How to Use CMD to Remove Virus from Any Drive in Windows 10/11

On this page, we include four practical methods to help you remove viruses and help restore virus removed or deleted files with powerful EaseUS file recovery software. If you are in this dilemma, follow fixes here to clean up the virus and bring your files back: 

What Damage Could Viruses Do

We loathe computer viruses, undoubtedly. But do you know exactly how viruses can damage your computer? There are many types of viruses, and they behave in different ways. To sum it up, a computer virus is simply a type of program that causes your computer to act in an undesirable way. It can be a dangerous infiltration designed to drag your computer down, erase important files, track your habits, or give hackers access to your personal information... A virus is a great nuisance. Some viruses like the Locky virus and CryptoLocker, also known as ransomware, delete computer files, encrypt them, even change the file extension to .locky or .encypt. Other viruses hide files and leave users with nowhere to unhide them.

How to Recover Files Deleted/Hidden by Viruses

Using CMD commands can only help remove the virus but can do nothing to restore damaged and lost files for the virus infection. EaseUS Data Recovery Wizard can recover lost data in various severe cases.

Learn the 3-step file recovery in the following guides.

Step 1. Select the virus infected drive to scan

Run EaseUS virus file recovery software on your Windows PC. Select the disk attacked by the virus to scan for lost or hidden files. Note that:

• If it's an HDD where files were hidden or deleted by virus, it's better to install the software on a different volume or an external USB drive to avoid data overwriting.
• If the infected device is an external hard drive, flash drive or memory card, it doesn't matter to install the software on the local drive of the computer.

Step 2. Check all scanned results

EaseUS Data Recovery Wizard will immediately start a scan process to find your deleted or hidden files on the virus infected hard drive. To quickly locate the wanted files, you can use the Filter or type grouping feature to display only the pictures, videos, documents, emails, etc.

Step 3. Preview and recover deleted/hidden files

When the process finishes, you can preview the scanned files. Select the files you want and click the "Recover" button. You should save restored files to another secure location on your computer or storage device, not where they were lost.

It's certainly true that a virus is something you will want to remove once you find it. Among the multiple choices, many users attempt to remove viruses using CMD.

Why Can You Remove a Virus Using CMD

In fact, using command lines doesn't directly check and remove viruses from your computer or external storage device. CMD helps to achieve your goal of removing viruses by showing the hidden viruses on a partition or drive. Afterward, you can delete the suspicious files. Since viruses always conceal themselves, you need to make them appear and then delete the virus files. Then how can you show the potentially hidden virus files using CMD? All you need is the attrib command.

The attrib command is a Command Prompt command used to display, set, or remove the attributes of the files or folders in the selected location. By canceling the "hidden" attribute of the virus, you can see it appearing in the folder. And then you will know where to find and remove it.

How to Remove Virus Using CMD

Now, follow the steps below to delete viruses from your computer or storage device using CMD.

Step 1. Type cmd in the search bar, right-click "Command Prompt" and choose "Run as an administrator".

Step 2. Type F: and press "Enter". (Replace "F" with the drive letter of the infected partition or device.)

Step 3. Type attrib -s -h -r /s /d *.* and hit "Enter".

Step 4. Type dir and hit "Enter". Now you will see all the files under the assigned drive. (The dir command displays a list of a directory's files and subdirectories.)

Step 5. For your information, a virus name may contain words like "autorun" and with ".inf" as the extension. Thus, if you find such suspicious files, type del autorun.inf to remove the virus.

Here are the basic attributes of the 'attrib' command:

R – represents the "Read-only" attribute of a file or folder. Read-only means the file cannot be written on or executed.
H – the "Hidden" attribute.
A – stands for "Archiving" which prepares a file for archiving.
S – the "System" attribute changes the selected files or folders from user files into system files.
I - "not content indexed file" attribute.

The "attrib" Syntax:

ATTRIB [+ attribute | – attribute] [pathname] [/S [/D]]

In the above command, let's see what the different parameters and switches are:

'+ / –': To enact or to cancel the specified attribute.
'attribute': As explained above.
'/S': Searching throughout the entire path including subfolders.
'/D':  Include any process folder.
'pathname': Path where the target file or folder is located.

Here is the proper syntax order for attrib command:

ATTRIB [+R | -R] [+A | -A ] [+S | -S] [+H | -H] [+I | -I] [drive:][path][filename] [/S [/D] [/L]]

If you receive the message "Access denied", you should:

• Make sure you have run Command Prompt as an administrator
• Make sure the file/folder is not in use
• Check the permission of the current account and make sure you have full control over the file/folder (right-click the file/folder/partition and go to "Security")
• Use CHKDSK command to check for file system errors (run Command prompt and enter chkdsk /f [drive letter]:)

Manual execution of the command line is suitable for computer professionals, since incorrect commands can do more harm than good. Therefore, for security and usability, we strongly recommend you try an automatic command line alternative - EaseUS CleanGenius. It is a practical tool that enables you to check and fix file system errors, enable/disable write protection and update your system with one-click instead of typing intricate command lines.

Follow the simple steps below to show hidden files with this 1-click-fix software. 

Step 1. DOWNLOAD EaseUS CleanGenius for Free.

Step 2. Start EaseUS CleanGenius, choose "Optimization" on the left panel. Next, click "File Showing" on the right panel. 

Step 3. Select the hard drive and click "Execute".

Step 4. After the operation completes, click the here link to check the hidden files. 

3 Other Ways to Remove Virus

In addition to using CMD, there are other methods available to remove a virus from your computer or storage device, like using antivirus software, Windows Defender, and formatting the storage device.

Method 1. Run Antivirus

Almost every computer has antivirus software installed. Whenever you find your computer is infected by a virus, running the antivirus software may help.

Method 2. Run Windows Defender Antivirus

Windows Defender Antivirus is the built-in antivirus protection in Windows 10/11. It provides protection against viruses, malware, and spyware for your computer and connected devices. If you don't have third-party antivirus software, using the built-in utility is advisable.

Step 1. Go to "Settings" > "Update & Security" > "Windows Security".

Step 2. Click "Virus & threat protection".

Step 3. In the "Threat history" section, click "Scan now" to scan for viruses on your computer.

Method 3. Format the Infected Device

The format is the process of erasing the existing files on the selected partition or drive. It will certainly remove the virus, too. Since formatting, a partition/drive will cause data loss, make sure you don't have any important files stored on the device.

How to Prevent Virus or Malware Infections

Except for knowing how to cope with a virus attack, you should also know how to prevent virus infection on your computer or external storage device. For you to protect your computer or USB drives better, here are some feasible tips on virus prevention you:

Install professional antivirus software on your computer and keep it updated
Be cautious with the origins of the programs you want to install
Avoid suspicious websites and think before you make a click
Make sure the network connection is safe
Besides, regularly making backups of your files with free backup software is also recommended to avoid complete data loss that may be caused by a virus infection.

The Bottom Line

Removing a virus using CMD is a roundabout solution. Yet it works in some cases. If the attrib command fails, try the three more tips provided to get rid of the malicious file. Besides, virus attacks are always accompanied by data loss. In that case, use the hard drive recovery software - EaseUS Data Recovery Software to rescue the lost files as soon as possible.

Use CMD to Remove Virus FAQs

Do you have more questions about using CMD to remove viruses? You will learn more by keep reading.

How can I remove the shortcut virus?

We will recommend 5 ways to help you remove shortcut viruses:

1. 1. Remove shortcut virus using CMD.
2. 2. Create a BAT file to remove the virus.
3. 3. Use antivirus tools to remove shortcut viruses.
4. 4. Remove the shortcut virus on the source PC.
5. 5. Delete suspicious keys.

How do I remove a hidden virus from my computer?

You can remove a hidden virus with Windows built-in utility:

1. 1. Open Security settings on Windows.
2. 2. Select "Virus & threat protection" and click "Scan options".
3. 3. Select "Windows Defender Offline scan".
4. 4. View the results after scanning.

How do I know if my computer has a hidden virus?

There are some signs that appear if your computer has a hidden virus:

1. 1. Your computer is running slowly.
2. 2. Blue/black screen of death error.
3. 3. There are many pop-ups.
4. 4. Your files are missing suddenly.
5. 5. Your computer warns you of a lack of storage space.