- Go to Start Menu > Run
- Type cmd (cmd stands for command prompt)
- Press Enter key
The Command Prompt will appear showing us where is our location in the directory.
- Go to the root directory first by typing cd\(because this is always the target of Malware / Virus)
2. Type attrib and press Enter key
after typing attrib, all the attributes of all the files (excluding folders) will be shown
In this example, I have two files that are considered as malware.
Note that there are two files which I outlined in red (SilentSoftech.exe and autorun.inf). Since you cannot see this file nor delete it (because the attributes that was set on these files are +s +h +r)
- +s - meaning it is a system file (which also means that you cannot delete it just by using the delete command)
- +h - means it is hidden (so you cannot delete it)
- +r - means it is a read only file ( which also means that you cannot delete it just by using the delete command)
Now we need to set the attributes of autorun.inf to -s -h -r (so that we can manually delete it)
- Type attrib -s -h -r autorun.inf ( be sure to include -s -h -r because you cannot change the attributes using only -s or -h or -ralone)
- Type attrib again to check if your changes have been commited
- If the autorun.inf file has no more attributes, you can now delete it by typingdel autorun.inf
- Since SilentSoftech.exe is a malware you can remove its attributes by doing step 1 and step 3(just change the filename) ex. attrib -s -h -r silentsoftech.exe
a) I typed the attrib command with the -s -h -r setting b) the result after I pressed enter - autorun.inf has no attributes left
NOTE : when autorun.inf keeps coming back even if you already deleted it, be sure to check your Task Manager by pressing CTRL + ALT + DELETE ( a virus is still running as a process thats why you cannot delete it. KILL the process first byselecting it and clicking End Process.
In this way you can delete any virus using command prompt...
No comments:
Post a Comment