Tuesday, August 11, 2009

Find and Delete a Virus using cmd..!!

This is old but gold for people who don't have much RAM to install an antivirus on their PC..
So here Am gonna tell you how to detect and delete a virus which has infested your PC..

Do the following steps..:-
->Press win+R to open RUN dialog box
->type CMD to open Command Prompt
A black screen like this will open up
Image

Now, Microsoft Command Prompt "attrib" is a very useful tool to check if your hard drives even your flashdisks have been infected by a virus.

You will know if a Malware is inside your hard drive just by looking at the attributes of each files and the file that has the attributes of +s +h +r

The function of attrib is to set and remove file attributes (+r = read-only, archive, +s = system and +h = hidden).

To use attrib

1. Go to the root directory first by typing cd\(because this is always the target of Malware / Virus)
2. Type attrib and press Enter key
Image

In this example, I have two files that are considered as malware.

Note that there are two files which I outlined in red (SilentSoftech.exe and autorun.inf). Since you cannot see this file nor delete it (because the attributes that was set on these files are +s +h +r and I have already mentioned what the stand for

Now we need to set the attributes of autorun.inf to -s -h -r (so that we can manually delete it)

1. Type attrib -s -h -r autorun.inf ( be sure to include -s -h -r because you cannot change the attributes using only -s or -h or -r alone)
2. Type attrib again to check if your changes have been commited
3. If the autorun.inf file has no more attributes, you can now delete it by typing del autorun.inf
4. Since SilentSoftech.exe is a malware you can remove its attributes by doing step 1 and step 3(just change the filename) ex. attrib -s -h -r silentsoftech.exe)

Image

There you have it!!!!

NOTE : when autorun.inf keeps coming back even if you already deleted it, be sure to check your Task Manager by pressing CTRL + ALT + DELETE ( a virus is still running as a process thats why you cannot delete it. KILL the process first by
selecting it and clicking End Process.

Thank you
A.ROSHAN

25 comments:

  1. Nice blogging, My review is very good example.
    Lindsay Rosenwald http://www.lindsay-rosenwald.net/ Dr. Lindsay Rosenwald is one of the re-known venture capitalists and the hedge fund managers in the world.

    ReplyDelete
  2. Nice Blogging,
    UTAH : Utah Web Design http://www.adaptivitypro.com/utah-web-design/

    ReplyDelete
  3. Very good blogging,
    Utah SEO http://www.adaptivitypro.com/utah-web-design/

    ReplyDelete
  4. what if it only has +s +h is it still a virus?
    also i need help with getting rid of a SPAM MAIL virus PLEASE HELP contact me at wilcox623@gmail.com ASAP!!!

    ReplyDelete
  5. Buck Reed Achievements and his vision and success http://www.buckreed.org/buckreedvision.html

    ReplyDelete
  6. i always get unable to change C:\\ ....

    ReplyDelete
  7. cool,,,,i'm goonna share this on my classmates..

    ReplyDelete
  8. uhm.. yea' i know a little bit of that..
    thank you for the more info..

    ReplyDelete
  9. that is a great job done.it will also teach my friends

    ReplyDelete
  10. In the above example you already know which file is infected or a malware so you copuld do that...
    Is there a way to identify the virus/Malware file???

    ReplyDelete
  11. my autorun.inf is being use by another programme and i cant delete it.how to stop the process?

    ReplyDelete
  12. why I enter "attrib" is not recognized?

    ReplyDelete
  13. how can you tell the files are malware ... whats the give away

    ReplyDelete
  14. copied from http://computermaniacz.blogspot.in/2009/08/scan-and-remove-viruses-using-doscmd.html :P

    ReplyDelete
  15. cannot delete pagefile.sys it says unable to change attribute is it a virus or not

    ReplyDelete
    Replies
    1. Sheshank, did you figure out how to delete the pagefile.sys?? Im getting that and also a hiberfil.sys that will not let me change or delete. I need help

      Delete
    2. is avscanner.ini a virus file?

      Delete