locked
dos commands in win 7 RRS feed

  • Question

  • In win xp I used the search engine  and safe mode to remove malware.  If the malware was an .exe program I would do a search in the safe mode *.exe and it would list all the exe files , then I would delete the  malware exe file.  How do I do that in win 7 since there is no search engine.

    Sunday, March 27, 2011 5:21 PM

Answers

All replies

  • Use this 3rd party search:

    Agent Ransack - Free File Searching Utility

    http://www.mythicsoft.com/page.aspx?type=agentransack&page=home


    "A programmer is just a tool which converts caffeine into code"

    Want to install RSAT on Windows 7 Sp1? Check my HowTo: http://www.msfn.org/board/index.php?showtopic=150221
    • Marked as answer by Juke Chou Thursday, March 31, 2011 1:53 AM
    Sunday, March 27, 2011 7:00 PM
  • You do not even have to reboot in Safe Mode, just do:

    Start, Run: cmd

    c:

    dir/s   *.exe

    The system has a lot of .exe files so you need to know which is new and unknown.

    You can see if there was a new file created today (e.g. 01/13/2015--Check what is your date format by looking at the display from the DIR command):

    c:

    dir/s  *.exe>anyfile.txt  in XP it could be a file in the c: disk's root but later versions do not allow it.

    find  "01/13/2015"  anyfile.txt

    If you find a match, investigate if it could be a virus.

    You could create a record of all .exe files while you do not have a virus and compare later using the DIFF command:

    Diff   anyfile.txt   no-virus-file.txt

    ===========================================================

    I found that viruses "like" to hide in the normally hidden folder:

    C:\Documents and Settings\Administrator\Application Data   (in XP)

    C:\Users\Eva\AppData   (in Vista and after)

    Then you look in these folders:

    cd "C:\Documents and Settings\Administrator\Application Data"
    dir/s  *.exe>appfile.txt

    type appfile.txt

    There should not be any .exe file there.







    • Edited by evaziem Wednesday, January 14, 2015 4:16 PM
    Tuesday, January 13, 2015 9:36 PM