ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

How to Remove a Hidden Virus from an Infected Flash Drive Without an Antivirus Program

Updated on September 9, 2012

Removing virus from an external device without using an antivirus software

There are many good antivirus programs out there but in case you don’t want to use one, or you suspect that the one you have is not detecting the virus or maybe you are using someone else’s computer and want to do a quick check, you can do these simple steps to check and clean the external device. This method uses the Command Prompt program in Windows operating systems. Command Prompt used to be the Disk Operating System or DOS – the one that came before Windows.

Before we start, you need to know some of the behaviors and characteristics of some viral files. First, they hide themselves. They take on the System, Hidden and Read-only attributes. Next, in order to spread, they need to be automatically run. Expect an autorun.inf file that is hidden in the root directory of your storage device or flash drive (sometimes this happens too in Optical drives or CDs). And sometimes they hide themselves in a folder and make the folder hidden. Other viruses also change your folders to *.exe files so you get to run them yourself. So you need to look for these signs when checking for viruses.

Assume that you have a flash drive which took F: for its drive letter. To check that drive, Click start, then type “cmd” then enter. This opens Command Prompt. Windows XP users need to type “run” then enter after clicking start. Once you are in the Command Prompt interface type these:



What that does is list all files and their attributes in the root directory. Look for the ones mentioned above then once you have identified them you can proceed to changing their attributes using the attrib command. Type “attrib –s –h –r” then hit enter. This removes the system, hidden and read-only attributes of all files in the root directory. Now you can delete them. Type these:

Del autorun.inf

Del filename.exe

This command deletes the autorun.inf file and the virus. Filename is the filename of the .exe file that had a System, Hidden and Read-only or SHR attribute. If there is more than one add more lines. If you have those .exe files masquerading as folders, do the del command for each of the .exe file or just type “del *.exe” which deletes all .exe files in the root directory.

To check for hidden folders, type “attrib /s /d” – same as the one above but it also lists the directories or folders. the “/s /d” are switches which tells the attrib command to include all folders and subdirectories. To remove or delete a folder type “rmdir foldername /s /q” – foldername is the name of the SHR folder. There is no need to remove the attribute before you can erase it.

However, after doing any of the steps and what you have done is reverted, the virus may be running in the system. Example is when you delete autorun.inf then it comes back or if you change the attributes and it goes back to SHR. In this it is better to get a virus removal tool to do the job. It will be easier. So, when opening a flash drive or any external device you suspect to have a virus, do not just double click on it in My computer. Instead, right click then select the explore option or you can just go directly to command prompt then look for the viruses.


    0 of 8192 characters used
    Post Comment

    No comments yet.


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
    ClickscoThis is a data management platform studying reader behavior (Privacy Policy)