Buscar

Loading...

Páginas

Using command prompt "attrib" to check for Viruses or Mal ware

Using command prompt "attrib" to check for Viruses or Malware




he Command Prompt will appear showing us where is our location in the directory.



command prompt showing the current location in the directory
Using attrib
To use attrib
Go to the root directory first by typing cd\(because this is always the target of Malware / Virus)
2. Type attrib and press Enter key



after typing attrib, all the attributes of all the files (excluding folders) will be shown
Spanish Galleon Andalucia
The Spanish Galleon Andalucia visited the beautiful island of bohol from October 23-26,2010. -3 months ago
Uchiha Sasuke Team Hebi
Hebi (means snake) is a group of specialized shinobi created by Uchiha Sasuke having one goal in mind, and that is to kill his brother Uchiha Itachi. - 3 months ago
Microsoft Innovation with Microsoft Surface codename milan
Microsoft Surface (code name: Milan) is a multi-touch product from Microsoft, designed as a combination of software and hardware technology, which the user sends or more uses of digital content is being... - 4 months ago
In this example, I have two files that are considered as malware.
Note that there are two files which I outlined in red (SilentSoftech.exe and autorun.inf). Since you cannot see this file nor delete it (because the attributes that was set on these files are +s +h +r)
+s - meaning it is a system file (which also means that you cannot delete it just by using the delete command)
+h - means it is hidden (so you cannot delete it)

+r - means it is a read only file ( which also means that you cannot delete it just by using the delete command)

Now we need to set the attributes of autorun.inf to -s -h -r (so that we can manually delete it)
Type attrib -s -h -r autorun.inf ( be sure to include -s -h -r because you cannot change the attributes using only -s or -h or -r alone)
Type attrib again to check if your changes have been commited
If the autorun.inf file has no more attributes, you can now delete it by typingdel autorun.inf
Since SilentSoftech.exe is a malware you can remove its attributes by doing step 1 and step 3(just change the filename) ex. attrib -s -h -r silentsoftech.exe

0 comments: