Thursday, 24 October 2013

Checking for virus/malware : using CMD -part 1-


Do you know that you can actually check your hard drives or flashdisks if it is infected by a virus using the Microsoft Command Prompt or cmd or command prompt? ~too many names it has~ I won't be explaining about what cmd is for I don't have a slightest idea what it is. Sappari wakaranai. ~mind you! Genius learns by instinct, don't have to learn from basic... JK~.Simply saying, you can google them if you wanna know what the hell is cmd.

Just by looking at the attributes for each file, you can identify which among of the files is virus ~if you are familiar with it, that's it~. How can I know it's a virus? Normally, virus has a strange name, the name also sounds stupid, funny and nonsense ~google~. For examples;

∩o0R|ªN .ú|▒" "v{Ñzövó▀.ƒxV
Ω╗+║ F■l.qα

Just in case, if you are unsure, you have google. So search for it or google the name. There's no way in hell I can explain every single thing about virus. I'm a genius being with a lot of weaknesses *sigh*

Since some of the virus cannot be deleted by antivirus because of it's attribute (read-only, system, hidden), you need to "force" delete the virus. You might as well check if your antivirus is functioned correctly.

Ignore all those long stupid nonsense introduction. Let's get down to business.
I don't have a real sample of infected laptop, so I just use mine as sample. And use different location or drive just to show you how it is done. The process is just the same.


START -> RUN -> type cmd in the box.


* right-click, run as administrator also can be used.

There are several ways you can check using cmd. We go slowly. 

Once the cmd windows appear, type in cd\ --> hit ENTER (this is a root directory and frequently targeted by virus/malware).

After that, type attrib and hit ENTER. It will list files in your root folder. 

Just in case you are lost, this is the indicator of the "mystery letter".

S = System (the file cannot be deleted using delete command)
H = Hidden (so you won't be able to find & delete it)
R = Read-only (also cannot be deleted using delete command)

Since I am using my system, I didn't find any suspected virus/malware yet. Here's a sample of infected drive;

waa..I see typo. It supposed to be *infected
Both Autoexe.bat and autorun.inf are viruses. You need to delete both. 

The sample above shows that, both of the viruses have no SHR attributes. 

That means, you can locate them and delete both of the viruses manually. 

It's recommended to delete them permanently without moving them to the recycle bin. How? --> Here

If you can't view the files, you need to unhide the files first.

We will use autorun.inf as the sample.
* Since I don't find any virus with SHR attributes, I have to make up that autorun.inf with SHR attribs just to show you how it is done.

We change the attributes of the suspected virus so that we can delete it manually. 

1) Type attrib -s -h -r autorun.inf
2) To ensure the changes have been commited, type attrib again to check.

The SHR attributes is no longer there.
3) Now that you see the autorun.inf has no attributes, go to the location, and delete it manually. 

4) Or you can delete it using command by typing del autorun.inf

5) If you find any other virus, just repeat steps above by changing the name.

Well, I do have antivirus, but I don't solely rely on AV. Sometimes, I do my own inspection just in case there are undetected virus. Usually after installing a new application ~who knows maybe I accidentally installed the malware too~

To be continued...

> Using CMD - Part 1 <
Using CMD - Part 2 <

P/S : Aiyark! This post is quite long... aa '3'
Warning Shots:


  1. some word is missing and not clear. .

    1. Maximize cmd hope this will work


Related Posts Plugin for WordPress, Blogger...

sum o' spies