Reboot into normal Windows. Run these three tools in order:

    In File Explorer, go to View > Options > View tab. Uncheck "Hide extensions for known file types." You will now see USBDocument.pdf.exe disguised as a PDF.

    A: The trojan may have installed a rootkit or a second stage payload. Run TDSSKiller (by Kaspersky) to scan for bootkits. Also, check Task Scheduler for odd tasks named USBUpdate or AdobeFlash.

    Navigate to the following locations and delete any instance of usbv197.exe:

    Pro tip: Sort files by "Date Modified." The infected file was likely created around the time you first noticed the problem.

    Blindly deleting an executable can sometimes break a legitimate application. Instead, follow this forensic checklist:

    At first glance, the name usbv197.exe suggests a connection to USB (Universal Serial Bus) technology. The "v197" portion hints at a version number. However, legitimate Windows system files do not follow this naming convention.

    usbv197.exe
    Previous
    The Largest And Best Collection Of Business Sales And Personal Letters
    usbv197.exe
    Next
    Samsung Galaxy S4 Launching Soon In India And Pakistan Market