Using command prompt "attrib" to check for Viruses or Malware
71Microsoft Command Prompt "attrib" is a very useful tool to check if your hard drives even your flashdisks have been infected by a virus.
You will know if a Malware is inside your hard drive just by looking at the attributes of each files and the file that has the attributes of +s +h +r
The function of attrib is to set and remove file attributes (read-only, archive, system and hidden).
Launch attrib
To start attrib
- Go to Start Menu > Run
- Type cmd (cmd stands for command prompt)
- Press Enter key
The Command Prompt will appear showing us where is our location in the directory.
Using attrib
To use attrib
- Go to the root directory first by typing cd\(because this is always the target of Malware / Virus)
2. Type attrib and press Enter key
- How to protect your family against Swine Flu or AH1N1
AH1N1 is a new strain of flu virus, although flu virus is always with us (because they are air borne) this new strain a more dangerous compared to a normal flu. A new strain of flu emerges every few... - 6 months ago
- Bleach - Vizard, History, Characters and abilities
The Vizards is a group of former Shinigami who obtained hollow powers. While the term vizard is spelled in the manga using kanji meaning secret army (kamen no gunzei), it is evident that the... - 6 months ago
- Charice Pempengco and Oprah Winfrey
Charice Pempenco was born on May 10, 1993 in Cabuyao, Laguna in the Philippines, so her age is 16. She is fondly called by her friends as âChaâ. She joined a contest of ABS-CBN... - 6 months ago
In this example, I have two files that are considered as malware.
Note that there are two files which I outlined in red (SilentSoftech.exe and autorun.inf). Since you cannot see this file nor delete it (because the attributes that was set on these files are +s +h +r)
- +s - meaning it is a system file (which also means that you cannot delete it just by using the delete command)
- +h - means it is hidden (so you cannot delete it)
- +r - means it is a read only file ( which also means that you cannot delete it just by using the delete command)
Now we need to set the attributes of autorun.inf to -s -h -r (so that we can manually delete it)
- Type attrib -s -h -r autorun.inf ( be sure to include -s -h -r because you cannot change the attributes using only -s or -h or -r alone)
- Type attrib again to check if your changes have been commited
- If the autorun.inf file has no more attributes, you can now delete it by typing del autorun.inf
- Since SilentSoftech.exe is a malware you can remove its attributes by doing step 1 and step 3(just change the filename) ex. attrib -s -h -r silentsoftech.exe
There you have it!!!!
NOTE : when autorun.inf keeps coming back even if you already deleted it, be sure to check your Task Manager by pressing CTRL + ALT + DELETE ( a virus is still running as a process thats why you cannot delete it. KILL the process first by selecting it and clicking End Process.
Hope this helps!!!!! :) Jah bles!
PrintShare it! — Rate it: up down flag this hub
Comments
silentsoftech.exe is a virus.. I used it as an example... Attrib function will not delete a file, it will just set the attributes of a file... In this article I set the attributes of autorun.inf and silentsoftech.exe so that I can delete them using the del function..
can u mention other types of viruses that can be detected and deleted using this method......
trojans and malwares...
thanks man.. this solved my problem.. :)
this solves my problem but still there is one thing i don't get, how would i know if a attribute is a malware or trojans?
you can check if a file is an OS file or not but googling it... but usually virus has awkward names... :)
how would you know if a file shown is infected?
Thanks so much! (:
it did,t work
thanks dude
thanks:
Thnks!
Carried out all the steps as instructed but after the delete step the prompt page said autorun.inf file could not be found although it was still clearly there and once I typed in attrib the autorun file was back with the SHR attributes. This also happened with another virus/malware m1eqos3.exe which also didnt delete. Please help
@gaz: there is possible a running malware on your computer that is why when you change or delete the autorun, it will again be restored...
NOTE : when autorun.inf keeps coming back even if you already deleted it, be sure to check your Task Manager by pressing CTRL + ALT + DELETE ( a virus is still running as a process thats why you cannot delete it. KILL the process first by selecting it and clicking End Process.
sir!! i still have my mp4 always formatiing by itself and i always lose my important pics. pls help me
it does not remove any viruses
this is one of some silly methods.
how would i know what is the virus?
@robert: try to scan your mp4 using kaspersky (update it first)
@hitesh: read the TITLE! it doesn't says remove virus --- we're just checking for it.. and maybe applying some first aid if we can..
@pshh: usually a virus has silly names.. but if you're unsure just google the filename...
@sheryl and silambu: np.. hoe it helps!
it 's ok ,
after typing del autorun.inf it is saying it is used by some other process,so can't be deleted
Hi isyan,
I am having an issue with Explorer setting all of my folders to Read Only. I try to remove the check and Apply but it comes back.
Will the attrib cmd help?
Vista 64
question:
Does this also make the folder options to come back to its original settings? which means when u have already deleted the virus, can you now access folder options?
hnyaji says:
7 months ago
I have no idea what you are trying to say! You have straight away mentioned SilentSoftech.exe. Are you using 'attrib' function to delete this file? If so the title of this article is misleading.