Recover Files Deleted by a Virus

How to Recover Files Deleted by a Virus In a Few Simple Steps

Last updated:
Rating: 5.0 / 5
Votes: 1

No robots used, our articles are crafted by humans under strict Editorial Guidelines.

Written by Manuviraj Godara Manuviraj Godara Staff Writer • 65 articles Manuviraj Godara recently joined the staff writers team at Handy Recovery Advisor, having initially contributed as a writer in 2021. His primary expertise lies in resolving data issues on Windows machines, and he has recently begun to explore Apple-related topics. LinkedIn Approved by Andrey Vasilyev Andrey Vasilyev Editor Andrey Vasilyev is an Editorial Advisor for Handy Recovery. Andrey is a software engineer expert with extensive expertise in data recovery, computer forensics, and data litigation. Andrey brings over 12 years of experience in software development, database administration, and hardware repair to the team. LinkedIn

A leading cause of data loss in computers is malware infections. In addition to wiping out your data, some types of malware can indirectly cause data loss (i.e. ransomware). If you’ve been a victim of malware-induced data loss, there’s no need to panic, because it is possible to recover files deleted by a virus. Learn how, by reading the sections below.

Computer Viruses Explained

There are several types of computer viruses that affect your PC and your data in different ways. Some viruses may not even impact your data at all. It’s essential to know and differentiate between computer viruses.

Can a Computer Virus Delete Files?

Absolutely, computer viruses can delete, corrupt, or modify your files. Viruses do this in ingenious ways. An example could be ransomware that encrypts your files until you pay a certain fee to the hacker to unlock your data. Some viruses delete files as soon as you click on them, and so forth. There are also cases in which a virus simply wipes out the entirety of your hard disk drive.

How to Identify the Type of Virus You’re Dealing With?

The terms ‘virus’ and ‘malware’ are often substituted for each other, but they are quite different. A virus is a specific type of malware that usually self-replicates and performs the malicious actions it was programmed to do. There are different types of viruses, defined by how they infect the host and what they do:

  • Polymorphic Virus: A difficult-to-detect virus that slightly changes or morphs its code after each infection. Polymorphic Viruses use complex mutation engines to constantly modify their code, encrypt it, and constantly change the encryption key. This is what makes these viruses so tough to detect.
  • Macro Virus: Embedded into the macro-instructions of programs such as Excel or Word, Macro Viruses used to be the dominant form of computer viruses, until Microsoft disabled macros by default in MS Office 2000. The damage that a macro virus can do ranges from modifying the infected documents to accessing your email and sending out infected copies of the documents to all your contacts.
  • Browser Hijacker: Browser hijacker viruses essentially modify your browser’s settings without your permission. They can redirect your searches to another website, install toolbars without your permission, and display multiple advertisement pop-ups.
  • Resident Virus: A resident virus will attach itself to the computer’s memory, allowing it to damage and infect all applications that are run by the computer. There are two primary subtypes of resident viruses–fast infectors and slow infectors. The former does a lot of damage quickly, and thus, is relatively easier to detect. The latter slowly infects and damages your programs to the point of being barely noticeable.
  • File Infector Virus: File infector viruses typically infect the executable (.exe) files. As soon as the infected file is executed, the virus may overwrite the original file and spread it to other applications on the host computer. File infecting viruses can make your computer unusable and spread really quickly. In some cases, they can be self-executable too.
  • Boot Sector Virus: A boot sector virus infects the master boot record (MBR) or the boot partition of a computer’s hard disk drive. After infection, the malware executes as soon as you boot your PC before security measures can be loaded.
  • Spacefiller Virus: Also referred to as cavity viruses, spacefiller viruses occupy the empty space packets in a file, and therefore the infected file’s size remains the same. This also makes them very difficult to detect and remove.
  • Web Scripting Virus: A web scripting virus infects your computer by exploiting the vulnerabilities in your web browser. Once it infects your PC, a web scripting virus can self-replicate, steal your browser cookies, and steal other personal information.

Beyond viruses, there are various other types of malware, based on how they execute and infect your PC. Here is a table that explains common types of malware and what they do:

Types of Malware

What It Does


It blocks a victim’s device and demands a ransom to regain access.

Worms malware

It can replicate itself without human interaction and spread through a network.

Trojans malware

It can disguise itself as a genuine file or software.

Fileless Malware

It uses existing software or applications on your computer to run malicious actions.

Wiper Malware

The purpose of this virus is to erase all data without the possibility to restore it.


It collects and steals a victim’s data without his knowledge.


It tracks and records all the input information from the victim’s keyboard.


It grants remote access to a victim’s device without his knowledge.


This is a type of malware that uses pop-ups and banners to get the victim to share data or install malware.

Bots or botnets

They are used for massive attacks to gain data, remote access, or traffic overload.

Scenario #1: How to Recover Files Deleted by a Virus on a Cleaned PC

The first step, when trying to recover files deleted by a virus on your computer, is to make sure you’ve scanned your PC and removed the virus deleting files from your computer. If not done, even if you’re able to recover your files, they will simply be deleted again. Read the section on malware removal in this article to know more about this. If you have already done this, here is how to proceed further to recover your files.

Data recovery software is the only way to recover deleted documents, images, videos, and more, after a virus attack. Disk Drill is a well-reviewed program, that is adept at recovering your files. It supports a wide variety of file systems, and storage device types, making it really versatile. Furthermore, Disk Drill’s clean, easy-to-use UI ensures that new users aren’t overwhelmed and can perform data recovery within a few clicks.

Here are the instructions on how to recover data deleted by a virus using Disk Drill:

  1. Download Disk Drill and install the program.
  2. Open Disk Drill and select the partition or drive that contained the files deleted by the virus. Click on Search for lost data to begin the data recovery scan.Search for lost data option in Disk Drill.
  3. You can click Review found items to view the recoverable files in real-time, or wait for the scan to complete. You can directly click on the file type on this screen to directly view recoverable videos, music, documents, archives, and images.Review found items screen in Disk Drill.
  4. Select the files you want to recover. Remember, you can either click on the eye icon or simply double-click the file to see a preview of almost all file types such as JPG, TXT, and more. Disk Drill also mentions the recovery chances next to each file. After selection, click on Recover.List of recoverable files in Disk Drill.
  5. Choose a recovery destination for the files, and click on OK.Choose recovery destination screen in Disk Drill.
  6. Disk Drill will recover the files to the selected location.Data recovery complete screen in Disk Drill.

Scenario #2: How to Recover Files Deleted by a Virus on a Soft-Infected Computer

If your computer has been infected by a relatively benign virus, i.e. one that has not rendered your computer completely unusable, you can remove the virus and then perform data recovery. In this section, we’ll explore how to remove a virus from your computer and then get back these recently deleted files.

This is a 4-step process:

Step #1: Scan Your System With Windows Defender

Windows has an in-built antivirus program in place, called the Windows Defender. While it has real-time protection, it may not be able to detect all the threats that infect your computer in real-time. Thus, it’s recommended that you run a full system scan using Windows Defender.

Here is how you can do this:

  1. Press Windows Key + S, and type “virus and threat protection.”
  2. Click on the Virus & threat protection option from the search results.Virus and threat protection in Windows Search
  3. On the next window, click on Scan options under Current Threats.Scan options in Windows Defender.
  4. Now, select the Full Scan option and click on Scan now. Windows Defender will scan your entire PC for viruses. It may take a long time and your computer will sluggish while the scan is underway. It’s also advisable to perform a Microsoft Defender Offline scan in addition to the Full Scan.Full Scan option in Windows Defender.

Step #2: Scan Your System With 3rd Party Antivirus Software

While Windows Defender is quite capable on its own, it may not be able to detect all the threats on your PC. To be on the safer side, scan your computer with a good third-party antivirus solution too. You can use one of the many free third-party antivirus programs like Avast Antivirus, Malwarebytes, etc.

Check the developer’s website for details on how to perform a full antivirus scan using that particular program. The process may differ slightly across different software. Additionally, if your computer has been infected by ransomware, it’s recommended you check the website of antivirus programs for the latest version of ransomware decryptors.


There’s one last thing that you should do before moving on to data recovery–check whether your files are deleted or simply hidden from your view. More on it in the next section.

Step #3: Try to Recover Hidden Files From Virus Infected USB/PC Using CMD

In many instances, the virus may not wipe out the information on your drive, but simply hide it from your view. The best way to tackle this is to recover virus-infected files using the CMD. Don’t worry if you’re not acquainted with CMD, the instructions are simple enough for all users to follow:

  1. Type cmd in Windows Search (Windows Key + S). Right-click on Command Prompt > Run as administrator.
  2. In the CMD console, type cd\ and press Enter.The cd\ command in the Command Prompt console.
  3. Now, type the drive letter followed by a colon (:) from which you want to check for and unhide files. Press Enter. In our case, it’s a flash drive with the G: letter assigned to it.Drive letter in Windows Command Prompt.
  4. Type dir/ah in the console and press Enter. This will display all the hidden files and directories that CMD found in the selected drive. In our case, Command Prompt didn’t find any hidden files or directories, thus there is nothing listed. If CMD finds hidden files in your case, move on to the next step.List hidden files command (dir/ah) in the Command Prompt console.
  5. Lastly, to unhide all the discovered files, type attrib *. -h -s /s /d and press Enter. CMD will unhide them. Note that the Command Prompt may seem stuck during the process, but it’s not. Simply wait it out.The unhide command in Command Prompt.

Step #4: Recover Missing Files with Data Recovery Software

In case you’re not able to find your files after performing all the steps in the sections above, you’ll have to scan the drive using data recovery software.

Scenario #3: How to Recover Data from a Hard-Infected PC

Recovering your data after a severe virus attack may not be possible at home, especially if it’s infected by ransomware. You may even cause further data loss if you keep tampering with your PC.


A hard-infected PC may not be able to boot up properly, become unusable, or you may be locked out of your data because of ransomware. In these cases, DIY data recovery is usually not possible, and it’s recommended you do the following instead:

  1. Disconnect your storage drive and any LAN cables. Make sure your computer cannot connect to the internet.
  2. Inform your colleagues, friends, and family not to open any suspicious links sent from your email account or any other messaging service.
  3. Contact a data recovery service and inform them of your situation. Here is a list of the best data recovery services, to make your job easier.

How to Prevent a Virus From Deleting Files On Computer In the Future?

The best lesson you can take away from a virus attack is to learn how to prevent it in the future. With the help of a few basic steps, you can protect your data and your computer from any sort of virus attack. Here are some tips to follow:

  1. ✅ Keep your OS and antivirus updated.
  2. 💪 Use strong passwords on all your web accounts.
  3. 💽 Regularly back up your data.
  4. ❌ Avoid pirating software, video games, music, and movies.
  5. 🖥️ Perform regular full scans of your PC.
  6. 🧱 Use a firewall and never open random links sent via emails.


How can I recover my deleted photos from the virus?

You can easily recover deleted photos from the virus-infected hard drive using these steps:

  1. Scan and remove the virus.
  2. Download Disk Drill and install it.
  3. Open Disk Drill, select the drive and click Search for lost data.
  4. Click the Pictures option.
  5. Select the photos you want to recover and click Recover.

How to recover deleted files after a virus scan?

To recover files deleted after a virus scan, you can open the quarantine folder within the antivirus software. Here are some guides on how to recover deleted files after a virus scan by popular antivirus software such as Norton Antivirus, Windows Defender, and Avast Antivirus.

If you cannot locate the files there, you’ll need to use Disk Drill or other data recovery programs to get back your data.

How to recover virus infected files using CMD?

Here is how you recover virus-infected files using CMD:

  1. Launch CMD as administrator.
  2. Type cd\ and press Enter.
  3. Now type the relevant drive letter followed by a colon (:). Example: G:.
  4. Type dir/ah and press Enter.
  5. Enter attrib *. -h -s /s /d and press the Enter key. CMD will restore the hidden files.

How to recover ransomware infected files?

To recover ransomware-infected data, use the latest ransomware decryptor from popular antivirus programs’ websites. If that’s not possible, contact a data recovery service to get back your data for you.

How to recover files affected by the trojan virus?

Depending on the severity of the Trojan infection, you can either use antivirus software to find and remove the virus and subsequently scan your drive using data recovery software. In case of a hard infection, you’ll probably need to make use of a professional data recovery service.

Can I recover files corrupted by the virus online?

To recover files corrupted by the virus, you’ll have to download and install a data recovery program, then scan the affected drive. It cannot purely be done using online-only software.

Is it safe to copy files from a virus infected computer?

It’s not safe to copy info from a virus-infected computer since the virus could spread to the other computer too. First, remove the virus, then copy the information to another computer.


Virus infection is best prevented, but despite taking all the precautions, your storage drive may still suffer data loss due to malware. To summarize, we have analyzed how to detect the virus, remove it, and then restore the deleted files. We hope this article was useful and helped you recover your data.

About article

This article was written by Manuviraj Godara, a Staff Writer at Handy Recovery Advisor. It was also verified for technical accuracy by Andrey Vasilyev, our editorial advisor.

Curious about our content creation process? Take a look at our Editor Guidelines.

How do you rate the article? Submitted:
Current article rate: 5 1 vote