check malware in windows using cmd

check malware in windows using cmd


  • Since you cannot see this file nor delete it (because the attributes that was set on these files are +s +h +r)
  • +s – meaning it is a system file (which also means that you cannot delete it just by using the delete command)
  • +h – means it is hidden (so you cannot delete it)

  • +r – means it is a read only file 

Microsoft Windows [Version 10.0.10240]
(c) 2015 Microsoft Corporation. All rights reserved.

C:\Users\admin>..
‘..’ is not recognized as an internal or external command,
operable program or batch file.

C:\Users\admin>cd..

C:\Users>cd..

C:\>attrib
A  SHR       C:\bootmgr
A  SH        C:\BOOTNXT
A            C:\HaxLogs.txt
A  SH   I    C:\hiberfil.sys
A  SH        C:\pagefile.sys
A  SH        C:\swapfile.sys

C:\>attrib +s
Not resetting hidden file – C:\bootmgr
Not resetting hidden file – C:\BOOTNXT
Access denied – C:\HaxLogs.txt
Not resetting hidden file – C:\hiberfil.sys
Not resetting hidden file – C:\pagefile.sys
Not resetting hidden file – C:\swapfile.sys

C:\>attrib +h
Not resetting system file – C:\bootmgr
Not resetting system file – C:\BOOTNXT
Access denied – C:\HaxLogs.txt
Not resetting system file – C:\hiberfil.sys
Not resetting system file – C:\pagefile.sys
Not resetting system file – C:\swapfile.sys

C:\>attrib +r
Not resetting hidden file – C:\bootmgr
Not resetting hidden file – C:\BOOTNXT
Access denied – C:\HaxLogs.txt
Not resetting hidden file – C:\hiberfil.sys
Not resetting hidden file – C:\pagefile.sys
Not resetting hidden file – C:\swapfile.sys

C:\>

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s