Drive.bat Virus


Drive.bat is a malicious program from the Trojan horse class that is typically used for system destruction, espionage, and data theft. If Drive.bat has nested inside your computer, it most probably will provide its criminal creators with remote access to the entire OS and all the information that you keep there.

Drive.bat Virus

The Drive.bat Virus

If your computer has been infected by the nasty Drive.bat, we are here to help you get rid of it as well as regain access to your files that this virus has hidden from you. Judging by the number of questions we have received in recent times starting with the phrase “como eliminar virus drive.bat” and “drive.bat solucion” it is quite clear that this is an issue requiring our immediate attention. However, before checking out our Drive.bat Removal guide, we advise you to read everything that this article has to offer if you want to successfully eliminate the malware without allowing it to cause any more trouble. Bear in mind that this Trojan type of virus is quite devious and tricky to fully eliminate. There aren’t any actual symptoms of the infection and sometimes you might think that you’ve succeeded in removing it when in reality it is still on your PC. It is also known to spread very quickly and without being noticed.

What does it do?

As you might have already found out for yourself, the virus targets your USB devices and seemingly removes the files that are on them. Do not be worried though, since your files are merely hidden, so that you cannot access them. What usually happens when you have the Drive.bat on your PC is that once you connect a USB device to the computer and try to access its contents, instead of folders and files, you will only see a single shortcut file that has the same icon and/or name as your USB drive. All content that has been on the device has been moved to a hidden folder that you cannot access, unless the malware is removed from your computer. Your data normally does not actually get harmed or deleted by the Drive.bat, so as soon as you deal with the infection, things should be back to normal.

Stay away from the shortcut

Under no circumstances should you attempt to open the virus-created shortcut – it will not lead you to your files. Instead, opening the said shortcut would result into the virus spreading throughout your PC (if it hasn’t done that already) and also infecting all other USB devices that you have connected or might connect. This Drive.bat Virus is known to target all types of USB devices – flash drives, SD cards, external hard-drives, mp3 players and so on. If you have already double-clicked on it, then you will have to scan your whole system for the virus. Our guide will help you with that. If you strictly follow the steps and complete every single one of them, most of the time the infection should be gone. However, know that Trojan horse viruses like the one that’s currently on your PC can be used as backdoors into your system. Thus, the Drive.bat might also infect your computer with more malware. That is why, we also advise you to get a reliable scanner tool – this will help you detect any other malicious software that the Drive.bat might have infected your computer with.

Tips for protecting your PC from the Drive.bat in the future

This particular Trojan seems to be very widely spread and a lot of users have already gotten infected by it. That is why you need to have a good understanding of how it gets onto people’s computers so that you can prevent it from attacking your system again.

  • Trojans like “Are you the one in the video”, Wup.exe are often spread via sketchy online ads within websites with shady contents. Therefore, make sure that you stay away from any sketchy sites/pages that could potentially be used for spreading the malware. Keep in mind that even though the virus we are currently focusing on is quite nasty, handling it is still manageable in the majority of cases. However, there are other forms of malicious software, such as the infamous Ransomware that can also be distributed via such shady and potentially illegal sites and if you land one of those, there’s a high chance that you’d be unable to deal with it.
  • Another extremely common method for spreading Trojan Horses is via spam emails/text messages. Always take a second look at new letters in your inbox before opening them. If anything looks like spam, be sure to delete it without interacting with any of its contents – better safe than sorry!
  • A very simple, but also very important piece of advice, is to make sure that files cannot be automatically downloaded on your machine without you giving your permission beforehand. This is done through your browser settings, so make sure to do it.
  • One more very effective technique for spreading the Drive.bat is the so called file-bundling. This is when a piece of software is put inside the installer of another program. Therefore, always make sure to check the setup wizard of programs you are about to install, to see if there is anything added. If there are any added applications, make sure to leave them out if they appear shady and potentially harmful. If you are given the option to use a Custom/Advanced installation menu, make sure to go for that, since this is usually where the added content can be seen.
  • Last but not least, never open any obscure files that have gotten on your PC and you do not know what they are, especially if they are executables. If you cannot verify that a file is safe, deleting it is always the best option.


Name Drive.bat
Type Trojan
Danger Level  High (Trojans are often used as a backdoor for Ransomware)
Symptoms Usually, it is difficult to notice any visible symptoms of the Trojan in the system since this malware hides its traces well.
Distribution Method Spam, malicious email attachments, infected ads and links, illegal websites, torrents, pirated content, cracked software.
Detection Tool

Remove Drive.bat Virus

If you have a Windows virus, continue with the guide below.

If you have a Mac virus, please use our How to remove Ads on Mac guide.

If you have an Android virus, please use our Android Malware Removal guide.

If you have an iPhone virus, please use our iPhone Virus Removal guide

Drive.bat Virus

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

Drive.bat Virus


Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 

Drive.bat Virus

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drive.bat Virus
Drag and Drop File Here To Scan
Drive.bat Virus
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    After you open their folder, end the processes that are infected, then delete their folders. 

    Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 

    Drive.bat Virus

    This step will restore your files and delete the treacherous shortcut created by the virus. Instructions for deleting the virus follow after it. However none of these steps can remove any extra viruses that may have been loaded into your machine while Drive.bat was operational. To do that use an automated scan tool from an anti-virus or anti-malware program. If you don’t have one or the one you use did not find the virus (your computer was infected after all) please look at our recommendation above.

    Hold the Start Key and R together. Write cmd in the field, then click OK.

    Drive.bat Virus

    You are now in the Command Prompt panel. Now go to My Computer and see which name windows assigned to your drive.

    Drive.bat Virus

    In my case it’s drive F. Now you have to go to the Control Panel window that we opened and type the letter of the drive followed by semi-columns – in my case it is like this F: Then hit Enter. A new like will appear that will look like this F:\>

    Drive.bat Virus

    Now type the following: attrib F:*.* /d /s -h -r -s . (Replace F: with the drive name of your drive)

    Drive.bat Virus

    Now hit Enter. All of your files will now be recovered and the Drive.bat deleted from this drive.

    Repeat this step for all affected drives – simply change the F letter from the example with the proper letter assigned to the drive you are currently cleaning!

    • NOTE: it is entirely possible you have contracted a virus that is the first step towards a “ransomware.” Ransomware completely encrypt your personal files and demand money to release them. Trojans are the primary source of such threats – and the Drive.bat comes via Trojans. Be careful to observe not only how to remove Drive.bat, but look around for other problems. It is highly recommended to use a professional scanner as well.  

    Step 3B (Optional)

    Perform this step if the instructions of Step 3 somehow didn’t work and you can still see the Drive.bat on your drive.

    1. First create a new .txt file (Mouse right click -> New->Text Document) and open it via NotePad
    2. Drive.bat Virus
    3. Copy the following instructions in the NotePad file:
      @echo off
      attrib -h -s -r -a /s /d F:*.*
      attrib -h -s -r -a /s /d F:*.*
      attrib -h -s -r -a /s /d F:*.*
      @echo complete
    4. As beforel F: is just a placeholder! Replace F with the appropriate Drive letter on your computer!
    5. Now go to Files (found upper left site of window)->Save As… and change the save as type to “All files(*.*)” from “Text documents” and rename it to cleaner.bat and save it on your desktop.
      Drive.bat Virus
    6. Simply close NotePad and double click on the newly created file.
    7. All Drive.bates from the respective drive will now be removed and your data will be restored!
    8. Repeat these instructions if necessary for each affected drive (don’t forget to change the letter!).

    You are not done yet! We have to remove any traces of the virus that remain. Please keep reading.

    Drive.bat Virus

    Hold together the Start Key and R. Type appwiz.cpl –> OK.

    Drive.bat Virus

    You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:

    Drive.bat Virus

    Drive.bat Virus

    Type msconfig in the search field and hit enter. A window will pop-up:

    Drive.bat Virus

    Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

    • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.

    Hold the Start Key and R –  copy + paste the following and click OK:

    notepad %windir%/system32/Drivers/etc/hosts

    A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

    Drive.bat Virus

    If there are suspicious IPs below “Localhost” – write to us in the comments.

    Drive.bat Virus

    Type Regedit in the windows search field and press Enter.

    Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

    • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
      HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
      HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

    If the guide didn’t help you, download the anti-virus program we recommended or ask us in the comments for guidance!


    About the author


    Brandon Skies

    Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.


    • If you complete the guide with all of its steps, strictly following the instructions, there’s a high chance that you’d be able to handle the issue.

    • hi, have this ip´s below localhost
      # localhost name resolution is handled within DNS itself.
      # localhost
      # :: localhost
      Addresses: 2607:f8b0:4008:807::200e www. youtube. com www. youtube. com www. youtube. com www. youtube. com www. youtube. com www. youtube. com www. youtube. com www. youtube. com www. youtube. com www. youtube. com www. youtube. com www. youtube. com

    • I download the spy hunter antivirus to remove the drive.bat virus but still iybkeeps from coming back.. i tried also to reformat the drive but still coming back.

    • Hi, recently i just realized that my flash drives were infected with shortcut virus (window batch file kaspersky 2017 something like that ) . I tried format but it keeps come back. When i formatted the drive, all the data was gone but there’s still shortcut when i opened. I already use malwarebytes, smadav, avast and so on but nothings happen. I tried those cmd prompt method and regedit so on but nothing happen. Pls help me get rid this stubborn shit!

    • I used the run and paste (notepad %windir%/system32/Drivers/etc/hosts) and I found number ip i guess and the word localhost here so what should i do?

      • Can you send us the IP here so that we will be able to tell you if you need to remove it or if it is okay to leave it there.

    • This file.bat is persistent and whenever i use step 5 and 6 it closes automatically, need help for this virus that hides my files

      • Are you doing all this in Safe Mode? If not, make sure you first boot into Safe Mode so that the malware cannot interfere.

    • Came back here just to say “Thank You!”. Most people are having problems, but I think that’s because they aren’t rebooting the system in safe mode and this is crucial. Thank you again.

      • We are very happy to hear that you’ve managed to deal with the issue with out help, you are most welcome!

    • Did you complete the guide and if you did, was there anything suspicious in the Hosts file and in the Registry Editor?

    • Hello! My flash drive was infected with this virus. I tried to delete and followed the steps provided above but it keeps coming back. And now the whole system of my computer was infected. I need help. What should I do? I’m afraid that it may damages all of my files.

      • You should probably delete them manually and then save the file but we still advise you to first send us the IPs that you’ve found there so we can tell you if they really need to be deleted.

    Leave a Comment