Home » Blog » Tips and Tricks » Know How to Remove Virus From Pen Drive Using DOS Commands ?

Know How to Remove Virus From Pen Drive Using DOS Commands ?

Category: Tips and Tricks · 8 Minutes Reading · By
Updated
Remove Virus From Pen Drive
Summary

You can remove a virus from a pen drive using the attrib command in Windows Command Prompt (CMD). Open CMD as administrator, navigate to your pen drive, run attrib -h -r -s /s /d *.* and delete the suspicious files. This works for shortcut viruses, hidden malware and autorun infections.

📋 Table of Contents
  1. Symptoms of a Virus-Infected Pen Drive
  2. Why Use CMD to Remove Pen Drive Virus
  3. Step-by-Step: Remove Virus Using DOS Commands
  4. How to Fix Shortcut Virus Specifically
  5. What to Do After Removal
  6. Limitations to Know
  7. Frequently Asked Questions

Your pen drive is showing weird files, your folders turned into shortcuts, or the drive just won’t behave normally. Chances are it’s carrying a virus. The good news: you don’t need a paid antivirus tool to fix this. Windows has a built-in command that handles most pen drive viruses in under 2 minutes.

I’ve cleaned dozens of infected flash drives this way. It works on shortcut viruses, hidden malware and most autorun infections.

Symptoms of a Virus-Infected Pen Drive

How do you know your pen drive has a virus before you start removing it? Watch for these signs:

  • Folders show as shortcuts instead of actual folders
  • Files are hidden and won’t show even with “show hidden files” enabled
  • The drive opens a separate window or runs something automatically when plugged in
  • Unfamiliar files appear, such as autorun.inf, Ravmon.exe or Desktop.ini with unusual sizes
  • Your antivirus flags the drive every time you connect it
  • The drive letter shows up but the used space is much larger than your actual files

If you spot any of these, don’t open the drive in Windows Explorer. Go straight to CMD.

Why Use CMD to Remove Pen Drive Virus

Windows Command Prompt gives you direct access to file attributes that Explorer hides from you. Most pen drive viruses hide themselves using the system, read-only and hidden flags. The attrib command strips those flags so you can see and delete the malicious files.

This method is free, built into every Windows PC, and takes about 90 seconds once you know the commands. It doesn’t require internet access, so it works even on an offline machine.

One thing worth knowing: this approach removes the virus files, but it doesn’t repair files that the virus already encrypted or corrupted. For that, you’d need a pen drive data recovery tool.

Step-by-Step: Remove Virus Using DOS Commands

Follow these steps exactly. The whole process takes less than 3 minutes.

Step 1: Plug in Your Pen Drive but Don’t Open It

Connect your pen drive to the PC. When the autoplay dialog appears, click “Open folder to view files” only if nothing runs automatically. Better yet, cancel the autoplay and go straight to CMD.

Step 2: Note Your Pen Drive Letter

Open Windows Explorer and check which drive letter your pen drive got. It’s usually E:, F:, G: or H:. Write it down. You’ll need it in the next step.

Step 3: Open Command Prompt as Administrator

Press Windows Key + R, type cmd, then hold Ctrl + Shift and press Enter. This opens CMD with administrator rights. Click “Yes” when Windows asks for permission.

Step 4: Navigate to Your Pen Drive

In the CMD window, type your drive letter followed by a colon and press Enter. For example:

E:

You’ll see the prompt change to show your pen drive letter.

Step 5: Run the attrib Command

Now run this command:

attrib -h -r -s /s /d *.*

Here’s what each part does:

  • -h removes the hidden attribute
  • -r removes the read-only attribute
  • -s removes the system attribute
  • /s applies the change to all files in subfolders
  • /d applies the change to directories too

The command runs silently. When you see the prompt return, it’s done.

Step 6: Delete the Virus Files

Now delete the known virus files. Run these commands one at a time:

del autorun.inf
del Ravmon.exe
del Desktop.ini

If the file doesn’t exist, CMD will say “Could Not Find” which is fine. Only delete files you didn’t put there yourself.

Step 7: Scan and Eject

After deleting, run a quick antivirus scan on the drive from your security software. Then right-click the drive in Explorer and choose “Eject” before unplugging.

How to Fix Shortcut Virus Specifically

Shortcut virus is the most common pen drive infection. It converts all your folders and files into .lnk shortcut files. The actual files are still there, just hidden behind fake shortcuts.

Open CMD as administrator, navigate to your pen drive, then run:

attrib -h -r -s /s /d *.*

After that, go into Windows Explorer and enable “Show hidden items.” You’ll see your real folders and files appear alongside the .lnk files. Delete all the .lnk shortcut files that you didn’t create. Your original folders will be intact.

If you see a file named Thumbs.db or RECYCLER in the root of your drive but you’ve never put those there, delete them too. They’re commonly used by viruses to hide.

What to Do After Removal

Once the virus files are gone, do these three things:

Format if you’re still seeing issues. If files still act strange after the attrib fix, back up your data and format the pen drive. Right-click it in Explorer, choose Format, select FAT32 or NTFS, and run a full format (not quick).

Scan the PC that infected it. The virus came from somewhere. If a colleague’s PC infected your drive, that machine still carries the infection. Run a full scan on any PC the drive touched.

Disable autorun on your PC. Open Group Policy Editor (gpedit.msc), go to Computer Configuration, Administrative Templates, Windows Components, AutoPlay Policies and set “Turn off AutoPlay” to Enabled. This stops future infections from launching automatically.

If the virus deleted or corrupted important files before you removed it, don’t panic. A data recovery tool for pen drives can often restore deleted files even after a virus attack. The same applies if you also need to recover data from Windows that the virus spread to.

Limitations to Know

Limitations

  • The attrib command removes virus files but can’t repair files already encrypted or corrupted by ransomware-type infections
  • This method doesn’t work against every type of malware. Advanced rootkits or bootsector viruses need specialized removal tools
  • If the virus has spread to your PC’s system files, cleaning the pen drive alone won’t fully solve the problem
  • Deleting virus files manually means you need to know which files are malicious. If you’re unsure, format the drive instead
  • Some viruses recreate themselves immediately on reconnect if the host PC is still infected
  • This process doesn’t recover data the virus already deleted. Use a dedicated recovery tool for that

Frequently Asked Questions

Does removing the virus from the pen drive also remove it from my computer?

No. Cleaning the pen drive only removes the virus from the drive itself. If your PC is infected, you need to run a full antivirus scan on the computer separately. Plug the cleaned drive back in only after the PC is clean.

What is the attrib command and is it safe to use?

The attrib command is a built-in Windows tool that changes file attributes like hidden, read-only and system. It’s completely safe and comes with every version of Windows. It can’t damage your files. It only changes their visibility properties.

Will the CMD method delete my personal files?

No. The attrib command only changes file attributes, it doesn’t delete anything. The del commands you run separately only affect the specific virus file names you type. Your photos, documents and other personal files stay untouched.

My pen drive files are still showing as shortcuts after running the command. What now?

Open Windows Explorer, click View and enable “Show hidden items.” Your real files should now be visible alongside the shortcuts. Delete the .lnk shortcut files. If the problem persists, back up your data and do a full format of the drive.

Can I use this same method to remove viruses from an SD card or external hard drive?

Yes. The attrib command works on any removable storage that Windows assigns a drive letter to. The steps are identical. Just navigate to the correct drive letter in CMD before running the command.

What if my pen drive is not showing up in Windows Explorer but appears in Device Manager?

A virus can sometimes corrupt the file system so the drive doesn’t mount properly. Try running diskpart in CMD and check if the drive appears there. If it does, you can try assigning it a new drive letter. If the data is important, a professional pen drive recovery tool may be able to read the drive directly.

Related Posts