Remove Virus From USB Flash Drive Using Command Prompt

Viruses are usually spread across multiple computers using USB Flash drives, external media, connected networks and the Internet. If a USB drive is infected with a virus, it will get activated when we open the USB drive on our computers.

This is because of the auto-run functionality in Windows. Windows looks for autorun.inf file in the USB drive. The autorun.inf file contains information about which program to run when the USB flash drive is opened.

The viruses tend to push their information in the autorun.inf file and then execute automatically from there. The safest way to use the USB flash drives without infecting your own system is to disable the Auto Run functionality of Windows.

To disable Auto Run functionality in Windows, do the following:

  1. Go to Run –> gpedit.msc. This will open the Group Policy Editor.
  2. Navigate to Computer Configuration –> Administrative Templates –> Windows Components –> AutoPlay Policies
  3. In the right hand pane, enable “Turn off Autoplay” setting.

Autoplay group policy

This will prevent Windows from automatically using autorun.inf file in the USB drive.

If your USB drive is already infected with a virus, you can safely delete the autorun.inf file and then scan the USB drive with an antivirus to make sure that the USB drive is clean from all malware.

Autorun.inf can be deleted in two ways. First by using Windows Explorer:

  1. Press Windows Key + E to open Windows Explorer. From the left hand tree, open the USB drive. This should not trigger the auto run functionality of USB.
  2. Now from the left hand content pane, delete the autorun.inf file. Make sure that you are showing hidden files from Folder Options as autorun.inf is usually a hidden file.

Secondly, you can also delete the infected autorun file from command line.

  1. Go to Run –> cmd. This should open the command prompt.
  2. Type g: where g is the USB drive letter.
  3. Now run the following command: attrib -h -r -s -a *.*. This will remove the attributes hidden, archive, system from all the files.
  4. Type del autorun.inf. This will delete the autorun.inf file.

If you want to make sure that in addition to the autorun file, the virus is also removed from the USB drive, you will need to open the autorun.inf file in notepad and see which files and executables are triggered during autorun. Delete those executables and you will be safe from the wrath of USB viruses.

I hope this will be useful for you. Do let me know whether it was useful for you or not.

Interesting Reads Next:

Usman Khurshid
Usman Khurshid is a seasoned IT professional. He has been working in the IT industry for the last 15 years. From making a simple network including physical cabling to consulting for SMEs about cloud computing, he has vast experience in the computing industry. He is also certified in Microsoft Technologies (MCTS and MCSA) and also Cisco Certified Professional on Routing and Switching.