Posts Tagged ‘partition hidden virus files removal’
How does PC usually get infected by a Virus ?
Have you formatted your PC and the next day, the same virus shows up again? This has happened almost to everyone, even that they have done the formating procedure right. The problems accrued on the second drive where people usually back up the documents, images, mp3, drivers and so on. Even that you might scan this drives many times with antivirus software, still there are files that can not be detected or they are triggered later.
The most common case of getting infected by the same virus, is when you double click on the unformated partition x: from my computer, where are located hidden files (usually a autorun.inf and a xxx.exe file) which gets activated when you double click on x:. HINT: always write the drive letter on the address bar in mycomputer and then press enter, dont double click on the drive letter, by this way those nasty autorun.inf viruses will never get activated. Also beware with USB flash drive, because they usually care the same viruses after you format your PC.
There is a way to check if there are hidden viruses on a partition or drive. This can be done easily from Command prob. Click Start and Hit the RUN command. on the run box write cmd and hit OK. The command prompt will be shown. write the drive letter you want to check for virus, for example d: , and your going to be transferred to the root of that drive and the last line should look like this: D:>/.
The next command you should write is attrib and then press enter. A list of files located on the root will be shown, and before the files name there will be files attributes like A S H R …. I did an attrib command on my USB drive, and here are the results:
You can see there is an autorun.inf file, and if you try to delete it by typing delete autoron.inf you cant do it. Fist o dont want to delete it, but i want to see how what the autorun does when it gets activated. I can do this by typing: notepad autrun.inf . The notepad will be opened and you can see which file is being used to activate the virus. Here is the text on my autorun.inf.
[autorun]
open=RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe
icon=%SystemRoot%\system32\SHELL32.dll,4
action=Open folder to view files
shell\open=Open
shell\open\command=RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe
shell\open\default=1
As you can see in my case the file isee.exe is the virus files, so what i should do is to search all my driver for this file name and delete it. After i have finished deleting isee.exe, i’ll have to get back to the cmd promt and remove the S H R attributes from autorun.inf so i can delete it too. This can be done by typing: attrib -s -h -r autorun.inf (press enter) and then delete autorun.inf(press enter). Usually the virus exe file (not in my case) is located on the same location as the autorn.inf file, and you will have to remove S H R attributes from this file too before you delete it by writting attrib -s -h -r filexxx.exe.
Good luck deleting them and email me if you face difficulties.
Tags: delete protected files, dos virus deletion, hidden virus files, how the virus is activated, how to procted flash from virus, how to use DOS, manual virus removal, partition hidden virus files removal, usb root virus
