Using command prompt "attrib" to check for Viruses or Malware

Microsoft Command Prompt "attrib" is a very useful tool to check if your hard drives even your flashdisks have been infected by a virus.

You will know if a Malware is inside your hard drive just by looking at the attributes of each files and the file that has the attributes of +s +h +r

The function of attrib is to set and remove file attributes (read-only, archive, system and hidden).

Launch attrib

To start attrib

  1. Go to Start Menu > Run
  2. Type cmd (cmd stands for command prompt)
  3. Press Enter key

The Command Prompt will appear showing us where is our location in the directory.

command prompt showing the current location in the directory
See all 3 photos
command prompt showing the current location in the directory

Using attrib

To use attrib

  1. Go to the root directory first by typing cd\(because this is always the target of Malware / Virus)

2. Type attrib and press Enter key

after typing attrib, all the attributes of all the files (excluding folders) will be shown
See all 3 photos
after typing attrib, all the attributes of all the files (excluding folders) will be shown

In this example, I have two files that are considered as malware.

Note that there are two files which I outlined in red (SilentSoftech.exe and autorun.inf). Since you cannot see this file nor delete it (because the attributes that was set on these files are +s +h +r)

  1. +s - meaning it is a system file (which also means that you cannot delete it just by using the delete command)
  2. +h - means it is hidden (so you cannot delete it)


  3. +r - means it is a read only file ( which also means that you cannot delete it just by using the delete command)


Now we need to set the attributes of autorun.inf to -s -h -r (so that we can manually delete it)

  1. Type attrib -s -h -r autorun.inf ( be sure to include -s -h -r because you cannot change the attributes using only -s or -h or -r alone)
  2. Type attrib again to check if your changes have been commited
  3. If the autorun.inf file has no more attributes, you can now delete it by typing del autorun.inf
  4. Since SilentSoftech.exe is a malware you can remove its attributes by doing step 1 and step 3(just change the filename) ex. attrib -s -h -r silentsoftech.exe


a) I typed the attrib command with the -s -h -r setting b) the result after I pressed enter - autorun.inf has no attributes left
See all 3 photos
a) I typed the attrib command with the -s -h -r setting b) the result after I pressed enter - autorun.inf has no attributes left

There you have it!!!!

NOTE : when autorun.inf keeps coming back even if you already deleted it, be sure to check your Task Manager by pressing CTRL + ALT + DELETE ( a virus is still running as a process thats why you cannot delete it. KILL the process first by selecting it and clicking End Process.

NOTE: You can also apply the attrib -s -h -r command to all the partition of your computer, drive D: drive E: drive F: (all of your drives). For example. for drive D, just type "D:" (minus the double quote) then you can see that your current drive is D.. type there the command "attrib -s -h -r *.exe" for exe files and "attrib -s -h -r *.inf" and then delete the file by "del autorun.inf".

Hope this helps!!!!! :) Jah bles!

NOTE: If you want to have a more detailed information regarding How to delete a virus visit my other hub.. HOW TO DELETE A VIRUS IN YOUR USB/FLASHDISK

More in this Series


Recommended Hubs

Comments 193 comments

isyan profile image

isyan 14 months ago Hub Author

Hi,

hopefully you'll never have to experience virus problems.. by just being vigilant and cautious as to the things that you download through the internet.. :)

cheers


liesl5858 profile image

liesl5858 2 years ago from United Kingdom Level 3 Commenter

Thank you Isyan for this useful and interesting hub, I will it one day when my laptop get virus problems.


sim2king 2 years ago

it worked out just perfectly. Thanx hey


bile bbc 2 years ago

thnks really it is akind of helping before i don't know it but i make of it thnks alot


isyan profile image

isyan 2 years ago Hub Author

haha.. your welcome.. Jesus is Lord


isyan profile image

isyan 2 years ago Hub Author

just use TAB..

ex. type del new (then press TAB.. it will autocomplete the filename)..


rayne 3 years ago

pinoy knaman cguro

mgtatagalog nlang ako pnu ba i delete ung my spacing na virus halimbawa new folder.exe kasi pgtype ko ng del new folder.exe sinasabi could n ot find d:\ new..pnu ba yon kapatid..salamat


hey_jay19@yahoo.com 3 years ago

nice. very informative...


Avinash Singh 3 years ago

thanks dude....


tola 3 years ago

many thanks for kindness


sujith 3 years ago

Thanks you for such wonderful information


ato 3 years ago

your are too much...............thanks alot


chinu 3 years ago

thanx... its very nice n usefull....:)


sonam 3 years ago

hi its been very nic and effectively me to delete virus in my hard drive thankx a lot you are my god ......


asdf 3 years ago

thanks :)


aboalse3ab 3 years ago

first must show all hidden files

and then follow

start cmd

select the letter of the drive (e.g: G:\)

G:\attrib -h -s -r /s *.* /d


Ranga 3 years ago

Thank you!


joey jon pol 3 years ago

thanx man!Boinaparika.it means you guys are geniuses


ken 3 years ago

thanks po


gaby 3 years ago

thanks alot


Submit a Comment
New comments are not being accepted on this Hub at this time.


Click to Rate This Article
Please wait working