Using command prompt "attrib" to check for Viruses or Malware
Microsoft Command Prompt "attrib" is a very useful tool to check if your hard drives even your flashdisks have been infected by a virus.
You will know if a Malware is inside your hard drive just by looking at the attributes of each files and the file that has the attributes of +s +h +r
The function of attrib is to set and remove file attributes (read-only, archive, system and hidden).
To start attrib
- Go to Start Menu > Run
- Type cmd (cmd stands for command prompt)
- Press Enter key
The Command Prompt will appear showing us where is our location in the directory.
To use attrib
- Go to the root directory first by typing cd\(because this is always the target of Malware / Virus)
2. Type attrib and press Enter key
In this example, I have two files that are considered as malware.
Note that there are two files which I outlined in red (SilentSoftech.exe and autorun.inf). Since you cannot see this file nor delete it (because the attributes that was set on these files are +s +h +r)
- +s - meaning it is a system file (which also means that you cannot delete it just by using the delete command)
- +h - means it is hidden (so you cannot delete it)
- +r - means it is a read only file ( which also means that you cannot delete it just by using the delete command)
Now we need to set the attributes of autorun.inf to -s -h -r (so that we can manually delete it)
- Type attrib -s -h -r autorun.inf ( be sure to include -s -h -r because you cannot change the attributes using only -s or -h or -r alone)
- Type attrib again to check if your changes have been commited
- If the autorun.inf file has no more attributes, you can now delete it by typing del autorun.inf
- Since SilentSoftech.exe is a malware you can remove its attributes by doing step 1 and step 3(just change the filename) ex. attrib -s -h -r silentsoftech.exe
There you have it!!!!
NOTE : when autorun.inf keeps coming back even if you already deleted it, be sure to check your Task Manager by pressing CTRL + ALT + DELETE ( a virus is still running as a process thats why you cannot delete it. KILL the process first by selecting it and clicking End Process.
NOTE: You can also apply the attrib -s -h -r command to all the partition of your computer, drive D: drive E: drive F: (all of your drives). For example. for drive D, just type "D:" (minus the double quote) then you can see that your current drive is D.. type there the command "attrib -s -h -r *.exe" for exe files and "attrib -s -h -r *.inf" and then delete the file by "del autorun.inf".
Hope this helps!!!!! :) Jah bles!
NOTE: If you want to have a more detailed information regarding How to delete a virus visit my other hub.. HOW TO DELETE A VIRUS IN YOUR USB/FLASHDISK
Last updated on July 18, 2011
You can help the HubPages community highlight top quality content by ranking this article up or down.