Have you ever connected your hard drive to a PC without first checking for viruses on a PC? It could be scary if you did only to find out that all your executable files (exe) or software installers worth 100MB and above seem to be missing and replaced with an executable file of about 800KB in size.
What is the Paint Virus?
This is a virus very similar to the well known shortcut or lnk virus. The only difference is that the paint virus attacks only executable files (exe)
It simply hides and renames the original executable file adding a small letter "v" to the beginning of the file name then replaces itself with the original file name and icon.
lets take an example, you have a file named Chrome.exe with a size of 40MB, this file would be renamed to vChrome.exe and the file would be hidden then a new file with a size of 800KB would be named Chrome.exe with the exact chrome icon as well. Once you try to install this new 800KB file, the PC gets infected automatically.
How to Manually Remove the Effects of the Paint Virus from an infected Removable Media Device
The manual process might be a little bit stressful but I prefer this method to using an Anti virus BTW an Anti virus won't unhide and rename your files for you.
- You must use an uninfected PC with a strong and reliable Anti virus for this (e.g Avast).
- If you don't have a reliable Anti Virus then please do not attempt to connect this infected media device because the virus would have already set-up an autorun program to automatically run once the media device is connected to any PC.
- Connect the infected device (hard drive, USB flash drive, e.t.c) using USB
- Your Anti virus should automatically block the paint's virus autorun process
- You can now open the removable media
- Now hold the shift key and right click on any empty space then select Open Command window here
- In the CMD prompt window that appears next, type in the code below and hit Enter
attrib -h -r -s /s /d *.*
- Wait for the process to complete
- Now all hidden, read only and system attributes has been removed from all files.
- Now delete the autorun file from the root of the removable media
- Delete any folder called Photo from the root of the removable device as well (skip this step if you don't find any such folder)
(also ensure that you don't have any personal files within this folder)
- Now go through all folders within the removable media device containing an executable file (exe). Be extremely careful not to install anything and take note of the sizes. You'll find that most executables have a size of approx 825kb or there about
- Select and permanently delete all the executables with the same size as shown in the picture above
- In the same folder, you'll notice another set of executables with a small letter "v" attached to the beginning of their name. (These files are your original executable files)
You can simply rename them all, i.e remove the small letter "v". If you are lazy then of course you can as well leave them
How to Prevent / Avoid this Rename and Hide Effects Caused by this Virus
- Simply compress all your executables within ISO, ZIP or RAR compressed file. This way there'll be no executables to affect.
How to Remove the Paint Virus From an Infected PC
- An easy method would be to do a full system OR boot time scan with a reliable Anti Virus