This tutorial explains how to remove virus using cmd from your computer. Below you will find the steps along with the image description.
Virus, malware, trojan! These can be harmful to your file/folder, storage as well as the operating system of your computer. Typically these types of malicious files enter your computer through internet browsing, USB drives, nulled or unknown software installation and phishing email links, etc.
Viruses wreck your PC by absorbing computer memory and disk space and thus make the OS lazy. Not only that, infected files can spoil crucial operating system files. System files are the most important for an Operating System and its related installed programs. Missing or damaging these files means the programs will fail to run as the OS.
Some viruses are capable of stealing your personal information and credit card details. Whatever the loss, keeping your computer safe from such calamities is extremely important.
We all install antivirus software or use default windows security (in Windows OS) in our system to protect the PC against these viruses. Antivirus scans the system for malicious files in real-time and reports to you immediately; if found such files, take action.
But there is another way to remove viruses from your PC using the command prompt. It’s not a plug and plays method to scan for viruses and delete them from your PC in one button click. Instead, you will need to understand the sequence of commands and apply them accordingly.
In this post, you will read how to remove virus using cmd without utilizing the installed antivirus software on your PC.
Is it a good idea to remove virus using CMD?
Antivirus tools are great but also eat a lot of CPU and memory resources while running in the background. Also, removing the virus using CMD is manual, but once you master it, it can be a great alternative to your Antivirus tool.
Apart from that,
- You have the antivirus software installed but want to try this unconventional method to identify infected files on your system.
- The command lines don’t check and remove viruses instantly. Instead, the command Prompt helps you to achieve the goal of finding hidden viruses on a partition or removable storage devices. Then, you can delete those suspicious files.
- Viruses conceal themselves; sometimes, making them appear and eliminating the infected files is difficult. Then you can expose potentially hidden virus files using the attrib command in CMD.
Tip: the primary purpose of the attrib command is to remove and set file attributes such as hidden, system, read-only, or archive. Canceling viruses’ “hidden” attribute will make them visible inside folders. Once visible, your next task would be deleting them from the directory.
Step 1: Scan virus using CMD
To scan your computer for viruses using the command-line tool, you need to follow these steps:
- First, start the command prompt as administrator.
sfc /scannowin cmd and press enter.
- Wait for the verification process to complete; it may take a couple of minutes, depending on your system drive size.
- Once the process completes, you will get the following output in the command prompt if the scanning process does not find any infected files or viruses.
Step 2: Remove virus using CMD
2.1 Start command prompt with admin privilege
On the windows search bar, type cmd and then right-click on the command prompt and start it as administrator.
Running the command prompt with administrator privilege is essential because you need to access the system files that are not visible to guest users.
Once the command prompt starts, you must select a drive from where you want to remove a virus.
2.2 Set the drive letter from where you want to remove virus
Type the partition’s drive letter from where you want to remove the virus followed by “: “and press Enter. It will alter the target drive in the command prompt.
The command is:
This means any task you will be performing onwards will remain inside that partition. You will also notice that the drive will be set to your preferred driver letter (representing that drive) in the command prompt.
Check in the image below;
You can check the root directories in the current drive by typing
dir [Drive letter]: in command prompt.
2.3 Use the ‘attrib’ command to display hidden files
Now to display all the hidden files on your system drive or external drive, use this command
dir [drive letter]: attrib -s -h /s /d *.* without colons.
dir d: attrib -s -h /s /d *.*
Then press Enter.
This command will explore the selected drive and display all the hidden and system files. You will notice lots of file info scrolling through the command prompt window like this image below.
2.4 Remove/rename virus files on your computer
If your computer has a virus, you will notice them in this list. With a larger disk size, this list might grow; you might need to spend some time on it. On the other hand, the observation process takes less time in small disks such as Pendrive.
If you find any unusual file in this list, you can either rename it or remove the virus from your system.
For example, you have found an infected file called autorun.inf you need to use this format for renaming the file: rename [filename].[extension][new file name]
Rename autorun.inf trashed
And if you want to remove virus using cmd use this format: del[filename][extension] or del: [filename]. Both ways work perfectly.
What are the attributes of the Attrib command?
The attrib command syntax is: Attrib [+ attribute | – attribute] [pathname] [/S [/D]]
The parameters and switches used in this command are:
‘+ / –’: To set or cancel the specified attribute.
‘attribute’: check in the attribute section.
‘/S’: Searching the entire path that includes the subfolders.
‘/D’: Cover any process folder.
‘pathname ‘: Address where the target file or folder is located.
R – it represents the “Read-only” attribute of a directory. Read-only suggests the file cannot be written on or executed.
H – it represents the “Hidden” attribute.
A – this stands for “Archiving” which prepares a file for archiving.
S – the “System” attribute modifies the selected files/folders from user files into system files.
I – stands for “not content indexed file” attribute.
How to remove shortcut virus using cmd
You might have noticed that sometimes files in your drive or pen drive become a shortcut. This is a common virus; you can remove it from your PC using the steps below.
Step 1: Start cmd as administrator.
Step 2: Go to the drive you want to scan for the shortcut (autorun.inf) virus. Either use [drive letter] or cd.. to go to your drive.
For example: go to “d” drive using.
And if you want to go to the root of c drive, use this:
Step 3: Now type this command to search for autorun.inf virus files.
attrib -h -r -s autorun.inf
Suppose Windows is unable to find autorun.inf file, then cmd will display File Not Found -autorun.inf. Otherwise, proceed to the next step: remove the virus from your directory.
Step 4: Type
del autorun.inf the command to delete those files.
Step 5: To delete all the shortcuts, type
del *.lnk the command and Enter.
Step 6: Now open windows explorer and check whether those files are deleted or not.
Alternate way to remove virus using cmd
Earlier all you did was go to a directory and expose all the files, and then try to check if you could find any viruses or suspicious files.
But what if you want to scan a particular folder and remove the virus using cmd while ensuring it does not lose important files?
Follow the steps below:
- Open the folder that contains the virus.
- Open the property window for that folder (shortcut: alt + Enter).
- In the property window, if the “size” is lesser than the “size on disk,“ it’s possible to recover the lost data from that folder.
Now open the command prompt as administrator and propagate to the folder you want to delete :
Tip: replace username with your current logged-in user (also use your folder address, including a virus).
Then execute this del command:
del /s /q [folder-name/file name]
If you add a folder name, it will force delete all the files in the folder. To delete individual files, including the file name in the directory address. Switch between folder and file deleting commands to find out which one can delete the infected folder/file.
If you unintentionally delete files from your computer and want to recover those files, then follow this procedure.
How to recover deleted files using CMD
- First, open the command prompt and type:
vssadmin List shadows
- It will display the list of shadow copies created along with their date. You need to copy the shadow copy volume link for which the date covers your file deletion date.
- Then you need to create a symbolic link with this command.
- First, change the directory by typing
cd\in the command prompt.
mklink /d c:\shadow \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2in the command prompt and press enter.
“shadow” = it’s just the name of the symbolic link (shortcut) that is going to be created in your given directory (which is c:\ here). You can put any other name that does not already exist in the directory.
“\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2” = this is the shadow copy volume address collected from the shadow list.
- Now open the directory (c:\) in explorer where you have created the shortcut and look for the folder(shadow).
- Open the shortcut and find the directory from where you previously deleted your files. You should find your deleted files there.
- Now move the files to your actual folders; thus, your files will be recovered.
📝 Similar Articles: if you liked this post, you might be interested in some of the following: