0

All the exe files are showing as Shortcut files on my PC. I tried installing the programs but it shows up an error of System Volume Information related.

On clicking the OK button, the installing popup comes. I think that it might be due to the virus attack. On the properties Tab, it is showing the Location of the exe files like C:\Windows....

I am attaching the screenshot of the error too. I tried scanning with K7 Antivirus too but it's not showing any Threat. Can I know how to overcome the issue.

Showing Shortcuts

enter image description here

Properties Tab of Safari as an example

enter image description here

Sagar Gupta
  • 9
  • May be they are all shortcuts. See the file size, all are 1KB. Open CMD in that folder and type dir & attrib command. What did you see? – Biswapriyo Aug 01 '17 at 13:55
  • Its showing C:\Windows\system32 and some files location (A big list) – Sagar Gupta Aug 01 '17 at 14:01
  • Am I right in assuming that D:\Sager\Softwares is a folder full of installers for various programs? – jpaugh Aug 01 '17 at 14:46
  • @SagarGupta Once you open cmd, you have to type chdir D:\Sager\Softwares and then D: in order to change to the right directory (and then to the right drive). Once it has the right path, try dir & attrib again. – jpaugh Aug 01 '17 at 14:47
  • .exe added to name of the files but still a shortcut after trying your method @jpaugh – Sagar Gupta Aug 01 '17 at 15:19
  • Possibly related: https://www.usb-antivirus.com/2014/03/remove-shortcut-virus-usb/ – JosefZ Aug 01 '17 at 16:01

1 Answers1

0

Look closely at the shortcut and you'll see that there is an executable (systemvolumeinformation.exe), followed by the executable of the actual file you wish to launch. This is classic Malware behaviour.

Double clicking on the poisoned shortcut will execute the first .exe, then the second. So the malware executes, followed by the actual desired application.

At some point you have been infected by malware which has scanned your system for executables and replaced them with these shortcuts. It's possible your existing antivirus may have removed the payload (systemvolumeinformation.exe), causing an error to occur when the shortcut is launched.

A further tip is to look for hidden files: often these shortcut poisoning trojans hide the original executable, so cleanup becomes a simple matter of removing the shortcut and unhiding the original file. It can all be scripted.

Your screen shot gives some clues as to how the malware got in, so you may wish to consider using safer surfing habits.

user757071
  • 1
  • there was no antivirus when I inserted the pendrive – Sagar Gupta Aug 01 '17 at 16:39
  • Yes, you said right. It's a malware as it launches the systemvolumeinformation.exe then shows an error and runs the program. Kindly tell me how to deal with this problem and revert my pc to its initial stage. I tried reinstalling windows too but still same shortcuts are showing everywhere. – Sagar Gupta Aug 02 '17 at 00:12