How to Remove a Virus From Your Computer Without Using an Antivirus

Despite your best efforts, viruses can slip through your defenses and compromise your computer. When you cannot rely on your antivirus software to do the job, that doesn’t mean that you have to live with the virus or reinstall your operating system. As shown in this tutorial, you can remove the most common culprits without antivirus software by enlisting the help of your command line.

Content

How to Know Your Computer Is Infected With a Virus

If you become sick, you’ll experience symptoms that help doctors determine your illness. Computers are similar to us in that aspect. Once infected, your computer will behave in an unusual way to alert you of a possible compromise in its operating system.

Image source:
Pixabay

Here are some examples:

Computer performance slows down, and it takes longer to start up and run programs.
Some files have been modified or deleted without your intervention. It’s important to note here that Windows may remove or add system files during its update process.
You may lose access to some or all of your files, especially in the case of ransomware.
Although you didn’t download them, unusual applications may appear on your Desktop and Start menu.
Your browser may slow down dramatically to the point that it doesn’t have the same responsiveness that it did a week ago.
You’ll begin to receive repeated warning notifications from your antivirus software.
Unexpected system shutdowns and restarts.
Overworked CPU, RAM, and hard drive.
Some malware may hijack administrator privileges and deny you access to your PC’s functionality.
Programs may run automatically that you do not remember starting.
Programs may close without any input from you.
Opening the task manager takes much longer than usual.
Opening links to trusted websites on your browser leads to pages you don’t recognize.
Messages or emails that you have never written get delivered from you to other people. You may not be able to notice this right away unless you get a confused response from one of your contacts.

How Do Computers Get Infected with Viruses?

One way to reduce the risk of a malware infection is to learn how computers catch viruses and avoid that. Your computer can catch a virus in several ways:

Downloading data from unsafe sites can infect your computer with malware. Most websites that support movie, audio, game, and software piracy are rife with viruses.
Spam emails also carry malware, and opening any attachments from them may infect your computer.
Ads and pop-up notifications can also download malware into your computer when you click on them.
Attaching an infected peripheral device will infect your system with viruses.
Connecting to unsafe networks can expose your computer to viruses already present within the network.
Messages from other infected people that contain links to download content are sent by the virus to manipulate your sense of curiosity and get you to open files that can spread it.

Things to Consider Before Using The Command Prompt to Remove Malware from Your PC

Only use the command prompt to remove viruses if you have some technical understanding of how computers work. Running specific commands with administrator privileges may be risky, and you can lose your data or system files if you misuse them.

Apart from that, there’s a limit to what the command prompt can do to remove malware. You can use it to delete some common viruses, but you can’t do it with others. It will, for example, struggle with tougher foes like ransomware. For cases like these, you’ll need specialized tools that can decrypt your files.

How to Scan Your PC for Malware Using the Command Prompt

Before removing any virus from your computer using the command prompt, scan your system using tools you already have, like Windows Defender’s own virus scanning utility.

Most viruses will hide within your system files or drives, changing their properties to stay invisible or undetected.

If you don’t manage to catch anything with your antivirus software, follow the steps below to scan for malware using the command prompt:

Open the command prompt with administrator rights using your search bar or the Run function. You’ll receive a prompt to confirm you want to use administrator rights on your PC. Click Yes to continue.

A command line window will open. Type sfc /scannow and press Enter to begin your scan.

Depending on your PC specifications, this process may take some time. Wait until the scan is complete.

Windows will also attempt to repair any corrupt files as this scan happens. In some cases, this may resolve your issues. If not, you may have to search and delete the virus files from your drives.

Search and Remove Viruses from Detachable Drives Using the Attribute Command

To remove viruses from a specific drive or partition, use the attrib command. This command can be used to sneakily root out any files that have been set for system use or hidden by removing and revealing those attributes. This command is especially effective in USB drives, where viruses like to hide in certain files that Windows executes automatically.

“Attrib” Syntax

Here’s a quick rundown of how to use the attrib command. To run the command, you must call it using attrib:

r represents the Read-Only attribute
s represents the System attribute
a represents the Archive attribute
h represents the Hidden attribute
+ applies the chosen attribute to a file or folder
– removes the selected attribute from a file or folder
/s searches through the entire document path, including subfolders within folders
/d includes any process folder

This command can help you find many types of viruses, particularly those that run from autorun.inf files within USB drives.

How to Remove a Virus With The ‘Attrib’ Command

To begin, run the command prompt with administrator privileges.

Once the command prompt opens, select the drive with a possible infection using its letter (e.g., d:). This keeps all the functions you’ll run within one working partition. If you plan on running the attrib command on your primary drive, change to the root folder instead: cd C:\.

Use the command attrib -s -h -r /s /d *.* to begin stripping all files of system, hidden, and read-only attributes. Files that are given these attributes by the Windows operating system won’t be stripped. Instead, you’ll get an Access Denied error.

Explore the drive again using Windows File Explorer. You should see new files appear that were previously hidden. The removal of read-only attributes ensures that you’re free to delete them at your whim.

If you’re not sure whether a file you’ve found with this method is a virus, run it through a site like VirusTotal or Polyswarm, just to get complete confirmation. Both of these sites match individual files you upload against several heuristics algorithms and antivirus databases.

Once you’ve determined that a file you have found is a virus, delete it from your system forever! Give Windows a restart, and you should be home-free.

Reclaim Registry Editing from a Virus that Removed It

Some viruses will completely disable your ability to edit your registry to prevent you from modifying any of the keys it edited. If you find yourself in this situation, you only need to type one command.

Open the command line in administrator mode.
Type the following, and press Enter:

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableRegistryTools /f /d 0

This will restore registry editing capabilities to your computer. If you still can’t open the registry editor, you will either continue to be infected by a virus or have larger problems affecting your system integrity that can only be solved by restoring your system using Windows installation media.

Which Viruses Can the Command Line Remove?

You can use the command line to remove common low-level viruses, like those that run on autorun.inf files. For more complex viruses, you’ll need dedicated antivirus software to remove them from your system completely.

Some viruses replicate themselves into the registry. Others may alter or delete system files. To remove such a virus, repair the system and recover files as well.

Where possible, use antivirus software to remove complex malware. If your computer system gets a ransomware infection, the command line really won’t help you.

Frequently Asked Questions

Can you really remove a virus just by deleting it?

If you follow these instructions carefully, you can remove a virus by deleting it. If you already have antivirus software, it shouldn’t be a problem. Many antivirus programs delete virus files too, and that’s usually permanent.

Should I use the command prompt to remove viruses instead of an antivirus software?

You could use the command prompt method to remove viruses if you don’t have an antivirus installed, but it will not protect your computer from infection without the advanced features that most good antivirus software provide: e.g., quarantine, scanning, etc. You should not depend on this method to keep your computer safe from infection; rather, use it in a pinch to remove a virus if you have to.

Can a virus survive a factory reset?

Usually, no. Resetting your computer restores it to its condition before you buy it. It’s an effective, albeit scorched-earth, way to clean your hard drive of viruses and repair damage.

Images and screenshots by Miguel Leiva-Gomez

Miguel Leiva-Gomez

Miguel has been a business growth and technology expert for more than a decade and has written software for even longer. From his little castle in Romania, he presents cold and analytical perspectives to things that affect the tech world.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Sign up for all newsletters.
By signing up, you agree to our Privacy Policy and European users agree to the data transfer policy. We will not share your data and you can unsubscribe at any time. Subscribe