ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel
  • »
  • Technology»
  • Computers & Software

Using command prompt "attrib" to check for Viruses or Malware

Updated on August 7, 2015

Microsoft Command Prompt "attrib" is a very useful tool to check if your hard drives even your flashdisks have been infected by a virus.

You will know if a Malware is inside your hard drive just by looking at the attributes of each files and the file that has the attributes of +s +h +r

The function of attrib is to set and remove file attributes (read-only, archive, system and hidden).

Launch attrib

To start attrib

  1. Go to Start Menu > Run
  2. Type cmd (cmd stands for command prompt)
  3. Press Enter key

The Command Prompt will appear showing us where is our location in the directory.

command prompt showing the current location in the directory
command prompt showing the current location in the directory

Using attrib

To use attrib

  1. Go to the root directory first by typing cd\(because this is always the target of Malware / Virus)

2. Type attrib and press Enter key

after typing attrib, all the attributes of all the files (excluding folders) will be shown
after typing attrib, all the attributes of all the files (excluding folders) will be shown

In this example, I have two files that are considered as malware.

Note that there are two files which I outlined in red (SilentSoftech.exe and autorun.inf). Since you cannot see this file nor delete it (because the attributes that was set on these files are +s +h +r)

  1. +s - meaning it is a system file (which also means that you cannot delete it just by using the delete command)
  2. +h - means it is hidden (so you cannot delete it)


  3. +r - means it is a read only file ( which also means that you cannot delete it just by using the delete command)


Now we need to set the attributes of autorun.inf to -s -h -r (so that we can manually delete it)

  1. Type attrib -s -h -r autorun.inf ( be sure to include -s -h -r because you cannot change the attributes using only -s or -h or -r alone)
  2. Type attrib again to check if your changes have been committed
  3. If the autorun.inf file has no more attributes, you can now delete it by typing del autorun.inf
  4. Since SilentSoftech.exe is a malware you can remove its attributes by doing step 1 and step 3(just change the filename) ex. attrib -s -h -r silentsoftech.exe


a) I typed the attrib command with the -s -h -r setting b) the result after I pressed enter - autorun.inf has no attributes left
a) I typed the attrib command with the -s -h -r setting b) the result after I pressed enter - autorun.inf has no attributes left

There you have it!!!!

NOTE : when autorun.inf keeps coming back even if you already deleted it, be sure to check your Task Manager by pressing CTRL + ALT + DELETE ( a virus is still running as a process that's why you cannot delete it. KILL the process first by selecting it and clicking End Process.

NOTE: You can also apply the attrib -s -h -r command to all the partition of your computer, drive D: drive E: drive F: (all of your drives). For example. for drive D, just type "D:" (minus the double quote) then you can see that your current drive is D.. type there the command "attrib -s -h -r *.exe" for exe files and "attrib -s -h -r *.inf" and then delete the file by "del autorun.inf".

Hope this helps!!!!! :) Jah bles!

NOTE: If you want to have a more detailed information regarding How to delete a virus visit my other hub.. HOW TO DELETE A VIRUS IN YOUR USB/FLASHDISK

Comments

Submit a Comment
New comments are not being accepted on this article at this time.

  • isyan profile image
    Author

    isyan 3 years ago

    Hi,

    hopefully you'll never have to experience virus problems.. by just being vigilant and cautious as to the things that you download through the internet.. :)

    cheers

  • liesl5858 profile image

    Linda Bryen 4 years ago from United Kingdom

    Thank you Isyan for this useful and interesting hub, I will it one day when my laptop get virus problems.

  • profile image

    sim2king 4 years ago

    it worked out just perfectly. Thanx hey

  • profile image

    bile bbc 4 years ago

    thnks really it is akind of helping before i don't know it but i make of it thnks alot

  • isyan profile image
    Author

    isyan 4 years ago

    haha.. your welcome.. Jesus is Lord

  • isyan profile image
    Author

    isyan 4 years ago

    just use TAB..

    ex. type del new (then press TAB.. it will autocomplete the filename)..

  • profile image

    rayne 4 years ago

    pinoy knaman cguro

    mgtatagalog nlang ako pnu ba i delete ung my spacing na virus halimbawa new folder.exe kasi pgtype ko ng del new folder.exe sinasabi could n ot find d:\ new..pnu ba yon kapatid..salamat

  • profile image

    hey_jay19@yahoo.com 5 years ago

    nice. very informative...

  • profile image

    Avinash Singh 5 years ago

    thanks dude....

  • profile image

    tola 5 years ago

    many thanks for kindness

  • profile image

    sujith 5 years ago

    Thanks you for such wonderful information

  • profile image

    ato 5 years ago

    your are too much...............thanks alot

  • profile image

    chinu 5 years ago

    thanx... its very nice n usefull....:)

  • profile image

    sonam 5 years ago

    hi its been very nic and effectively me to delete virus in my hard drive thankx a lot you are my god ......

  • profile image

    asdf 5 years ago

    thanks :)

  • profile image

    aboalse3ab 5 years ago

    first must show all hidden files

    and then follow

    start cmd

    select the letter of the drive (e.g: G:\)

    G:\attrib -h -s -r /s *.* /d

  • profile image

    Ranga 5 years ago

    Thank you!

  • profile image

    joey jon pol 5 years ago

    thanx man!Boinaparika.it means you guys are geniuses

  • profile image

    ken 5 years ago

    thanks po

  • profile image

    gaby 5 years ago

    thanks alot

Click to Rate This Article