Salam

Selamat datang di Blog saya, sebelumnya melihat isi dari blog ini saya anjurkan anda untuk banyak berdoa, karena apa??? dengan berdoa kita akan selalu diberi keselamatan, kesabaran dll. dengan berdoa anda saya dan semuanya akan diberikesabaran, karena apa??? pasti anda akan kecewa melihat konten dari blog ini yang amat sanagt tidak membantu dalam segi apapun sehinggga anda akan merasa kecewa, marah dan tentunya akan melecehkan saya... heheh.... maka dari itu saya anjurkan bnyak berdoa agar diberi kesabaran amin amin.. bagi anda yang ingin Bekerjasama dengan saya secara off-line silahkan klik DISINI_CV. ENONG WIRAJAYA SANTOSA
Selamat Datang, Sugeng Rawoh, Welcome.. :) Belajar ngeblog     Enong Get Paid every Day enOng SUPER PROMO PAID EnOng   Spend Your Page    
  Free Website Hosting

Google Website Translator Gadget

Wednesday, April 13, 2011

Using command prompt "attrib" to check for Viruses or Malware

Microsoft Command Prompt "attrib" is a very useful tool to check if your hard drives even your flashdisks have been infected by a virus.

You will know if a Malware is inside your hard drive just by looking at the attributes of each files and the file that has the attributes of +s +h +r

The function of attrib is to set and remove file attributes (read-only, archive, system and hidden).
Launch attrib

To start attrib

1. Go to Start Menu > Run
2. Type cmd (cmd stands for command prompt)
3. Press Enter key

The Command Prompt will appear showing us where is our location in the directory.

Using attrib

To use attrib :

1. Go to the root directory first by typing cd\(because this is always the target of Malware / Virus)

2. Type attrib and press Enter key




n this example, I have two files that are considered as malware.

Note that there are two files which I outlined in red (SilentSoftech.exe and autorun.inf). Since you cannot see this file nor delete it (because the attributes that was set on these files are +s +h +r)

1. +s - meaning it is a system file (which also means that you cannot delete it just by using the delete command)
2. +h - means it is hidden (so you cannot delete it)
3. +r - means it is a read only file ( which also means that you cannot delete it just by using the delete command)

Now we need to set the attributes of autorun.inf to -s -h -r (so that we can manually delete it)

1. Type attrib -s -h -r autorun.inf ( be sure to include -s -h -r because you cannot change the attributes using only -s or -h or -r alone)
2. Type attrib again to check if your changes have been commited
3. If the autorun.inf file has no more attributes, you can now delete it by typing del autorun.inf
4. Since SilentSoftech.exe is a malware you can remove its attributes by doing step 1 and step 3(just change the filename) ex. attrib -s -h -r silentsoftech.exe


There you have it!!!!

NOTE : when autorun.inf keeps coming back even if you already deleted it, be sure to check your Task Manager by pressing CTRL + ALT + DELETE ( a virus is still running as a process thats why you cannot delete it. KILL the process first by selecting it and clicking End Process.

NOTE: You can also apply the attrib -s -h -r command to all the partition of your computer, drive D: drive E: drive F: (all of your drives). For example. for drive D, just type "D:" (minus the double quote) then you can see that your current drive is D.. type there the command "attrib -s -h -r *.exe" for exe files and "attrib -s -h -r *.inf" and then delete the file by "del autorun.inf".
at 8:12 PM
Labels:
Posted by En0ng

No comments:

Post a Comment

Silahkan Tulis Komentar anda

Subscribe to: Post Comments (Atom)