Professional Documents
Culture Documents
Now, follow the steps below to delete viruses from your computer or storage device
using CMD.
Step 1. Type cmd in the search bar, right-click "Command Prompt" and choose
"Run as an administrator".
Step 2. Type F: and press "Enter". (Replace "F" with the drive letter of the infected
partition or device.)
Step 4. Type dir and hit "Enter". Now you will see all the files under the assigned
drive. (The dir command displays a list of a directory's files and subdirectories.)
Step 5. For your information, a virus name may contain words like "autorun" and with
".inf" as the extension. Thus, if you find such suspicious files, type del autorun.inf to
remove the virus.
R – represents the "Read-only" attribute of a file or folder. Read-only means the file
cannot be written on or executed.
H – the "Hidden" attribute.
A – stands for "Archiving" which prepares a file for archiving.
S – the "System" attribute changes the selected files or folders from user files into
system files.
I - "not content indexed file" attribute.
ATTRIB [+R | -R] [+A | -A ] [+S | -S] [+H | -H] [+I | -I] [drive:][path][filename] [/S [/D]
[/L]]
Type the drive letter of the partition from where you want to remove the
virus followed by “:“and press Enter. It will alter the target drive in the
command prompt.
d:
This means any task you will be performing onwards will remain inside that
partition. You will also notice that the drive will be set to your preferred
driver letter (representing that drive), in the command prompt.
You can check the root directories in the current drive by typing dir [Drive
letter]: in command prompt.
For example,
dir d:
#3. Use attrib command to display hidden files
Now to display all the hidden files on your system drive or external drive
use this command dir [drive letter]: attrib -s -h /s /d *.* without
colons.
For example,
This command will explore the selected drive and display all the files
including hidden and system files. You will notice lots of file info scrolling
through the command prompt window like this image below.
If your computer has been infected with a virus you will notice them in this
list. With a larger disk size, this list might grow you might need to spend
some time in it. In terms of small disks such as Pendrive, the observation
process takes less time.
If you find any unusual file in this list you can either rename it or remove the
virus from your system.
Basic attributes:
Step 2: Now go to the drive you want to scan for shortcut (autorun.inf)
virus. Either use [drive letter]: or use cd.. to go to your drive.
cd..
attrib -h -r -s autorun.inf
Step 6: Now open windows explorer and check whether those files are
deleted or not.
But what if you want to scan a particular folder and remove virus using cmd
while making sure that it does not end up losing important files.
Now open the command prompt with as administrator and propagate to the
folder you want to delete :
cd C:\Users\"username"\Documents\Test
If you add a folder name it will force delete all the files in the folder. To
delete individual files include the file name in the directory address. Switch
between folder and file deleting command to find out which one can delete
the infected folder/file.
** This process is useful to delete files that are undeletable as a guest user.
If you have deleted files from your computer unintentionally and want to
recover those files then follow this procedure.
#2. It will display the list of shadow copies created along with their date.
What you need to do is copy the shadow copy volume link for which the
date covers your file deletion date.
“shadow” = it’s just the name of the symbolic link (shortcut) that is going to
be created in your given directory (which is c:\ here). You can put any other
name that does not already exist in the directory.
#6. Now open the directory (c:\) in explorer where you have created the
shortcut and look for the folder(shadow).
#7. Open the shortcut and find the directory from where you have deleted
your files previously. You should find your deleted files there.
#8. Now move the files to your actual folders and thus your files will be
recovered.