How to Delete Infected
Files That Are Not Cleaned Automatically
In this example we are using EICAR.COM and F-Secure Internet Security 2007 to demonstrate how to delete an infected file that is not cleaned automatically. The F-Secure Anti-Virus product that you are using may look a bit different. Nevertheless, you can still use the same general procedure to delete an infected file.
Warning! If the F-Secure antivirus product detects infected messages inside e-mail database
files, do not select the Delete action nor any other disinfection action because you may accidentally delete all your e-mails. The e-mail databases can have extensions, such as .dbx, .pst, or .mbx (for Microsoft Outlook or Outlook Express e-mail clients) or they can be named as INBOX, SENT or TRASH (for Netscape / Mozilla e-mail clients). For more information on how to disinfect mailboxes, see How to clean an infected mailbox.
1. First, change the product settings so that
Disinfection Wizard pops up on infected files. If you use F-Secure
Anti-Virus or Internet Security 2004, this can be accomplished by
changing the virus protection profile to "High security" (this level
has "Ask after scan" as the default action). Below is a screenshot of
the setting.
This step can be done also by changing "Action to
take on infected
files" in real-time scanning settings to "Ask after scan". This setting
is found under Advanced settings.
2. Download the EICAR.COM or create it by hand
using information on page http://www.f-secure.com/virus-info/eicar_test_file.shtml
3. After you have saved the file to your hard
disk, a screen similar to
following comes up. Select "I want to decide file by file" in this case
4. On the next screen, you should see the infected
files list. Make
sure that the correct file is selected, change "Action to take" to
"Delete"
In this step, if you have for example many files
under "Temporary
Internet Files" folder, easiest way is just to select all files and
change the action to correct one.
5. After a while, on the next screen, you will
see what actually has been done. Just select "Next"
6. Now you have completed the Disinfection Wizard
and successfully deleted the infected file. Press "Finish" to end
7. Change your product settings back to normal.
NOTICE! If you download the EICAR.COM with your
web browser, you
typically get two Disinfection Wizards, one after another. This is
because the browser first saves the downloaded file to temporary
location (for example under C:\WINDOWS\TEMP or under "Temporary
Internet Files"), and only after this moves it to final location. This
temporary file is deleted automatically, so you will see "empty"
Disinfection Wizard screen like below:
If this happens, just go through the first
Disinfection Wizard like
normal. After you have completed this first one, the second
"Disinfection Wizard" comes up right after this.
Note also that the usage of the infected files
is prevented during the Disinfection Wizard procedure, so you don't
have to work in hurry.
|
