How to Remove Virus Using CMD in Windows 11 or 10

Published by Nyau Wai Hoe - Updated on

Viruses and malware have always posed a threat to computer systems, seeking to exploit, damage, or access sensitive data without user consent. While a multitude of antivirus programs exist to counteract these threats, there are occasions where users may need to manually address a specific file or directory they suspect to be infected. It’s crucial to understand, however, that the method we’ll explore using the Command Prompt (CMD) in Windows 11 or 10 is geared towards pinpointing and removing already suspected files in specific directories, not towards scanning the entire system for viruses.

This approach should be seen as a complementary measure rather than a replacement for standard virus scans. In fact, every Windows user should prioritize a thorough system scan using Windows Defender, or a reputable third-party antivirus, as their primary line of defense against malicious software. With that understanding, we’ll move on to the steps and details of using CMD to tackle suspected viruses manually in Windows.

How to Remove Virus Using CMD in Windows 11 or 10

Why use Command Prompt for manual virus removal?

Before jumping into the steps, it’s vital to understand the rationale behind using CMD for manual virus removal. The Command Prompt offers a direct interface to interact with the operating system and its file system. In situations where a particular malware might hinder the operation of standard antivirus software, or if the malicious file isn’t yet recognized by virus definitions, CMD can be a handy tool. It allows users to directly navigate to and modify attributes of suspected files, making their removal easier.

However, this method requires a certain level of technical proficiency and a keen understanding of what’s being done, as incorrect commands can unintentionally harm the system.

Also see: How to Scan an .exe File for Viruses to Check If It’s Safe

Prerequisites before deleting virus files with CMD

Before attempting to delete any file using Command Prompt, whether it’s a virus or not, there are some essential things you need to know:

  1. Backup important data: Always ensure that you’ve backed up critical data from your computer. Delving into the system with CMD involves risks, and it’s always wise to have a copy of essential files stored elsewhere.
  2. Identify the suspect: This method isn’t about blindly searching for viruses; it’s about targeting specific suspicious files or directories. Ensure you’ve identified the potential culprits, perhaps from irregular system behavior or a tip from another scanning tool.
  3. Safe mode: It’s often beneficial to boot your computer in Safe Mode when trying to remove viruses. Safe Mode starts the system with a minimal set of drivers and services. Malware, especially the stubborn kind, often finds it harder to operate or protect itself in this mode.Enter Safe Mode Windows 11
  4. Administrator rights: Ensure you have administrator rights on your computer. You’ll need these privileges to execute certain commands and to alter file attributes.
  5. Knowledge is key: If you’re uncertain about a command or a step, it’s better to pause and research or consult with someone knowledgeable. A wrong command can lead to unwanted consequences.

Common virus: What is Trojan:Win32/Casdet!rfn and How to Remove it

Steps to remove virus files using CMD in Windows 11/10

Once you’ve understood our objective and are aware of the risks, below are the steps to forcefully remove a virus file using CMD in Windows 11 or 10.

  1. Launch CMD with administrator rights:
  2. Navigate to the suspected directory:
    • Once inside CMD, you’ll often start in the default user directory. Use the “cd” command (change directory) to navigate. For instance, cd Downloads will take you to your Downloads folder. Learn more: How to change directory or drive in CMD.
    • To move up a directory level, type cd ...Change directory to suspected virus folder
  3. Display files and directories:
    • Type “dir” to display the list of files and directories in your current location. This is especially useful if you’re not entirely sure about the file’s name you’re targeting.
    • Use dir /a to display all files, including hidden ones. Malicious files often hide themselves to avoid detection.Remove Virus using Command Prompt
  4. Modify file attributes:
    • If you’ve identified a suspicious file, you may want to change its attributes to make it more manageable. Use the “attrib” command for this.
    • For example, if a file named “autorun.exe” is set to hidden and read-only, you can remove these attributes by typing attrib -h -r autorun.exe.Command line to unhide virus or malware files
    • This makes the file visible and allows modifications.
    • Related resource: How to Unhide a File or Folder in Windows 11
  5. Delete the suspected file:
    • Once you’re certain that the file in question is malicious, and you’ve taken necessary backups, use the “del” command to remove it. For example, del autorun.exe.
    • You can also use the command: del /F /Q autorun.exe. Here, “/F” forces the deletion of read-only files, and “/Q” stands for “quiet mode,” which won’t ask for confirmation when deleting files.Delete virus using CMD in Windows 11 or 10
    • If you encounter an error stating the file is in use, you might need to restart your computer in Safe Mode and repeat the steps. In Safe Mode, most non-essential programs and services don’t run, increasing the chances of successful deletion.
    • Learn more: How to Force Delete a File in Use by Another Program on Windows 11/10
  6. Inspecting startup programs:
    • As previously mentioned, many malicious programs try to embed themselves in the system’s startup sequence. You can check for such entries using the “wmic” command.
    • Type wmic startup list full. This will display all the programs that initiate on Windows startup. If you find a suspicious entry, note down its location.Show all startup programs and services using CMD
    • See also: How to Disable Startup Services on Windows 11 or 10
  7. Clean temporary directories:
    • Malware often resides or keeps copies in temporary directories. It’s a good practice to clean them out periodically.
    • Navigate to the temp directory using cd %temp%.
    • Type del *.* to remove all files. Remember, this deletes all temporary files, which are generally safe to remove, but exercise caution.Delete all temp files using CMD in Windows 11
    • Useful tip: How to Delete a Ghost File or Folder in Windows 11/10

Emphasizing again: While CMD can be a potent tool against specific threats, it’s not a comprehensive solution. Regular scans with Windows Defender or a trusted third-party antivirus should always be the primary defense strategy against malware.


The Command Prompt, with its direct and powerful interface, offers a unique way to tackle suspected malware and virus that might be eluding standard antivirus software. However, its strength is also its challenge. The potential for accidental system damage or data loss is real, and users must always be meticulous in their approach.

Nyau Wai Hoe
Nyau Wai Hoe is the Founder and Chief Editor of With a degree in software engineering and over 12 years of experience in the tech support industry, Nyau has established himself as an expert in the field, with a primary focus on the Microsoft Windows operating system. As a tech enthusiast, he loves exploring new technologies and leveraging them to solve real-life problems.

Share via
Copy link