How To Find and Delete a File

How To Find And Delete A File

Method #1: There are several ways to find and delete files, especially when your system is infected with malware. After killing one of the active processes, sometimes windows will refuse to delete the file in question. One trick to getting windows to relenquish control of the file while you’re still in normal mode is to try renaming or moving the file. Sometimes this will force windows into unlocking the file, allowing it to be deleted. The first method (and most user friendly method) to finding a file is to use the windows default search, which is available from Start>Search>Files and Folders… The user can search for a specific file or files, and even base the results on the text found within the file itself. Unless the file in question is a system file, generally speaking, the file should be able to be deleted with relative ease. To delete the file, you can either hit the delete button, or right click on the file and select the delete option. Below is a screenshot of the application.

Method #2: The next method to deleting a file, and specifically during a malware infection, involves using the windows commandline. The reason we will be looking at this method is that sometimes malware will start even during safemode, which will at some point require you to boot up with only the command prompt at your disposal. While the command prompt may be daunting at first to some, it’s actually quite easy to learn and will always prove to be a valuable piece of knowledge to have. To search for a file, you must use the “dir” command, but first we will examine the parameters for it:

Displays a list of files and subdirectories in a directory.

DIR [drive:][path][filename] [/A[[:]attributes]] [/B] [/C] [/D] [/L] [/N]

[/O[[:]sortorder]] [/P] [/Q] [/S] [/T[[:]timefield]] [/W] [/X] [/4]


Specifies drive, directory, and/or files to list.

/A          Displays files with specified attributes.

attributes   D  Directories                R  Read-only files

H  Hidden files               A  Files ready for archiving

S  System files               –  Prefix meaning not

/B          Uses bare format (no heading information or summary).

/C          Display the thousand separator in file sizes.  This is the

default.  Use /-C to disable display of separator.

/D          Same as wide but files are list sorted by column.

/L          Uses lowercase.

/N          New long list format where filenames are on the far right.

/O          List by files in sorted order.

sortorder    N  By name (alphabetic)       S  By size (smallest first)

E  By extension (alphabetic)  D  By date/time (oldest first)

G  Group directories first    –  Prefix to reverse order

/P          Pauses after each screenful of information.

/Q          Display the owner of the file.

/S          Displays files in specified directory and all subdirectories.

/T          Controls which time field displayed or used for sorting

timefield   C  Creation

A  Last Access

W  Last Written

/W          Uses wide list format.

/X          This displays the short names generated for non-8dot3 file

names.  The format is that of /N with the short name inserted

before the long name. If no short name is present, blanks are

displayed in its place.

/4          Displays four-digit years

Switches may be preset in the DIRCMD environment variable.  Override

preset switches by prefixing any switch with – (hyphen)–for example, /-W.

Also keep in mind that during malware infections, some of the files are hidden from normal search parameters. This is why it’s important to use the /A HS option. /S searches all subdirectories, and /T is used to search for files created, accessed or written to within a certain time frame. While /T may be handy, a file’s timestamp can be easily forged or altered, so it’s best to use the /S parameter when searching for a particular file instead. Below is an example of how to use the dir command from the command prompt.

dir asdf.* /s /a hs

Once the location of the file is found, there are two ways to go about deleting the file. The first is simply typing the location, along with the file name using the del command. Which will be shown below.

del c:\temp\asdf.exe

The second method of doing this is to navigate to the folder using the cd command. This is helpful if there are multiple files located within that particular directory. A short example of this combination of commands is shown below.

cd temp

del asdf.exe

Both of these approaches are a matter of personal preference, and there is no “correct” approach to followed. As long as the file is deleted, that’s what matters, especially when removing an occurrence of malware.


There are really only two methods for searching a file, and a handful of ways to delete them. Aside from knowing exactly where the file location is, navigating to said location and deleting the file using windows explorer, both of the discussed methods are effective in getting rid of files. There are free programs on the internet that make the search process somewhat easier, but ultimately, they do the same thing as the windows search option or searching for files via the commandline. Either of these methods that you choose to implement will come in handy when removing malware, or just clearing out junk data manually.