How to Use CMD to Remove Virus from Any Drive in Windows 10

Summary

This guide describes how to use cmd to remove the virus from an infected USB drive, SD card, pen drive and more on a Windows 10 computer. The cmd syntax is explained so you can understand the commands you are entering into the command prompt, if you wish to know. After removing the virus with cmd, don't forget to download EaseUS data recovery software to see if the virus has deleted or hidden any files.

What damage a virus could do to you

We loathe computer viruses, undoubtedly. But do you know exactly how viruses can damage your computer? There are many types of viruses, and they behave in many different ways. To sum it up, a computer virus is simply a type of program that causes your computer to act in an undesirable way. It can be a dangerous infiltration designed to drag your computer down, erase very important files, track your habits, or gives hackers access to your personal information...

Viruses are a great nuisance. Some viruses like the Locky virus and CryptoLocker, also known as ransomware; delete computer files, encrypt them, even change the file extension to .locky or .encypt. Other viruses hide files and leave users with nowhere to unhide them. If you happen to be a victim who's looking for .locky file recovery or .crypt file recovery, then click the link.

General knowledge about commands

On this page, we're going to offer you solutions to remove viruses from your USB drive, memory card, in fact, any drive in a Windows 10 computer using the Command Prompt (cmd). In order to remove a viruses using cmd, we will use a famous cmd command called the 'attrib' command. First, we'd better have some understanding about the commands we'll be using.

Here are the basic attributes of the 'attrib' command:

R – represents the "Read-only" attribute of a file or folder. Read-only means the file cannot be written on or executed.
H – the "Hidden" attribute.
A – stands for "Archiving" which prepares a file for archiving.
S – the "System" attribute changes the selected files or folders from user files into system files.
I - "not content indexed file" attribute.

"attrib" Syntax:

ATTRIB [+ attribute | – attribute] [pathname] [/S [/D]]

In the above command, let's see what the different parameters and switches are:

'+ / –': To enact or to cancel the specified attribute.
'attribute': As explained above.
'/S': Searching throughout the entire path including subfolders.
'/D':  Include any process folder.
'pathname': Path where the target file or folder is located.

Here is the proper syntax order for attrib command:

ATTRIB [+R | -R] [+A | -A ] [+S | -S] [+H | -H] [+I | -I] [drive:][path][filename] [/S [/D] [/L]]

How to remove/delete virus using CMD in Windows 10/8.1/8/7

Here is an example of how to transfer an 'autorun.inf' virus from my USB drive to my D: drive and delete that virus from my D: drive. And you can follow for a try now:

Step 1. Open Command Prompt from search and run as an administrator.

Step 2. Type: D: and press Enter.

Step 3. Type: attrib and press Enter. You'll see autorun.inf virus files listed.

Step 4. To remove the virus using CMD, type into your command prompt: attrib -r -a -s -h *.* and press Enter. This will remove the Read Only, Archive, System and hidden file attribute from all the files. (*.* for all the files with all different types of file extensions).

Step 5. Type: del autorun.inf and hit enter to delete the files.

If you are infected with other viruses, replace autorun.inf with other virus extensions such as *.ink or *.exe so to respectively delete those suspicious files.

More tips for virus removal

Don't forget to use a data recovery tool in case the virus deleted or hid your important files on USB and other drives. Using commands can only help remove the virus but can do nothing to restore damaged and lost files. EaseUS file recovery software is able to complete virus file recovery in just three steps.

Learn the 3-step file recovery in this video guide.