Sunday, June 7, 2009

Remove autorun.inf virusus Using command prompt

Remove autorun.inf virusus Using command prompt

use "attrib" to check for Viruses or Malware

"attrib" is a very useful tool to check if your hard drives even your usb disks have been infected by a virus.

You will know if a Malware is inside your hard drive just by looking at the attributes of each files and the file that has the attributes of +s +h +r

The function of attrib is to set and remove file attributes (read-only, archive, system and hidden).

start attrib

To start attrib

  1. Go to Start Menu > Run

  2. Type cmd (cmd stands for command prompt)

  3. Press Enter key

The Command Prompt will appear showing us where is our location in the directory.

using attrib

To use attrib

Go to command prompt

1 then Go to the root of the directory first by typing cd\ then press enter.(because this is always the target of Malware / Virus)

2. Type attrib and press Enter key

+s - meaning it is a system file (which also means that you cannot delete it just by using the delete command)

+h - means it is hidden (so you cannot delete it)

+r - means it is a read only file ( which also means that you cannot delete it just by using the delete command)

Now we need to set the attributes of autorun.inf to -s -h -r (so that we can manually delete it)

  1. Type attrib -s -h -r autorun.inf in command prompt and press enter.( be sure to include -s -h -r because you cannot change the attributes using only -s or -h or -r alone)

  2. Type attrib again to check if your changes have been commited

  3. If the autorun.inf file has no more attributes, you can now delete it by typing del autorun.inf

Repeat these steps for removing virusus from the other partitions,external hard disks or usb drives.

NOTE : when autorun.inf keeps coming back even if you already deleted it, be sure to check your Task Manager by pressing CTRL + ALT + DELETE ( a virus is still running as a process. that’s why you cannot delete it. KILL the process first by selecting it and clicking End Process.use process killing softwares like runscanner or autoruns to view suspected can find these softwares under our freeware tools page.

No comments:

Post a Comment