Remove Virus From USB Or Any Drive On Windows 10 Using CMD

Reviewed By Expert : Harini

Remove Virus From USB Or Any Drive On Windows 10 Using CMD

Many viruses change the properties of a file or folder and make them very difficult to access. Some of the properties that change on a file or folder are the read, write, or execute permissions on that file. Using one of the cmd commands ‘attrib’, we can try our hands at changing the attributes of a file and resetting the internal structure of the file to recover a file.

How is a virus different from other files in Windows? A virus can exist in your system as a file format with the following properties:

How is a virus different from other files in Windows

  • A file is hidden from a user
  • A virus can exist in the form of an ‘autorun’ or ‘Autoexec’ file
  • A virus can be an exec file
  • A file with different attribute permissions

Some well-known examples of the above types of viruses are:

  • Autorun. inf
  • Ravmon.exe
  • New Folder.exe
  • svchost.exe
  • Heap41a

Remove Virus Using CMD from USB/ any Drive on Windows 10:

To remove viruses using cmd, we use a well-known cmd command called the ‘attrib’ command.

As can be easily guessed from its name, the ‘attrib’ command represents various attributes of a file, folder, or directory. This command is mainly responsible for displaying, setting, and removing various properties of a file or folder such as read-only, archive, system, and hidden properties.

Using this command, we change the attributes assigned to a file and try to recover our file.

Basic attributes of the ‘attrib’ command which we will use later:

R – R is the “READ-ONLY” attribute of a file or folder. “READ-ONLY” means that the file cannot be written to or executed.

H – H is the “HIDDEN” attribute.

A – Similarly, A stands for “ARCHIVE” which prepares a file for archiving.

S – The S attribute changes the selected files or folders from a user file to a system file by giving the file the “SYSTEM” attribute.

“attrib” Syntax:

ATTRIB [+ attribute | – attribute] [pathname] [/S [/D]]

In the above command, let’s see what the various parameters and switches are:

‘+ / -‘ : To enable or disable the specified attribute.

‘attribute’: by explained formerly

‘/S’: Search across the entire path including subfolders

‘/D’: Enter any process folder

‘pathname’: The path where the target file or folder is located.

Here is the proper syntax for the attrib command:

ATTRIB [+R | -R] [+A | -A ] [+S | -S] [+H | -H] [+I | -I] [drive:][path][filename] [/S [/D] [/L]]

Let’s begin:

I transfer an ‘autorun.inf’ virus from my USB drive to my D: drive and delete that virus from my D: drive.

  • Run command prompt as administrator
  • I am going to change the drive to D: drive because of the autorun.inf virus is in my D: drive. Type it as D: and press enter.
  • type attrib and press enter. This command will list all the files in the current drive and you can clearly see the autorun. Information virus is listed below.
Remove Virus

To remove viruses using CMD, type attrib -r -a -s -h . in your command prompt and press Enter.

This will remove read-only, archived, system, and hidden file attributes from all files.

  • r-r is for removing the “read-only” files
  • a-a is for removing the “archive” file
  • s-s is for removing the “system” file
  • h-h is for removing the “hidden” file
  • *.* for all the files with all different types of file extensions
Remove Virus
  • Note that this command only removes different attributes from different files. However, the files will still exist. Now it’s time to delete the virus. Therefore, to delete the virus, type del autorun.inf and enter
Remove Virus
  • After you press enter, that file should be deleted from the current drive. If you want to delete that file from a USB stick, you can change your current drive to USB Drive current drive in step 2 and follow the instructions.
  • You can type the ‘attrib’ command again to see if the deleted file exists or not. As seen above, it no longer exists on the D drive.
  • To remove other viruses with extensions like ‘.ink’, ‘.exe’, type Del *.ink or Del *.exe Delete those suspicious files respectively.

Frequently Asked Questions

Can the CMD virus be removed?

CMD helps you achieve your goal of virus removal by showing hidden viruses on a partition or drive. After that, you can delete suspicious files. Since viruses are always hidden, you have to make them appear and delete the virus files.

How do you clean a USB?

Dampen a cotton ball with isopropyl alcohol and insert it into a USB port to remove stubborn dust and sticky messes. Wipe the inside of the port, including the connections.

You may also like: 8 Best Malware Removal Tools for Windows 11

Leave a Reply

Your email address will not be published. Required fields are marked *