https://howtoremove.

guide/how-to-remove-drive-bat-virus-usb/

Some of the steps will likely require you to exit the page. Bookmark it for later reference.
Reboot in Safe Mode (use this guide if you dont know how to do it).

WARNING! READ CAREFULLY BEFORE PROCEEDING!

We get asked this a lot, so we are putting it here: Removing Drive.bat manually may take hours
and damage your system in the process. If you want a fast safe solution, we recommend
SpyHunter.

>> Click to Download Spyhunter. If you don't want this software, continue with the guide
below.
Keep in mind, SpyHunters malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about
SpyHunter and steps to uninstall.
Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine
which processes are dangerous.

Right click on each of them and select Open File Location. Then scan the files with our
free online virus scanner:

After you open their folder, end the processes that are infected, then delete their
folders.
Note: If you are sure something is part of the infection delete it, even if the scanner doesnt flag it.
No anti-virus program can detect all infections.

WARNING!
To remove Drive.bat, you may have to meddle with system files and registries. Making a
mistake and deleting the wrong thing may damage your system.

Avoid this by using SpyHunter - a professional Drive.bat removal tool.

Keep in mind, SpyHunters malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about
SpyHunter and steps to uninstall.
This step will restore your files and delete the treacherous shortcut created by the virus. Instructions
for deleting the virus follow after it. However none of these steps can remove any extra viruses that
may have been loaded into your machine while Drive.bat was operational. To do that use an
automated scan tool from an anti-virus or anti-malware program. If you dont have one or the
one you use did not find the virus (your computer was infected after all) please look at our
recommendation above.
Hold the Start Key and R together. Write cmd in the field, then
click OK.

You are now in the Command Prompt panel. Now go to My Computer and see which
name windows assigned to your drive.

In my case its drive F. Now you have to go to the Control Panel window that we opened and type the
letter of the drive followed by semi-columns in my case it is like this F: Then hit Enter. A new like will
appear that will look like this F:\>

Now type the following: attrib F:*.* /d /s -h -r -s . (Replace F: with the drive name of your drive)

Now hit Enter. All of your files will now be recovered and the Drive.bat deleted from this drive.
Repeat this step for all affected drives simply change the F letter from the example with the
proper letter assigned to the drive you are currently cleaning!
NOTE: it is entirely possible you have contracted a virus that is the first step towards a
ransomware. Ransomware completely encrypt your personal files and demand money to
release them. Trojans are the primary source of such threats and the Drive.bat comes via
Trojans. Be careful to observe not only how to remove Drive.bat, but look around for other
problems. It is highly recommended to use a professional scanner as well.
Step 3B (Optional)
Perform this step if the instructions of Step 3 somehow didnt work and you can still see the Drive.bat on your drive.
1. First create a new .txt file (Mouse right click -> New->Text Document) and open it via NotePad

2.
3. Copy the following instructions in the NotePad file:
4. @echo off
5.
6. attrib -h -s -r -a /s /d F:*.*
7.
8. attrib -h -s -r -a /s /d F:*.*
9.
10. attrib -h -s -r -a /s /d F:*.*
11.
@echo complete
12. As beforel F: is just a placeholder! Replace F with the appropriate Drive letter on your computer!
13. Now go to Files (found upper left site of window)->Save As and change the save as type to All files(*.*) from Text documents and rename it to cleaner.bat and save it

on your desktop.
14. Simply close NotePad and double click on the newly created file.
15. All Drive.bates from the respective drive will now be removed and your data will be restored!
16. Repeat these instructions if necessary for each affected drive (dont forget to change the letter!).
You are not done yet! We have to remove any traces of the virus that remain. Please keep reading.

Hold together the Start Key and R. Type appwiz.cpl > OK.
You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you
see a screen like this when you click Uninstall, choose NO:

Type msconfig in the search field and hit enter. A window will pop-up:

Startup > Uncheck entries that have Unknown as Manufacturer or otherwise look suspicious.

Remember this step if you have reason to believe a bigger threat (like ransomware) is on your
PC, check everything here.
Hold the Start Key and R copy + paste the following and click OK:
notepad %windir%/system32/Drivers/etc/hosts
A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the
bottom. Look at the image below:

If there are suspicious IPs below Localhost write to us in the comments.

WARNING!
To remove Drive.bat, you may have to meddle with system files and registries. Making a mistake
and deleting the wrong thing may damage your system.

Avoid this by using SpyHunter - a professional Drive.bat removal tool.

Keep in mind, SpyHunters malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about
SpyHunter and steps to uninstall.
Type Regedit in the windows search field and press Enter.
Once inside, press CTRL and F together and type the viruss Name. Right click and delete any
entries you find with a similar name. If they dont show up this way, go manually to these directories
and delete/uninstall them:
HKEY_CURRENT_USER-SoftwareRandom Directory. It could be any one of them ask us
if you cant discern which ones are malicious.
HKEY_CURRENT_USER-SoftwareMicrosoft-WindowsCurrentVersionRun Random
HKEY_CURRENT_USER-SoftwareMicrosoftInternet Explorer-Main- Random
If the guide didnt help you, download the anti-virus program we recommended
or ask us in the comments for guidance!