English Suomi Svenska Deutsch Français Italiano Japanese

  
 
home
support issues.gif
virus-probs.gif
documentation
downloads
Online Services
contact us

corporate users

How to remove malware manually?

Instructions on how to manually remove malware that cannot be disinfected.

Background

With default settings, F-Secure Anti-Virus product tries to disinfect infected file. If the file is for example a Worm, Trojan or Backdoor, the file cannot be disinfected and the file needs to be removed. By default, if the disinfection of the file fails, the file is renamed. For example, if you try to disinfect "EICAR.COM" file and disinfection fails, the file name after rename operation is "EICAR.0OM" (C was replaced by zero). You may try to remove that renamed file manually using Windows Explorer.

In some cases, the product might be configured so that real-time scanner scans all files and then you cannot remove the renamed file manually since Anti-Virus product is blocking the access to that file.

Removing infected files

You have few options on how to remove that infected file.

    1. You can change your product's Manual Scanning settings:
      "Action to take on infected files = Ask after scan"

    2. You can change your product's Real-Time protection settings:
      "Scanning Options = Scan Files With These Extensions"

    3. You may disable real-time protection temporarily:
      Uncheck "Enable Real-Time Protection" check box

    4. You may Unload F-Secure products temporarily:
      Right click blue F-icon and select Unload F-Secure Products

Option 1: If you change product manual scanning settings to "Action to take on infected files = Ask after scan", after running manual scanning the product will ask what to do with infected files after the scan has finished. Then you may select REMOVE.

Option 2: If you change real-time scanner settings to "Scanning Options = Scan Files With These Extensions", you may delete renamed files (for example EICAR.0OM) manually using Windows Explorer.

Option 3: If you disable real-time protection, you may delete renamed files (for example EICAR.0OM) manually using Windows Explorer. Please remember to enable the protection after removing the file.

    NOTE: Please notice also that if you disable real-time protection, F-Secure Anti-Virus is not protecting your computer until you enable the protection again.

Option 4: If you unload F-Secure products, you may delete renamed files (for example EICAR.0OM) manually using Windows Explorer. Please remember to enable the protection after removing the file.

    NOTE: Please notice also that if you unload F-Secure products, other product components (such as Firewall) will be unloaded also and your computer is not protected until you reload F-Secure products.