Malware and spyware pushers do not want you to disable or delete their parasitic programs, so they do their best to hide them. One of the ways they try to accomplish this is by setting the file attributes to system, hidden, and read-only. But Windows Explorer allows you to see these if you set it to show all files, right? Well, yes and no; Windows continues to hide some critical startup files from you so you can’t delete them by mistake and hose your system. The baddies exploit this feature to hide their files from you so you can’t delete them intentionally and disable their junkware, but there is a simple commmand line tool you can use to defeat the buggers.

The DOS attrib command (here’s a good description) will let you see the offending files, change their attributes, and delete them. But first, you have to find them. Go to a command prompt and make sure you are in the root (c:\) directory. Then, use the following command to locate all of the files that have all three attributes set on them:

attrib /s | find “SHR”

The string in quotes is what you are looking for and must be upper case. This will give you a file listing with items that resemble this:

SHR FOO.BAR C:\WINDOWS\SYSTEM32\foo.bar

Once you have identified the junk file you want to delete, you’ll need to remove all its attributes. Use this command:

attrib -s -h -r [drive:][path][filename]

Now you can delete the file(s).