cmd

How to check Virus or Malware on the computer with the command “Attrib”

Microsoft Command Prompt “attrib” is a very useful tool to check if your hard drive even your flashdisk files are infected or not.

You will know if a Malware is on your hard drive just by looking at the properties of each file and the file has the properties of + s + h + r

Attrib function is to install and remove file attributes ( read only, store, system and hide ).

Run boot

To start allocating

  1. Press the Windows + R key combination to open the Run dialog box
  2. Type cmd   (cmd is command prompt)

    cmd

  3. Press the Enter key

The Command Prompt will appear giving us our location in the directory.

Command prompt shows the current location in the directory

Use attrib command prompt.

Use attrib

  1. Go to the root directory by typing cd (as this is always the target of Malware / Virus)

2. Type attrib   and press the Enter key

after importing attrib, all properties of all files (excluding folder) will be displayed

In this example, I have two files that are considered malware.

Note that there are two files I outlined in red ( SilentSoftech.exe and autorun.inf ). Since you cannot see this file nor delete it (because the attributes already set on these files are + s + h + r )

  1. + s – means it’s a file system (also means you can’t delete it just using delete command)
  2. + h – means it’s hidden (so you can’t delete it)
  3. r – means a file is read-only (means you can’t delete it just by using the delete command)

Now we need to set the properties of autorun.inf to -s -h -r (let us delete it ourselves).

  1. Type attrib -s -h -r autorun.inf (definitely include -s -h -r since you can’t change attributes using only -s or -h or -r alone)
  2. Type attrib   again to check if your changes were committed
  3. If the autorun.inf file has no other properties, you can remove it by typing del autorun.inf
  4. Since SilentSoftech.exe is a malware, you can remove its properties by doing step 1 and step 3 (just changing the file name) for example. attrib -s -h -r silentsoftech.exe

a) I typed attrib command with -s -hr setting b ) result after I press Enter – autorun.inf has no attributes left

There you have it !!!!

NOTE: when autorun.inf resumes even though you have deleted the video, be sure to check your Task Manager by pressing CTRL + ALT + DELETE (a virus is still running as a process That’s why you can’t delete it.KILL the process first by selecting it and clicking End Process   .

Note: You can also apply attrib -s -h -r command to all partitions of the computer, drive D: drive E: drive F: (all your drives). For example. for D drive, just type ” D: ” (minus the quotes) then you can see that your current drive is D .. type there command ” attrib -sh -r * .exe ” for these exe file and ” attrib -sh -r * .inf   “And then delete the files by” del autorun.inf “.