How to Use CMD to Remove Virus from Any Drive in Windows 10/11

Jean updated on Oct 21, 2024 to Data Recovery Resource | How-to Articles

Viruses may attack files/folders, storage devices, or Windows operating systems. To remove a virus from an infected USB drive, SD card, pen drive and more on a Windows 10 computer, you can use CMD to get things done. If the virus delete or hide your files, don't hesitate to use EaseUS Data Recovery Wizard to recover them with ease.

On this page, we include four practical methods to help you remove viruses and help restore virus removed or deleted files with powerful EaseUS file recovery software. If you are in this dilemma, follow fixes here to clean up the virus and bring your files back: 

Workable Solutions Step-by-step Troubleshooting
Fix 1. Remove Virus with CMD Run Command Prompt as Administrator or EaseUS M Tool > Clear virus with attrib -s -h -r /s /d *.*...Full steps
Fix 2. Run Antivirus Run installed antivirus software, execute clean operation if the virus is detected...Full steps
Fix 3. Run Windows Defender Go to Settings > "Update & Security" > "Windows Security" > "Virus & threat protection" ...Full steps
Fix 4. Format Infected Device If the hard drive partition or external storage device was infected by a virus, formatting it can help...Full steps

What Damage Could Viruses Do

We loathe computer viruses, undoubtedly. But do you know exactly how viruses can damage your computer? There are many types of viruses, and they behave in different ways. To sum it up, a computer virus is simply a type of program that causes your computer to act in an undesirable way. It can be a dangerous infiltration designed to drag your computer down, erase important files, track your habits, or give hackers access to your personal information... A virus is a great nuisance. Some viruses like the Locky virus and CryptoLocker, also known as ransomware, delete computer files, encrypt them, even change the file extension to .locky or .encypt. Other viruses hide files and leave users with nowhere to unhide them.

How to Recover Files Deleted/Hidden by Viruses

Using CMD commands can only help remove the virus but can do nothing to restore damaged and lost files for the virus infection. EaseUS Data Recovery Wizard can recover lost data in various severe cases.

  • Recover lost or deleted files due to virus attack
  • recover files from emptied Recycle Bin on Windows 10/11 or recover deleted files from Trash Bin on Mac 
  • Recover lost files from HDD, SSD, USB flash drive, pen drive, SD card, external hard drive, and more devices
  • Support repairing corrupted files after the data recovery

Learn the 3-step file recovery in the following guides.

Step 1. Select the virus infected drive to scan

Run EaseUS virus file recovery software on your Windows PC. Select the disk attacked by the virus to scan for lost or hidden files. Note that:

  • If it's an HDD where files were hidden or deleted by virus, it's better to install the software on a different volume or an external USB drive to avoid data overwriting.
  • If the infected device is an external hard drive, flash drive or memory card, it doesn't matter to install the software on the local drive of the computer.

Step 2. Check all scanned results

EaseUS Data Recovery Wizard will immediately start a scan process to find your deleted or hidden files on the virus infected hard drive. To quickly locate the wanted files, you can use the Filter or search box feature to display only the pictures, videos, documents, emails, etc.

Step 3. Preview and recover deleted/hidden files

When the process finishes, you can preview the scanned files. Select the files you want and click the "Recover" button. You should save restored files to another secure location or Cloud drive, not where they were lost.

It's certainly true that a virus is something you will want to remove once you find it. Among the multiple choices, many users attempt to remove viruses using CMD.

Why Can You Remove a Virus Using CMD

In fact, using command lines doesn't directly check and remove viruses from your computer or external storage device. CMD helps to achieve your goal of removing viruses by showing the hidden viruses on a partition or drive. Afterward, you can delete the suspicious files. Since viruses always conceal themselves, you need to make them appear and then delete the virus files. Then how can you show the potentially hidden virus files using CMD? All you need is the attrib command.

The attrib command is a Command Prompt command used to display, set, or remove the attributes of the files or folders in the selected location. By canceling the "hidden" attribute of the virus, you can see it appearing in the folder. And then you will know where to find and remove it.

How to Remove Virus Using CMD

Now, follow the steps below to delete viruses from your computer or storage device using CMD.

Step 1. Type cmd in the search bar, right-click "Command Prompt" and choose "Run as an administrator".

Step 2. Type F: and press "Enter". (Replace "F" with the drive letter of the infected partition or device.)

Step 3. Type attrib -s -h -r /s /d *.* and hit "Enter".

Step 4. Type dir and hit "Enter". Now you will see all the files under the assigned drive. (The dir command displays a list of a directory's files and subdirectories.)

Step 5. For your information, a virus name may contain words like "autorun" and with ".inf" as the extension. Thus, if you find such suspicious files, type del autorun.inf to remove the virus.

Here are the basic attributes of the 'attrib' command:

R – represents the "Read-only" attribute of a file or folder. Read-only means the file cannot be written on or executed.
H – the "Hidden" attribute.
A – stands for "Archiving" which prepares a file for archiving.
S – the "System" attribute changes the selected files or folders from user files into system files.
I - "not content indexed file" attribute.

The "attrib" Syntax:

ATTRIB [+ attribute | – attribute] [pathname] [/S [/D]]

In the above command, let's see what the different parameters and switches are:

'+ / –': To enact or to cancel the specified attribute.
'attribute': As explained above.
'/S': Searching throughout the entire path including subfolders.
'/D':  Include any process folder.
'pathname': Path where the target file or folder is located.

Here is the proper syntax order for attrib command:

ATTRIB [+R | -R] [+A | -A ] [+S | -S] [+H | -H] [+I | -I] [drive:][path][filename] [/S [/D] [/L]]

Warning
Be careful while using the Command Prompt. Improper use of cmd can result in system damage. So, perform data recovery in advance, and then continue with the CMD method.

If you receive the message "Access denied", you should:

  • Make sure you have run Command Prompt as an administrator
  • Make sure the file/folder is not in use
  • Check the permission of the current account and make sure you have full control over the file/folder (right-click the file/folder/partition and go to "Security")
  • Use CHKDSK command to check for file system errors (run Command prompt and enter chkdsk /f [drive letter]:)

Manual execution of the command line is suitable for computer professionals, since incorrect commands can do more harm than good. Therefore, for security and usability, we strongly recommend you try an automatic command line alternative - EaseUS CleanGenius. It is a practical tool that enables you to check and fix file system errors, enable/disable write protection and update your system with one-click instead of typing intricate command lines.

Follow the simple steps below to show hidden files with this 1-click-fix software. 

Step 1. DOWNLOAD EaseUS CleanGenius for Free.

Step 2. Start EaseUS CleanGenius, choose "Optimization" on the left panel. Next, click "File Showing" on the right panel. 

Step 3. Select the hard drive and click "Execute".

Step 4. After the operation completes, click the here link to check the hidden files. 

3 Other Ways to Remove Virus

In addition to using CMD, there are other methods available to remove a virus from your computer or storage device, like using antivirus software, Windows Defender, and formatting the storage device.

Method 1. Run Antivirus

Almost every computer has antivirus software installed. Whenever you find your computer is infected by a virus, running the antivirus software may help. We recommend TotalAV, a powerful antivirus & security software that can quickly scan your system and protect your computer.

TOTALAV

TotalAV is an Award Winning Antivirus and Security Software. It Provides Real-Time Protection from Viruses, Malware & Online Threats.

Get Protected Now

Antivirus Protection Enabled

Method 2. Run Windows Defender Antivirus

Windows Defender Antivirus is the built-in antivirus protection in Windows 10/11. It provides protection against viruses, malware, and spyware for your computer and connected devices. If you don't have third-party antivirus software, using the built-in utility is advisable.

Step 1. Go to "Settings" > "Update & Security" > "Windows Security".

Step 2. Click "Virus & threat protection".

Step 3. In the "Threat history" section, click "Scan now" to scan for viruses on your computer.

Method 3. Format the Infected Device

The format is the process of erasing the existing files on the selected partition or drive. It will certainly remove the virus, too. Since formatting, a partition/drive will cause data loss, make sure you don't have any important files stored on the device.

How to Prevent Virus or Malware Infections

Except for knowing how to cope with a virus attack, you should also know how to prevent virus infection on your computer or external storage device. For you to protect your computer or USB drives better, here are some feasible tips on virus prevention you:

Install professional antivirus software on your computer and keep it updated
Be cautious with the origins of the programs you want to install
Avoid suspicious websites and think before you make a click
Make sure the network connection is safe
Besides, regularly making backups of your files with free backup software is also recommended to avoid complete data loss that may be caused by a virus infection.

The Bottom Line

Removing a virus using CMD is a roundabout solution. Yet it works in some cases. If the attrib command fails, try the three more tips provided to get rid of the malicious file. Besides, virus attacks are always accompanied by data loss. In that case, use the hard drive recovery software - EaseUS Data Recovery Software to rescue the lost files as soon as possible.

Use CMD to Remove Virus FAQs

Do you have more questions about using CMD to remove viruses? You will learn more by keep reading.

How can I remove the shortcut virus?

We will recommend 5 ways to help you remove shortcut viruses:

  1. 1. Remove shortcut virus using CMD.
  2. 2. Create a BAT file to remove the virus.
  3. 3. Use antivirus tools to remove shortcut viruses.
  4. 4. Remove the shortcut virus on the source PC.
  5. 5. Delete suspicious keys.

How do I remove a hidden virus from my computer?

You can remove a hidden virus with Windows built-in utility:

  1. 1. Open Security settings on Windows.
  2. 2. Select "Virus & threat protection" and click "Scan options".
  3. 3. Select "Windows Defender Offline scan".
  4. 4. View the results after scanning.

How do I know if my computer has a hidden virus?

There are some signs that appear if your computer has a hidden virus:

  1. 1. Your computer is running slowly.
  2. 2. Blue/black screen of death error.
  3. 3. There are many pop-ups.
  4. 4. Your files are missing suddenly.
  5. 5. Your computer warns you of a lack of storage space.