Scribd
Upload
248 views

Attrib Command Syntax: Attrib (+R - R) (+s - S) (+H - H) (+C - C) (Filename)

This document discusses using the Windows "attrib" command to check for viruses or malware on a system. It explains that some viruses will set file attributes of +s +h +r to hide themselves. The document provides steps to use attrib to check file attributes and remove hidden attributes from suspicious files to allow their deletion. It highlights two example files considered malware based on their attributes. The steps shown remove attributes from these files so they can be deleted to remove the malware.

Uploaded by

avgarces183
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
248 views

Attrib Command Syntax: Attrib (+R - R) (+s - S) (+H - H) (+C - C) (Filename)

This document discusses using the Windows "attrib" command to check for viruses or malware on a system. It explains that some viruses will set file attributes of +s +h +r to hide themselves. The document provides steps to use attrib to check file attributes and remove hidden attributes from suspicious files to allow their deletion. It highlights two example files considered malware based on their attributes. The steps shown remove attributes from these files so they can be deleted to remove the malware.

Uploaded by

avgarces183
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Attrib Command Syntax

Whats with the x and a options?

Attrib Command Syntax:

attrib [+r|-r] [+s|-s] [+h|-h] [+c|-c] [filename]

 +r = This assigns the read-only file attribute to the file or directory.


 -r = This removes the read-only attribute.
 +s = This assigns the system file attribute to the file or directory.
 -s = This removes the system attribute.
 +h = This assigns the hidden file attribute to the file or directory.
 -h = This removes the hidden attribute.
 +c = This assigns the compressed file attribute to the file or directory.
 -c = This removes the compressed attribute.
 filename = This is the file or directory that you are wanting to change the attributes of.

Using command prompt "attrib" to check for


Viruses or Malware
Microsoft Command Prompt "attrib" is a very useful tool to check if your hard drives even your
flashdisks have been infected by a virus.

You will know if a Malware is inside your hard drive just by looking at the attributes of each
files and the file that has the attributes of +s +h +r

The function of attrib is to set and remove file attributes (read-only, archive, system and
hidden).

Launch attrib

To start attrib

1. Go to Start Menu > Run


2. Type cmd (cmd stands for command prompt)
3. Press Enter key

The Command Prompt will appear showing us where is our location in the directory.
command prompt showing the current location in the directory

Using attrib

To use attrib

1. Go to the root directory first by typing cd\(because this is always the target of Malware / Virus)

2. Type attrib and press Enter key

after typing attrib, all the attributes of all the files (excluding folders) will be shown

 How to Delete a Virus in your USB drive or Flashdisk


Simply put a Virus is a Malicious Software (MalWare) created by people who wants to
destroy.. - 2 days ago

 Philippine Charter Change - Cha Cha

Cha - Cha or Charter Change is the process involved in amending the 1987 Philippine
Contitution. - 2 weeks ago

 How to protect your family against Swine Flu or AH1N1

AH1N1 is a new strain of flu virus, although flu virus is always with us (because they are
air borne) this new strain a more dangerous compared to a normal flu. - 15 months ago

In this example, I have two files that are considered as malware.

Note that there are two files which I outlined in red (SilentSoftech.exe and autorun.inf). Since
you cannot see this file nor delete it (because the attributes that was set on these files are +s +h
+r)

1. +s - meaning it is a system file (which also means that you cannot delete it just by using the
delete command)
2. +h - means it is hidden (so you cannot delete it)

3. +r - means it is a read only file ( which also means that you cannot delete it just by using the
delete command)

Now we need to set the attributes of autorun.inf to -s -h -r (so that we can manually delete it)

1. Type attrib -s -h -r autorun.inf ( be sure to include -s -h -r because you cannot change the
attributes using only -s or -h or -r alone)
2. Type attrib again to check if your changes have been commited
3. If the autorun.inf file has no more attributes, you can now delete it by typing del autorun.inf
4. Since SilentSoftech.exe is a malware you can remove its attributes by doing step 1 and step
3(just change the filename) ex. attrib -s -h -r silentsoftech.exe
a) I typed the attrib command with the -s -h -r setting b) the result after I pressed enter - autorun.inf has
no attributes left

There you have it!!!!

NOTE : when autorun.inf keeps coming back even if you already deleted it, be sure to check
your Task Manager by pressing CTRL + ALT + DELETE ( a virus is still running as a
process thats why you cannot delete it. KILL the process first by selecting it and clicking End
Process.

NOTE: You can also apply the attrib -s -h -r command to all the partition of your computer,
drive D: drive E: drive F: (all of your drives). For example. for drive D, just type "D:" (minus the
double quote) then you can see that your current drive is D.. type there the command "attrib -s
-h -r *.exe" for exe files and "attrib -s -h -r *.inf" and then delete the file by "del autorun.inf".

You might also like