Malware infects almost everyone at some point . The malware can be in any form : a Trojan , a Virus . a Worm etc . What files a malware will create and with what attributes completely depends on the Malware family and its behavior . Sometimes there are difficulties in locating the files created / dropped by the malware after the computer has been infected . Well to locate these dropped files , no geeky stuff needs to be done . Here is a Simple Trick :
Requirements :
Command prompt : The command line interpreter built into windows itself . All you need for this tutorial is command prompt .Tutorial :
In this tutorial for the sake of Simplicity lets take an infected USB and try to clean it . The same method applies to other drives of your computer as well . Take a Screenshot of the files in the USB drive so that latter we know what hidden files we have discovered .Open Command prompt ( preferably run as Administrator )
attrib -H -S E:\* /S /D
_0a489997_
Description of the Command :
attrib : Displays or changes file attributes. – : Clears an attribute. H : Hidden file attribute. S : System file attribute. E:\* : Drive of the USB with * as wildcard that means process all files. /S : Processes matching files in the current folder and all sub folders. /D : Processes folders as well.The files that you see now in the USB drive are the files created with a Hidden and System attribute by the Virus quiet commonly . Also there is no reason why one would have files with such attributes on a USB drive , although explicitly done .
What Else can I do to Identify and get Rid of the Virus files :
- Open Process explorer . Monitor what unwanted processes you have running .
- Look for the Processes with similar names to that of the files you have just discovered .
- If needed download the Sys Internals suite of tools for further help . Use the Process monitor in by Sys Internals to analyze the rouge Process .
- Look into the registry for any unwanted startup Entries
- Check Start up configuration of windows using msconfig in Run box.