This guide explains how you can remove viruses with cmd from your PC. Below, you’ll find the steps on How to Remove Virus using CMD in Just 4 Easy Steps.
Virus, malware, trojan! They could be very damaging to your folder or file storage and run the system operating on your PC. Most of these malware-infected files are introduced to your computer via internet browsing USB drives, null or unidentified software installations, and phishing emails, for example.
They can destroy your PC by taking up your PC’s memory and disk space, making the OS slow. In addition, affected files could damage important Operating System files. System files are crucial to an Operating System and its related installed applications. In the event of their destruction or loss, it can cause programs to cease to function as intended by they should. OS.
Certain viruses can take your personal information as well as credit card information. Whatever the reason, it’s vital to protect your computer from these calamities.
Also Read: How To Verify Card on OnlyFans?
How to Remove Virus using CMD in Just 4 Easy Steps
We all have antivirus software installed or the default Windows security (in Windows OS) on our computer to guard the PC against this malware. Antivirus scans your system for malware in real-time and informs you to take steps as soon as it detects the files in question.
There is a second method of removing viruses from your computer with the help of a command prompt. It’s not a simple plug and play method that scans for viruses and removes viruses from your PC with one click. Instead, you’ll have to comprehend the order of commands and then appropriately apply them.
This article will discover how to get rid of viruses by using cmd without using the installed antivirus program on your PC.
Also Read: How To Cancel FuboTV Subscription
Is it an appropriate idea to eliminate Viruses with CMD?
The antivirus programs are excellent; however, they consume lots of memory and CPU resources while operating in the background. This method of removing viruses by using CMD is a manual process; however, once you can master it, this technique it’s a great option to use in conjunction with the Antivirus tool.
- You’ve got your antivirus software, but you want to try this method of identifying the infected files on your system.
- Command lines aren’t able to detect and eliminate viruses in a flash. Command Prompt assists you to accomplish the task of identifying the Virus that is hidden within an external storage device or partition device. You can then delete the suspicious files.
- The Virus hides, and, at times, it’s hard to get them to appear and remove the affected files. It is possible to expose hidden virus files using Attrib, an attrib command within CMD.
Tip The primary function behind this attrib command is to delete and change attributes of files like read-only, system, hidden or archive. Removing an attribute known as the ” hidden” characteristic of viruses makes them visible within folders. After they are visible, the next step is to remove these from your directory.
How do I scan for viruses with CMD?
To test your PC for malware with the Command-Line tool, you have to adhere to these guidelines:
#1. Open the command prompt as an administrator.
#2. Enter the command sfc /scannow within cmd, and then press Enter.
#3. You must wait for the verification process to be completed; it could take a few minutes, depending on your system drive size.
#4. After the process is completed, you will receive this output at the command prompt if the scan process fails to discover infected files or viruses.
Methods to eliminate viruses by using CMD
#1. Start command prompt using admin privileges
In the Windows search bar, type cmd. The command prompt will appear. Right-click on it to begin it as an administrator.
The command prompt that you run with administrator privileges is crucial as it allows you access to the system’s data files which aren’t accessible to guests.
After the command prompt has started, you must select the drive you wish to eliminate viruses.
#2. The drive letters should be set from the point you wish to eliminate the Virus
Write the drive’s letter for the partition you wish to eliminate the Virus, followed with “:“and press Enter. The Virus will alter the drive at your command prompt.
The instruction is:
The task you’ll be working on later will be contained within that partition. It is also possible to see that the drive is configured to your preferred driver letter (representing the drive) within your command prompt.
In the command prompt, you can look up the drive’s root directories by entering dir[Drive letters].
#3. Use the attrib command to show hidden files
To show all secret files stored on your system drive or an external drive, you can use this command:”dir [drive letters]”: +h /s *. *, without colons.
dir d: attrib -s -h /s /d *. *
This command will search the drive selected and show all files, including system and hidden files. You’ll see a lot of information about files floating around the command prompt, like the image below.
#4. delete/rename virus files stored on your PC
If your computer is affected by a virus, you’ll see them on this list. If you have a bigger disk, the list could grow. It is possible to invest an hour or so in it. With regard to smaller disks like Pendrive, observing is less time-consuming.
If you spot a strange file in this list, you may either change its name or eliminate the malware from your system.
If, for instance, you’ve discovered an infected call to autorun.inf You must use this format to rename your file. Rename the file using [filenamefilename. [extension][new name for file[extension][new name for file
Rename autorun.inf deleted
And if you want to remove virus using cmd use this format: del[filename][extension] or del: [filename]. Both work well.
What are the characteristics associated with Attrib? Attrib command?
The syntax of the command attrib will be: Attrib [+ attribute | [- attribute] [pathname] [D]
Its parameters, as well as the switches utilized for this operation, are
“+ or -‘: To change or deactivate the attribute.
“attribute” Check under the attribute section.
“/S” Searching the entire path, which includes subfolders.
“/D” covers any folder in the process.
‘ pathname‘ refers to the address where the desired directory or file is located.
R It represents the ” Read-only” attribute of an individual directory. Read-only indicates that the file can’t be written to or executed.
H It is its ” Hidden” attribute.
A stands for ” Archiving“, which prepares the file to be archived.
S– the ” System” attribute changes the selected folders/files from user files to system files.
I– refers to the ” not content indexed file” attribute.
How do I remove the shortcut virus by using cmd?
You may have noticed that some files on your pen drive are converted into shortcuts. It is a form of Virus that’s common. You can eliminate it from your computer by following the steps listed below.
Step 1. Start cmd as an administrator.
Step 2. Go to the drive you want to search for shortcut (autorun.inf) Virus. You can either use [drive name] or the command cd.. to go to your drive.
For instance, navigate to “d” drive-by using
If you’d like to access the base of the drive, you can do this:
Step 3. Type the following command to search in the search for autorun.inf malware files.
attrib -h -r -s autorun.inf
Suppose Windows cannot locate autorun.inf file, then cmd will show the file as File Unknown Found -autorun.inf. If not, move with the following step to eliminate this Virus out of your folder.
Step 4 Enter the del autorun.in command to delete the file.
Step 5 to delete all shortcuts, type the “del” *.lnk command and hit enter.
Step 6 Now, open Windows Explorer and verify whether the files have been deleted or not.
An alternative method to eliminate Viruses by using cmd
The last time you were there, you went to a directory and exposed the entire directory and then tested whether you found any suspicious or virus-ridden files.
But what happens if you wish to run a scan on a particular directory and eliminate viruses with cmd while making sure you don’t end up damaging important documents.
Please follow the following steps:
- Then, open the folder that holds the Virus.
- Start the property window for the folder (shortcut alt + Enter).
- In the property windows, if you see that the “size” is smaller than “size on disk” “size in the disk”, then it’s possible to retrieve the deleted information from the folder.
Then, open the command prompt as administrator. Then, you can propagate the command prompt to the folder that you would like to remove :
Tip Use the Tip to replace your username with the current log-in user (also make use of your folder address which has the Virus).
Execute this command:
del /s /q [folder-name/file name]
If you create the name of a folder, it will cause the deletion of all files within the folder. To erase individual files, including the name of the file inside the directories address. Change between the folder and file deletion commands to determine which can be used to delete the infected file or folder.
** This procedure can be useful in deleting files that are not deletable for guest users.
If you have unintentionally deleted files from your computer and want to recover those files, then follow this procedure.
How do you recover deleted files with CMD?
#1. Then, open the command prompt, and enter: vssadmin List shadows
#2. It will show the list of shadow copies that have been created and their dates. You have to take care of copying the volume of shadow copies link. The date corresponds to your deletion date.
#3. You must create a symbolic link by using this command to do this.
#4. First, you must change the directory by entering “cd” at the prompt for command.
#5. Type mklink /d c:\shadow \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2 in the command prompt and press enter.
” shadow” is what the word is for the symbolic link (shortcut) that’s going to be made within the directory you’ve specified (which is c. here). You may use any name you want that isn’t already present within the directory.
“\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2” = this is the shadow copy volume address collected from the shadow list.
#6. Then open the folder ( c:\) in the explorer program where you created the shortcut. Search at the directory( shadow).
#7. Navigate to the shortcut and locate the directory where you deleted your files in the past. There should be deleted files in there.
#8. Move the files into the actual folders. This way, you will have your data restored.