iTech Solution
  • Blog
  • About iTech Solution
  • Contact Me
  • Disclaimer

Using Command Prompt (CMD) "attrib" to check for Viruses or Malware

5/4/2023

0 Comments

 
Using Command Prompt (CMD)
​Microsoft Command Prompt "attrib" is a very useful tool to check if your hard drives, even your USB flash drives, have been infected by a virus.
You will know if malware or virus is inside your hard drive just by looking at the attributes of each file. The function of attrib is to set and remove file attributes (read-only, archive, system, and hidden).

To start attrib, follow these steps:

Go to Start Menu > Run 
Type cmd (cmd stands for command prompt), then run as Run as Administrator 
Press Enter key​
Using Command Prompt (CMD)
Go to the root directory first by typing cd\ (because this is always the target of Malware / Viruses).
Using Command Prompt (CMD)
Type attrib and press Enter key. ​After typing attrib, the attributes of all files will be shown. 
Using Command Prompt (CMD)
In this example, we have two files that are considered malware. Note that two files were outlined in red (SilentSoftech.exe and autorun.inf). Since we cannot see these files nor delete them (because the attributes that were set on these files are +s +h +r).

+s - meaning it is a system file (which also means that you cannot delete it just by using the delete command) 
+h - means it is hidden (so you cannot delete it).
+r - means it is a read-only file ( which also means that you cannot delete it just by using the delete command) 

Now we need to set the attributes of autorun.inf to -s -h -r (so that we can manually delete it).

  • ​Type attrib autorun.inf –s –h -r  or attrib –s –h –r autorun.inf (be sure to include -s -h -r because you cannot change the attributes using only -s or -h or -r alone). 
  • Type attrib again to check if your changes have been committed. 
  • If the autorun.inf file has no more attributes, you can now delete it by typing del autorun.inf 
  • Since SilentSoftech.exe is a malware you can remove its attributes by doing step 1 and step 3 (just change the filename) ex: attrib silentsoftech.exe –s –h –r or attrib –s –h –r silentsoftech.exe

Note: When the autorun.inf keeps coming back even if you already deleted it, check your Task Manager by pressing CTRL + ALT + DELETE (a virus is still running as a process, that's why you cannot delete it. Kill the process first by selecting it and clicking End Process. 
0 Comments



Leave a Reply.

    ​PLACE YOUR ADS HERE
     Join and Subscribe to my Newsletter.
    It's FREE!

      EMAIL SUBSCRIPTION

    Subscribe to Newsletter
    ABOUT THE 
    ​
    BLOGGER
    www.itechsolutionph.com
    Hi, I'm Ralph Gregore Masalihit!
     
    An RFP Graduate (Registered Financial Planner Institute - Philippines).

    A Personal Finance Advocate. An I.T. by Profession. An Investor. Business Minded. An Introvert. A Photography Enthusiast. A Travel and Personal Finance Blogger (Lakbay Diwa and Kuripot Pinoy).
    ​
    ​Currently, I'm working my way toward time and financial freedom.
    CONNECT
    ​WITH ME

    ​Follow me on
    LINKEDIN
    ​FACEBOOK x
    itechsolutionph.com


    Tweets by itechsolutionph
    ​PLACE YOUR
    ADS HERE

    PLACE YOUR
    ADS HERE

    Categories

    All
    Adobe
    AI
    Amazon
    Amazon Web Services
    AMD
    Artificial Intelligent
    ASP
    Business
    CIMB
    Cloud
    Computer Programming
    Computer Troubleshooting
    Computer Virus
    Corporate
    Cybersecurity
    Domain Name
    E Books
    E-books
    Entrepreneur
    Facebook
    Finance
    GCash
    GCredit
    Google
    Google Adsense
    Google Analytics
    Google Philippines
    Information Technology
    Instagram
    Internet
    Investments
    Linux
    Macintosh
    Malware
    Meta
    Microsoft
    Monetization
    MySQL
    Nod.ai
    NVidia
    Oracle
    Oracle Certified
    PLDT
    Programming Language
    Search Engine Optimization
    SEO
    SERP
    Smart Communication
    Smartphone
    SQL
    SQL Server
    Tech Innovators
    Technology
    VBScript
    Web Hosting
    Website Builder
    Weebly
    Windows

    Archives

    March 2025
    February 2025
    January 2025
    December 2024
    November 2024
    October 2024
    September 2024
    August 2024
    July 2024
    June 2024
    May 2024
    April 2024
    March 2024
    February 2024
    January 2024
    December 2023
    November 2023
    October 2023
    September 2023
    August 2023
    July 2023
    June 2023
    May 2023
    April 2023
    March 2023
    February 2023

Copyright © 2011 - 2024 iTech Solution. All Rights Reserved.

For comments and suggestions, please send your email to the Web Administrator.

Should any problems arise with regard to your viewing experience, please report it to us. Thank you!


Designed and Developed by iTech Solution

  • Blog
  • About iTech Solution
  • Contact Me
  • Disclaimer