Monday, 30 December 2013

Checking for virus/malware : using CMD -part 2-


The second method is kinda messy because you will have to change all the attributes of the files listed. Then after you are done, you might as well need to change it back to its original state ~lot of work to do, but if you know what you do, then no problem at all~. So I suggest you to just follow the first method. Just in case you want to know how the 2nd method is. I also don't like this method.

I don't have a real sample of infected laptop, so I just use mine as sample. And use different location or drive just to show you how it is done. The process is just the same.

Open the CMD. In the command, type the drive letter (C: or D: or E:) then hit ENTER.

In the next line, type dir /w/a and hit ENTER again.
There will be list of files shown including the hidden files.Then, identify the virus.

If you haven't found any, then that's fine. No need to progress. But once you found the virus, then continue the following steps.

We take IP84XCJ.exe as the sample.

In the next line, type attrib -s -h -r -a to remove the attributes of the files in the directory.
* This will apply the changes to all the files in you seleted directory (in this case, D:). Everything will be visible. Do you still want to do it?

Then, delete the virus by typing del IP84XCJ.exe and hit ENTER. Do the same to other virus (if any).


Even after deleting the virus, there are possibility it resides in the RECYCLER folder and you need to delete inside the folder too.

No worry. All you have to do is type in cd RECYCLER in the next command line. Type again dir /w/a to check if the virus is presented in the folder.

If you see the virus, then delete it just like the the previous step.

For some other viruses, they won't be coming back after you deleted them. But sometimes, there are stubborn viruses that keep coming back even after you deleted

Some also cannot be deleted because it is still used by other program. You need to find a program that is using the virus. If you know what is the program, then you can just terminate the program and progress on deleting the virus. If you are not sure, you can find it in taskmanager or msconfig. Terminate the program and continue deleting the virus.

Next, I'll post on how to check (and delete) virus using regedit. 


P/S : Woah! I never thought it will take this long. Should I post another method using cmd? I think nah! Enough with those two. They're all the same. Just by posting them gave me trouble. Budak genius sudah penat :p
Warning Shots:

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...

sum o' spies