English Suomi Svenska Deutsch Français Italiano Japanese

  
 
home
support issues.gif
 virus-probs.gif
documentation
downloads
Online Services
contact us

home users

Virus Removal Support

Detect and Disinfect

How to Delete Infected Files That Are Not Cleaned Automatically

In this example we are using EICAR.COM and F-Secure Internet Security 2007 to demonstrate how to delete an infected file that is not cleaned automatically. The F-Secure Anti-Virus product that you are using may look a bit different. Nevertheless, you can still use the same general procedure to delete an infected file.

Warning! If the F-Secure antivirus product detects infected messages inside e-mail database files, do not select the Delete action nor any other disinfection action because you may accidentally delete all your e-mails. The e-mail databases can have extensions, such as .dbx, .pst, or .mbx (for Microsoft Outlook or Outlook Express e-mail clients) or they can be named as INBOX, SENT or TRASH (for Netscape / Mozilla e-mail clients). For more information on how to disinfect mailboxes, see How to clean an infected mailbox.

1. First, change the product settings so that Disinfection Wizard pops up on infected files. If you use F-Secure Anti-Virus or Internet Security 2004, this can be accomplished by changing the virus protection profile to "High security" (this level has "Ask after scan" as the default action). Below is a screenshot of the setting.

This step can be done also by changing "Action to take on infected files" in real-time scanning settings to "Ask after scan". This setting is found under Advanced settings.

2. Download the EICAR.COM or create it by hand using information on page http://www.f-secure.com/virus-info/eicar_test_file.shtml

3. After you have saved the file to your hard disk, a screen similar to following comes up. Select "I want to decide file by file" in this case

4. On the next screen, you should see the infected files list. Make sure that the correct file is selected, change "Action to take" to "Delete"

In this step, if you have for example many files under "Temporary Internet Files" folder, easiest way is just to select all files and change the action to correct one.

5. After a while, on the next screen, you will see what actually has been done. Just select "Next"

6. Now you have completed the Disinfection Wizard and successfully deleted the infected file. Press "Finish" to end

7. Change your product settings back to normal.

NOTICE! If you download the EICAR.COM with your web browser, you typically get two Disinfection Wizards, one after another. This is because the browser first saves the downloaded file to temporary location (for example under C:\WINDOWS\TEMP or under "Temporary Internet Files"), and only after this moves it to final location. This temporary file is deleted automatically, so you will see "empty" Disinfection Wizard screen like below:

If this happens, just go through the first Disinfection Wizard like normal. After you have completed this first one, the second "Disinfection Wizard" comes up right after this.

Note also that the usage of the infected files is prevented during the Disinfection Wizard procedure, so you don't have to work in hurry.