How to Remove virus from USB Flash Drive using Command prompt?
Viruses are usually spread across multiple computers using USB Flash drives, external media, connected networks and the internet. If a USB drive is infected with a virus, it will get activated when we open the USB drive on our computers. There are many types of viruses and they behave in many differentiated ways. These viruses are Dangerous, It can drag our system down, can erase very important files, or give hackers access to our personal information. But don't worry, today we are here to learn how to remove these viruses from USB flash drives and repair our infected drives using command prompt.
» Basic understanding.
» Open command prompt.
» Select Infected drive to remove Virus:
» List the virus present in the drive.
» Remove the attributes from the file.
» Remove the virus from drive.
» TIP: Disable auto run functionality in Windows.
Basic understanding before starting.
Using command prompt we can remove viruses from our USB drive, memory card, in fact, any drive in a windows computer using CMD. We will use a famous CMD command known asattrib. before using it, it's better to have a basic knowledge about this command.
Here are the basic attributes of theattrib command which we will use to remove the virus from drive.
» R - R represent the "Read only" attribute of a file or folder. Read only means the file cannot be written or executed.
» H - H stands for the "Hidden" attribute.
» A - A stands for "Archiving" which prepares a file for archiving.
» S - S attribute changes the selected files or folders into a system file from a user file by assigning the "system" attribute to that particular file.
Here is the syntax to use attrib command.
attrib[+attribute | -attribute][pathname][/S[/D]]
In above syntax, Let's see what the different parameters and switches are:
» +/-: To enact or to cancel the specified attribute.
» attribute: As explained above.
» pathname: Path where the target file or folder is located.
» /S: Searching throughout the entire path including subfolders.
» /D: Include any process folder.
Now we have the basic understanding of attrib command so let's move on and try to remove the virus from our infected USB Drives.
Open command prompt:
We can open command prompt or CMD using two ways:
1 » Click the window icon or press window key. search for cmd or command prompt and run it as Administration.
2 » Press Window key + R , A dialog box will open, type cmd in text area to open the command prompt. type cmd and press enter.
Select Infected drive.
We need to select the drive that is infected with virus. In my case I need to remove the virus from my USB flash drive (G). where G is the drive letter of my USB flash drive. In order to select the drive, TypeG: in command prompt and press enter. It will take us to G drive.
List the Virus present in Drive.
Type the command attrib and press enter. It will list all the files present in the drive including the virus that infect our drive. In my drive there is virus named "autorun.inf".
Mostly USB Drive are infected with autorun.inf virus. When the drive is infected with this type of virus, whenever we insert the USB in system, the virus files start to execute and infect our system. It further replicates itself onto the PC by creating a number of copies of autorun.inf and .exe files on all drives of our system. If infected, the malwarecovertly directs the user to malicious websites. It might also install a key logger on to your PC that can capture your web site activity, login credentials usernames, passwords, account numbers, credit card details and other personal and sensitive information. An autorun virus must be removed from a PC for it to be safe to use.
Remove attributes from the files.
Type the following command in command prompt and press enter.
attrib -r -a -s -h *.*
Above command will remove the Read only, Archive, System and hidden file attribute from all the files present in the drive. (*.* for all the files with different types of file extensions.).
Remove the Virus from drive.
We can't delete the virus easily; do you know why? because there are some attributes that don't let us to delete the virus. But using Above step, we have successfully remove all the attributes from the virus file. And now we can easily delete the virus from our drive. In order to delete the virus, type the following command and press enter.
Above command will delete the autorun.inf virus from drive. If the drive is infected with some other virus then replace autorun.inf with other virus extensions such as *.ink or *.exe to delete those suspicious files.
Disable Auto Run Functionality in windows.
When we insert the Infected USB drive in our system and open it, the virus will be activated because of auto-run functionality. Windows looks for autorun.inf file in the USB drive and activate it. The autorun.inf file contains information about which program to run when the USB flash drive is opened. When we open the USB drive, the viruses tend to push their information in the autorun.inf file and then execute automatically from there. The safest way to use the USB flash drives without infecting our own system is to disable the Auto functionality of windows.
To disable auto run functionality in windows, follow the given steps.
1 » Press Window key + R , A dialog box will open, type gpedit.msc in text area and press enter. This will open the Group policy editor.
2 » Navigate to computer configuration » Administrative templates » windows components » Autoplay policies.
3 » In the right hand pane, Double click at Turn off Autoplay setting.
1 » Enable the turn off AutoPlay.
2 » Apply the setting.
We successfully turn off Autoplay functionality in Windows. This will prevent windows from automatically using autorun.inf file in the USB drive.