Thursday, June 14, 2012

Command prompt "attrib" y como borar un virus


 

Si usted tiene un virus no se puede eliminar, o si su sistema no se inicia correctamente y usted sospecha que un virus es el problema, una solución recomendada es iniciar el equipo en modo seguro y ejecutar un análisis antivirus. Mediante la ejecución de su ordenador en modo seguro, no esenciales los procesos no se inician y no esenciales componentes están desactivados. En otras palabras, sólo los programas mínimos necesarios se cargará. Difícil de eliminar los virus, spyware y otro malware por lo general no tienen oportunidad de correr y romper el sistema y pueden más fácilmente ser eliminado.





Para ejecutar un análisis antivirus en modo seguro,
 debe tener el software anti-virus activo instalado en su ordenador.

Para ejecutar un análisis antivirus en modo seguro, siga estos pasos:

     Si el ordenador está encendido, apáguelo
     Encienda el ordenador
     Inmediatamente después de encender el ordenador, pulse repetidamente la tecla [F8] (aproximadamente una vez por segundo)
     En la pantalla de opciones avanzadas de Windows, utilice las flechas para seleccionar Modo seguro y Presss [Enter]
     Seleccione su sistema operativo actual y pulse [Enter]
     Seleccione el usuario que desea ingresar en (si procede)
     Cuando el sistema termine de iniciarse, haga clic en el botón Inicio en la barra de tareas
     Mueva el cursor sobre Todos los programas y vaya a su programa anti-virus (si no tienes uno?...dime)
     Haga clic en su programa antivirus ANTIV para ejecutarlo y seguir los pasos normales del programa anti-virus para ejecutar un análisis antivirus
     Después de la detección de virus es completa, eliminar todos los virus detectados
     Cerrar su software anti-virus
     Reinicie su computadora (se debe iniciar en modo normal)

 

 

Command prompt "attrib" to check for Viruses or Malware


Microsoft Command Prompt "attrib" is a very useful tool to check if your hard drives even your flashdisks have been infected by a virus.
You will know if a Malware is inside your hard drive just by looking at the attributes of each files and the file that has the attributes of +s +h +r
The function of attrib is to set and remove file attributes (read-only, archive, system and hidden).

Launch attrib

Open a Command window by going into START,
 RUN and type CMD hit enter

Then I went to the beginning of the hard drive by typing CD\ 
 and hit enter

Then I typed      ATTRIB *.* -h /s /d   and hit enter.

That unhides all your files the virus hid from you.

USE +h to hide all the file from desktop.

Or
For more information :
To start attrib
  1. Go to Start Menu > Run
  2. Type cmd (cmd stands for command prompt)
  3. Press Enter key
The Command Prompt will appear showing us where is our location in the directory.

command prompt showing the current location in the directory

Using attrib

To use attrib
  1. Go to the root directory first by typing cd\(because this is always the target of Malware / Virus)
2. Type attrib and press Enter key


after typing attrib, all the attributes of all the files (excluding folders) will be shown

  1. +s - meaning it is a system file (which also means that you cannot delete it just by using the delete command)
  2. +h - means it is hidden (so you cannot delete it)

  1. +r - means it is a read only file ( which also means that you cannot delete it just by using the delete command)
Now we need to set the attributes of autorun.inf to -s -h -r (so that we can manually delete it)
  1. Type attrib -s -h -r autorun.inf ( be sure to include -s -h -r because you cannot change the attributes using only -s or -h or -r alone)
  2. Type attrib again to check if your changes have been commited
  3. If the autorun.inf file has no more attributes, you can now delete it by typing del autorun.inf
  4. Since  a malware you can remove its attributes by doing step 1 and step 3(just change the filename) ex. attrib -s -h -r


a) I typed the attrib command with the -s -h -r setting b) the result after I pressed enter - autorun.inf has no attributes left
VERY GOOD!!!!
NOTE : when autorun.inf keeps coming back even if you already deleted it, be sure to check your Task Manager by pressing CTRL + ALT + DELETE ( a virus is still running as a process thats why you cannot delete it. KILL the process first by selecting it and clicking End Process.
NOTE: You can also apply the attrib -s -h -r command to all the partition of your computer, drive D: drive E: drive F: (all of your drives). For example. for drive D, just type "D:" (minus the double quote) then you can see that your current drive is D.. type there the command "attrib -s -h -r *.exe" for exe files and "attrib -s -h -r *.inf" and then delete the file by "del autorun.inf".

I hope this help you!!!!!   :)      Luis Ch.