7/31/2019 Using Command Prompt_virus

1/5

Using command prompt "attrib" to check for Virusesor Malware

76

rate or flag this page

By isyan

Microsoft Command Prompt "attrib" is a very useful tool to check if your hard drives even your

flashdisks have been infected by a virus.

You will know if a Malware is inside your hard drive just by looking at the attributes of each files and

the file that has the attributes of +s +h +r

The function of attrib is to set and remove file attributes (read-only, archive,system and hidden).

Launch attrib

To start attrib

1. Go to Start Menu > Run

2.Type cmd (cmd stands for command prompt)

3. Press Enter key

The Command Prompt will appear showing us where is our location in the directory.

command prompt showing the current location in the directory

Using attrib

To use attrib

1.Go to the root directory first by typing cd\(because this is always the target of Malware / Virus)

2. Type attrib and press Enter key

http://isyan.hubpages.com/hub/Using-command-prompt-attrib-to-check-for-Viruses-or-Malware#ratehttp://isyan.hubpages.com/http://isyan.hubpages.com/http://isyan.hubpages.com/hub/Using-command-prompt-attrib-to-check-for-Viruses-or-Malware#rate

7/31/2019 Using Command Prompt_virus

2/5

after typing attrib, all the attributes of all the files (excluding folders) will be shown

Benefits of Rooting your Android PhoneI recently purchased an HTC Wildfire phone and I must say this is one of the coolest phone (in

terms of budget and features) out there.. - 7 months ago

Spanish Galleon Andalucia

The Spanish Galleon Andalucia visited the beautiful island of bohol from October 23-26,2010.

-15 months ago

Uchiha Sasuke Team Hebi

Hebi (means snake) is a group of specialized shinobi created by Uchiha Sasuke having one

goal in mind, and that is to kill his brother Uchiha Itachi. - 15 months ago

In this example, I have two files that are considered as malware.Note that there are two files which I outlined in red (SilentSoftech.exe and autorun.inf). Since you

cannot see this file nor delete it (because the attributes that was set on these files are +s +h +r)

1.+s - meaning it is a system file (which also means that you cannot delete it just by using the

delete command)

2.+h - means it is hidden (so you cannot delete it)

3.+r- means it is a read only file ( which also means that you cannot delete it just by using the

delete command)

Now we need to set the attributes of autorun.inf to -s -h -r (so that we can manually delete it)

1.Type attrib -s -h -r autorun.inf( be sure to include -s -h -r because you cannot change the

attributes using only -s or-h or-ralone)

2.Type attrib again to check if your changes have been commited

3. If the autorun.inf file has no more attributes, you can now delete it by typingdel autorun.inf

http://isyan.hubpages.com/hub/Benefits-of-Rooting-your-Android-Phonehttp://isyan.hubpages.com/hub/Spanish-Galleon-Andaluciahttp://isyan.hubpages.com/hub/Uchiha-Sasuke-Team-Hebihttp://isyan.hubpages.com/hub/Uchiha-Sasuke-Team-Hebihttp://isyan.hubpages.com/hub/Benefits-of-Rooting-your-Android-Phonehttp://isyan.hubpages.com/hub/Spanish-Galleon-Andaluciahttp://isyan.hubpages.com/hub/Uchiha-Sasuke-Team-Hebi

7/31/2019 Using Command Prompt_virus

3/5

4.Since SilentSoftech.exe is a malware you can remove its attributes by doing step 1 and step

3(just change the filename) ex. attrib -s -h -r silentsoftech.exe

a) I typed the attrib command with the -s -h -r setting b) the result after I pressed enter - autorun.inf has no attributes

left

There you have it!!!!

NOTE : when autorun.inf keeps coming back even if you already deleted it, be sure to check

yourTask Managerby pressing CTRL + ALT + DELETE ( a virus is still running as a process thats

why you cannot delete it.KILL the process first by selecting it and clicking End Process.

NOTE: You can also apply the attrib -s -h -r command to all the partition of your computer, drive D:

drive E: drive F: (all of your drives). For example. for drive D, just type " D:" (minus the double quote)then you can see that your current drive is D.. type there the command "attrib -s -h -r *.exe" for exe

files and "attrib -s -h -r *.inf" and then delete the file by "del autorun.inf".

Hope this helps!!!!! :) Jah bles!

NOTE: If you want to have a more detailed information regarding How to delete a virus visit my other

hub.. HOW TO DELETE A VIRUS IN YOUR USB/FLASHDISK

Instructions1.

o 1Click the "Start" menu and type "CMD" into the "Run" box and click "OK."

http://isyan.hubpages.com/hub/How-to-Delete-a-Virus-in-your-USB-or-Flashdiskhttp://isyan.hubpages.com/hub/How-to-Delete-a-Virus-in-your-USB-or-Flashdisk

7/31/2019 Using Command Prompt_virus

4/5

o 2Select the drive that is infected with the virus. If you are not sure which drive is infected, start with the"C:" drive. Type in "C:" and press "Enter" to access this drive.

o 3Type the following into the command prompt box: - s - h *. * /s /d and press "Enter." This will bring upany suspicious files located on the drive. Open the suspicious file.

o 4Look for a file that contains a ".exe" file and a file titled "autorun.inf." If you find these two files, youhave found the tainted file. Make sure to write down the name of the program where the file is located.

o 5Rename the "autorun.inf" so you can access the drive later without activating the virus. Type: renameautorun.inf as virusfile and close out of the "Command" prompt box.

o 6Double-click the "My Computer" icon and select the drive that has the infected file. Find the programthat contains the infected file.

o 7Right-click on the program and choose "Open."

o 8Right-click on the file you renamed "virusfile" and choose "Delete."

o 9Right-click on the ".exe" file and choose "Delete." You have now removed the virus from yourcomputer's hard drive.

Read more: How to Delete a Virus Program Using the Command Prompt |eHow.comhttp://www.ehow.com/how_4814554_virus-program-using-command-prompt.html#ixzz1kpI1pK2K

Join Date: 2011-02-26

Posts: 267Thanked: 3115590Age: 23

Subject: How to Delete a Virus Using the Command Prompt March 28th 2011, 03:46

How to Delete a Virus Using the Command Prompt

Instructions

1. Click the "Start" menu and type "CMD" into the "Run" box and click "OK."

2. Select the drive that is infected with the virus. If you are not sure which drive is

http://www.ehow.com/how_4814554_virus-program-using-command-prompt.html#ixzz1kpI1pK2Khttp://www.ehow.com/how_4814554_virus-program-using-command-prompt.html#ixzz1kpI1pK2Khttp://www.ehow.com/how_4814554_virus-program-using-command-prompt.html#ixzz1kpI1pK2Khttp://www.ehow.com/how_4814554_virus-program-using-command-prompt.html#ixzz1kpI1pK2Khttp://www.ehow.com/how_4814554_virus-program-using-command-prompt.html#ixzz1kpI1pK2Khttp://www.ehow.com/how_4814554_virus-program-using-command-prompt.html#ixzz1kpI1pK2Khttp://www.ehow.com/how_4814554_virus-program-using-command-prompt.html#ixzz1kpI1pK2Khttp://www.ehow.com/how_4814554_virus-program-using-command-prompt.html#ixzz1kpI1pK2Khttp://www.ehow.com/how_4814554_virus-program-using-command-prompt.html#ixzz1kpI1pK2K

7/31/2019 Using Command Prompt_virus

5/5

infected, start with the "C:" drive. Type in "C:" and press "Enter" to access this drive.

3. Type the following into the command prompt box: attrib -s -h *.* /s /d and press

"Enter." This will bring up any suspicious files located on the drive. Open the suspicious

file.

4. Look for a file that contains a ".exe" file and a file titled "autorun.inf." If you find

these two files, you have found the tainted file. Make sure to write down the name of

the program where the file is located.

5. Rename the "autorun.inf" so you can access the drive later without activating the

virus. Type: rename autorun.inf as virusfile and close out of the "Command" prompt

box.

6. Double-click the "My Computer" icon and select the drive that has the infected file.

Find the program that contains the infected file.

7.Right-click on the program and choose "Open."

8.Right-click on the file you renamed "virusfile" and choose "Delete."

9.Right-click on the ".exe" file and choose "Delete." You have now removed the virus

from your computer's hard drive.[/SIZE]