Microsoft Command Prompt "attrib" is a very useful tool to check if your hard drives even your flashdisks have been infected by a virus.
You will know if a Malware is inside your hard drive just by looking at the attributes of each files and the file that has the attributes of +s +h +r
The function of attrib is to set and remove file attributes (read-only, archive, system and hidden).
STEP #1
Launch attrib
To start attrib
1. Go to Start Menu > Run
2. Type cmd (cmd stands for command prompt)
3. Press Enter key
The Command Prompt will appear showing us where is our location in the directory.
STEP #2
Using attrib
To use attrib
1. Go to the root directory first by typing cd\(because this is always the target of Malware / Virus)
2. Type attrib and press Enter key
In this example, I have two files that are considered as malware.
Note that there are two files which I outlined in red (SilentSoftech.exe and autorun.inf). Since you cannot see this file nor delete it (because the attributes that was set on these files are +s +h +r)
1. +s - meaning it is a system file (which also means that you cannot delete it just by using the delete command)
2. +h - means it is hidden (so you cannot delete it)
3. +r - means it is a read only file ( which also means that you cannot delete it just by using the delete command)
STEP #3
# Type attrib -s -h -r autorun.inf ( be sure to include -s -h -r because you cannot change the attributes using only -s or -h or -r alone)
# Type attrib again to check if your changes have been commited
# If the autorun.inf file has no more attributes, you can now delete it by typing del autorun.inf
# Since SilentSoftech.exe is a malware you can remove its attributes by doing step 1 and step 3(just change the filename) ex. attrib -s -h -r silentsoftech.exe
There you have it!!!!
NOTE : when autorun.inf keeps coming back even if you already deleted it, be sure to check your Task Manager by pressing CTRL + ALT + DELETE ( a virus is still running as a process thats why you cannot delete it. KILL the process first by selecting it and clicking End Process.
say thxx if u like