Shurcut virus impossible to irradicate

Dark11200 · Apr 17, 2026

Hello everyone, I'm calling for help because a rather annoying virus has come on my pc. Its name "Shortcut Virus". I tried almost everything that is said on the internet, i.e. "CMD" then "Attrib", scanner via malwarebyte, windefender, etc. Nothing helps, as soon as I insert an external key or dd in USB, everything disappears and a shortcut puts it in place of the root. If anyone has a lasting solution, I'm interested, thank you in advance. Windows 11 25h2.

joeandmarg0 · Apr 17, 2026

Disconnect from the internet and see if Windows Defender can reove the virus.
If not,the safest way is a Reinstall.

glasskuter · Apr 17, 2026

Since that malware is both a worm and a trojan, I fully agree. I don't let such stuff lurk around in one of my systems. If you have an image of your system made before infection, restore it. If you do not, a clean install is the only way I would go.

Sir_George · Apr 17, 2026

Dark11200 said:
Hello everyone, I'm calling for help because a rather annoying virus has come on my pc. Its name "Shortcut Virus". I tried almost everything that is said on the internet, i.e. "CMD" then "Attrib", scanner via malwarebyte, windefender, etc. Nothing helps, as soon as I insert an external key or dd in USB, everything disappears and a shortcut puts it in place of the root. If anyone has a lasting solution, I'm interested, thank you in advance. Windows 11 25h2.

TrendMicro has a free app that will clean any infections found. The app is Housecall and it is web based. Use the link below to visit the site and you can download it from there. I used it a long time ago and it did find and resolve my issue. Good luck!

HouseCall – Free Online Security Scan

Detect and fix viruses, worms, spyware, and other malicious threats for free.

www.trendmicro.com

kelper · Apr 17, 2026

Buy a decent anti-malware program like BitDefender. Don't rely on Defender /Windows Security!

badrobot · Apr 17, 2026

I never attempt to remove a virus infection, my 15 minute fix is to restore an image backup. I hope you have a backup image, otherwise, clean install is next best move.

kelper · Apr 17, 2026

Dark11200 said:
Hello everyone, I'm calling for help because a rather annoying virus has come on my pc. Its name "Shortcut Virus". I tried almost everything that is said on the internet, i.e. "CMD" then "Attrib", scanner via malwarebyte, windefender, etc. Nothing helps, as soon as I insert an external key or dd in USB, everything disappears and a shortcut puts it in place of the root. If anyone has a lasting solution, I'm interested, thank you in advance. Windows 11 25h2.

It's not a good idea to post your email address on a public forum; please delete the second attachment.

Alejandro85 · Apr 17, 2026

Once your system is infected, the only solution is a full reinstalation of the operating system from known-good media. Since the computer is compromised, nothing you do with it can be considered safe, so the clean install is the only way out of it.

Kees · Apr 17, 2026

Alejandro85 said:
Since the computer is compromised, nothing you do with it can be considered safe, so the clean install is the only way out of it.

That's not true. A restore from an image that was taken when the system was not yet compromized and that image restore done fully independent of the operating system (off-line restore) will do. I myself am using Clonezilla, which restores images completely independent of Windows, it's using a Linux startup from an USB-system 'disk'. But other image-apps, like the much-praised Macrium, certainly have such a possible restore as well.

Restoring a recent image is done in about 10 minutes (dependent of the app and the size of the system partition), while a new installation and installing of all apps and tweaks takes me a day!

Dark11200 · Apr 17, 2026

Bonjour à tout (re) Mon problème semble résolu (je croise les doigts) En effet, avant d'avoir vos réponses, j'ai par acquis de conscience fait une analyse hors connexion Windefender, et il semble que cela est fait son effet. Je testes encore sur des clefs USB. Le raccourcie est supprimable (ce qui n'était pas le cas) et surtout il ne revient pas automatiquement. Je lance donc via le terminal en mode administrateur la commande "Attrib....." et là oh miracle les fichiers et dossiers sont de nouveau visibles. Pourvu que ça dure. Je vous tiens au courant si cela ré apparaît. Merci encore à tout.

Sir_George · Apr 17, 2026

Dark11200 said:
Bonjour à tout (re) Mon problème semble résolu (je croise les doigts) En effet, avant d'avoir vos réponses, j'ai par acquis de conscience fait une analyse hors connexion Windefender, et il semble que cela est fait son effet. Je testes encore sur des clefs USB. Le raccourcie est supprimable (ce qui n'était pas le cas) et surtout il ne revient pas automatiquement. Je lance donc via le terminal en mode administrateur la commande "Attrib....." et là oh miracle les fichiers et dossiers sont de nouveau visibles. Pourvu que ça dure. Je vous tiens au courant si cela ré apparaît. Merci encore à tout.

Translated;
Hello everyone (again). My problem seems to be solved (fingers crossed). In fact, before getting your replies, I ran a Windefender offline scan just to be on the safe side, and it seems to have done the trick. I’m still testing it on USB drives. The shortcut can be deleted (which wasn’t the case before) and, most importantly, it doesn’t reappear automatically. So I run the “Attrib...” command via the terminal in administrator mode, and lo and behold, the files and folders are visible again. Let’s hope it lasts. I’ll keep you posted if it comes back. Thanks again to everyone.

Translated with DeepL.com (free version)

Scannerman · Apr 17, 2026

badrobot said:
I never attempt to remove a virus infection, my 15 minute fix is to restore an image backup. I hope you have a backup image, otherwise, clean install is next best move.

Agreed to a degree. If it is indeed a genuine virus infection a re-image would be the wisest approach in most cases. If it's a root kit (which is not usually the case these days) it needs to be dealt with in the BIOS. Some viruses (so-called) are really just annoying malware that doesn't actually harm the OS and often can be fixed with something as simple as System Restore. Certain AVS (such as Kaspersky) can identify the culprit and describe what level of threat it poses to the system. What the OP has described is definitely a nasty and IMO they would be wise to run a clean install at some point even if it has already been 'dealt' with.

kelper · Apr 17, 2026

Well, I beg to differ. I would download some free AV and see if it can eradicate the infection as a first response. There are so many good online antimalware resources.

badrobot · Apr 17, 2026

Scannerman said:
Agreed to a degree. If it is indeed a genuine virus infection a re-image would be the wisest approach in most cases. If it's a root kit (which is not usually the case these days) it needs to be dealt with in the BIOS. Some viruses (so-called) are really just annoying malware that doesn't actually harm the OS and often can be fixed with something as simple as System Restore. Certain AVS (such as Kaspersky) can identify the culprit and describe what level of threat it poses to the system. What the OP has described is definitely a nasty and IMO they would be wise to run a clean install at some point even if it has already been 'dealt' with.

Haha.. good point. I just don't want to waste time dealing with it just to find out if it is easily fixable or not. It doesn't deserve my time. To me, a virus is a virus and I treat them all the same. I shop and bank online a lot. I am not gonna take any slight chances.

Ghot · Apr 17, 2026

@Dark11200
Welcome to ElevenForum.

Here's ten points, just for filling out your computer specs.

Here's some other things that you may find useful...

Quickie Eleven Forum Setup Guide for new Members

Quickie Interface tour... Quickie set up... At the top right, click on your name, then choose "Preferences". Then go through everything on the left side. Quickie navigation... Click Forums and choose a subforum, OR... Click Forums, then New Posts or What's New Ranks, Trophies...

www.elevenforum.com

Macrium Reflect, AOMEI Backupper and Hasleo Backup Suite - GUIDES

How to use backup software... 1. When everything is working perfectly... make a full Windows backup. 2. Then, if something breaks... restore from the latest backup. 3. Then... try "whatever you were doing" a different way. If it still breaks Windows, then... go to step #2. 4. Repeat...

www.elevenforum.com

Windows 11 Tweaks - Leader Board.

These are tweaks I've seen asked for... many times. They are collected here for easy access. All of these and more can be found in the Eleven Forum Tutorials Make sure to read the "notes" in the various tutorials. At the bottom of the first post in all the "tutorials", there are links to...

www.elevenforum.com

Alejandro85 · Apr 17, 2026

Kees said:
A restore from an image that was taken when the system was not yet compromized

That's the really difficult part. How do you know for a fact that the previous image wasn't already infected?
Normally, at most, one knows when the symptoms arise, but not when the infection took place. Most people won't actually notice when they become infected, that's a luxury very few times you can have to realise that you've made a mistake and let a virus in.

For the rare case that you really know when the malware entered, that becomes one of the rare cases when an image becomes a useful backup. A restore there and you're good to go, just lost everything done since the image.

In the most typical case, an image would be as suspect as the live system, that's why the experts recommend "nuke it from orbit" (clean OS resintall) as the first option in case of comprimise.

Ghot · Apr 17, 2026

Alejandro85 said:
That's the really difficult part. How do you know for a fact that the previous image wasn't already infected?

You use 3rd party backup software like... Macrium Reflect, which protects it's backed up images.

Macrium Image Guardian (MIG) is a security feature integrated into Macrium Reflect (version 7.1 and later) designed to protect backup files (.mrimg) from being modified, encrypted, or deleted by unauthorized processes, such as ransomware. It operates by restricting write access to backup files on local and USB-attached NTFS drives, allowing only verified Macrium binaries to modify them.

Key Features and Benefits

Ransomware Protection: MIG specifically targets ransomware that attempts to destroy backups to prevent data recovery.

Focused Security: It is not a general-purpose antivirus, but a dedicated tool that only protects Macrium backup files, offering a low-resource footprint.

Unauthorized Access Blocking: Any non-Macrium process attempting to alter a protected backup file will be blocked, and the event will be logged.

Network Support: It can protect backups on networked machines (via Macrium Site Manager) without needing a full installation on every node.

How It Works

Signature Verification: MIG verifies the digital signature of any process trying to write to a backup file.

Protection Scope: It protects local NTFS volumes and allows for the automatic protection of new backup drives.

Exceptions: It can be configured to allow trusted applications, such as MS RoboCopy, to move or manage backup files.

pseymour · Apr 17, 2026

Image Guardian type things only protect the backup once it’s taken. If you backed up an OS that was infected, you have a really good safe backup of an infected machine.

Jacee · Apr 17, 2026

Did you recently download something from a USB, your phone or another computer?

badrobot · Apr 17, 2026

Alejandro85 said:
That's the really difficult part. How do you know for a fact that the previous image wasn't already infected?
Normally, at most, one knows when the symptoms arise, but not when the infection took place. Most people won't actually notice when they become infected, that's a luxury very few times you can have to realise that you've made a mistake and let a virus in.

For the rare case that you really know when the malware entered, that becomes one of the rare cases when an image becomes a useful backup. A restore there and you're good to go, just lost everything done since the image.

In the most typical case, an image would be as suspect as the live system, that's why the experts recommend "nuke it from orbit" (clean OS resintall) as the first option in case of comprimise.

When you first installed your OS, of course it has to be clean. Keep doing more images and leave at least 2 older ones as backups. You will surely know when problems first came out and which versions of your back up is clean. I do image backups quarterly or every change of season.

Shurcut virus impossible to irradicate

Member

Attachments

My Computer

Well-known member

My Computer

aka Mama Glass

My Computers

Well-known member

My Computer

Well-known member

My Computers

Well-known member

My Computers

Well-known member

My Computers

New member

My Computer

Well-known member

My Computer

Member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computers

Well-known member

My Computers

Well-known member

My Computers

New member

My Computer

Well-known member

My Computers

putting the mental back in experimental

My Computer

Accroche-toi à ton rêve

My Computers

Well-known member

My Computers

Similar threads