

    If you complete the guide with all of its steps, strictly following the instructions, there’s a high chance that you’d be able to handle the issue.

  • HowToRemove.Guide Team

    Did you complete all steps from our removal guide?

  • sherif mahmoud

    creating the .bat file in step 3 results in access denied also the CMD gives the same results

  • Luis Herrera

    hi, have this ip´s below localhost
    # localhost name resolution is handled within DNS itself.
    # localhost
    # :: localhost
    Addresses: 2607:f8b0:4008:807::200e www. youtube. com www. youtube. com www. youtube. com www. youtube. com www. youtube. com www. youtube. com www. youtube. com www. youtube. com www. youtube. com www. youtube. com www. youtube. com www. youtube. com

    • HowToRemove.Guide Team

      The addresses that you’ve send to use should get removed from your Hosts file because they are not supposed to be there.

      • Luis Herrera

        thanks! 🙂

  • Muhammad Ali

    i love u bro thank you bro

  • Jun

    I download the spy hunter antivirus to remove the drive.bat virus but still iybkeeps from coming back.. i tried also to reformat the drive but still coming back.

    • HowToRemove.Guide Team

      Didi you try the instructions from our guide?

  • zeke

    Hi, recently i just realized that my flash drives were infected with shortcut virus (window batch file kaspersky 2017 something like that ) . I tried format but it keeps come back. When i formatted the drive, all the data was gone but there’s still shortcut when i opened. I already use malwarebytes, smadav, avast and so on but nothings happen. I tried those cmd prompt method and regedit so on but nothing happen. Pls help me get rid this stubborn shit!

    • HowToRemove.Guide Team

      What about the Hosts file, did you check there for any suspicious IP entries?

      • zeke

        Yeah. I think there’s no other ip address, my ip only .

        • HowToRemove.Guide Team

          Did you execute the steps from the guide when in Safe Mode? If not, try using Safe Mode when troubleshooting this virus.

          • zeke

            I already deleted the shortcut but there’s system volume information that cannot be delete. I found task host in it but i can’t delete it

          • zeke

            Hey mate! I already found the solution. I’d end all the task incl antivirus. It works!!

          • a ar

            hey, can you teach me how you do that?

          • zeke

            Sure! I just boot my pc to safe mode thrn end all the suspicious task including antivirus task. Next, i just do command prompt thing

  • Edwren Koo

    I used the run and paste (notepad %windir%/system32/Drivers/etc/hosts) and I found number ip i guess and the word localhost here so what should i do?

    • HowToRemove.Guide Team

      Can you send us the IP here so that we will be able to tell you if you need to remove it or if it is okay to leave it there.