Microsoft Command Prompt “attrib” is a handy tool to check if your hard drive, even your flash disk files, are infected or not.

You will know if Malware is on your hard drive just by looking at the properties of each file and the file has the properties of + s + h + r

Attrib function is to install and remove file attributes ( read-only, store, system, and hide ).

Run boot

To start allocating

  1. Press the Windows + R key combination to open the Run dialog box
  2. Type cmd   (cmd is command prompt)


  3. Press the Enter key

The Command Prompt will appear, giving us our location in the directory.

Command prompt shows the current location in the directory.

Use the attrib command prompt.

Use attrib

  1. Go to the root directory by typing cd (as this is always the target of Malware / Virus)

2. Type attrib   and press the Enter key

after importing attrib, all properties of all files (excluding folder) will be displayed

In this example, I have two files that are considered malware.

Note that there are two files I outlined in red ( SilentSoftech.exe and autorun.inf ). Since you cannot see this file nor delete it (because the attributes already set on these files are + s + h + r )

  1. + s – means it’s a file system (also means you can’t delete it just using the delete command)
  2. + h – means it’s hidden (so you can’t delete it)
  3. r – means a file is read-only (means you can’t delete it just by using the delete command)

Now we need to set the properties of autorun.inf to -s -h -r (let us delete it ourselves).

  1. Type attrib -s -h -r autorun.inf (definitely include -s -h -r since you can’t change attributes using only -s or -h or -r alone)
  2. Type attrib   again to check if your changes were committed
  3. If the autorun.inf file has no other properties; you can remove it by typing del autorun.inf
  4. Since SilentSoftech.exe is malware, you can remove its properties by doing step 1 and step 3 (just changing the file name), for example. attrib -s -h -r silentsoftech.exe

a) I typed attrib command with -s -hr setting b ) the result after I press Enter – autorun.inf has no attributes left

There you have it !!!!

NOTE: when autorun.inf resumes even though you have deleted the video, be sure to check your Task Manager by pressing CTRL + ALT + DELETE (a virus is still running as a process. That’s why you can’t delete it.KILL the process first by selecting it and clicking End Process.

Note: You can also apply the attrib -s -h -r command to all computer partitions, drive D: drive E: drive F: (all your drives) for example. For D drive, just type ” D: ” (minus the quotes), then you can see that your current drive is D .. type their command ” attrib -sh -r * .exe ” for these exe files and ” attrib -sh -r * .inf   “And then delete the files by” del autorun.inf “.