English Suomi Svenska Deutsch Français Italiano Japanese

  
 
home
support issues.gif
virus-probs.gif
documentation
downloads
Online Services
contact us

home users

Virus Removal Support
Detect and Disinfect

How to Manually Remove Malware That Cannot be Disinfected

With default settings, F-Secure Anti-Virus product tries to disinfect the infected file. If the file is, e.g. a Worm, Trojan or Backdoor, it cannot be disinfected. Instead, the file needs to be removed. By default, if the disinfection of the file fails, the file is renamed. For example, if you try to disinfect "EICAR.COM" file and disinfection fails, the file name after the rename operation is "EICAR.0OM" (C was replaced by a zero). You may try to remove the renamed file manually using Windows Explorer.

In some cases, the product might be configured so that the real-time scanner scans all files, and then you cannot remove the renamed file manually since Anti-Virus product is blocking the access to that file.

Removing infected files

You have a few options on how to remove the infected file.

  1. You can change your product's Manual Scanning settings:
      "Action to take on infected files = Ask after scan"

  2. You can change your product's Real-Time protection settings:
      "Scanning Options = Scan Files With These Extensions"

  3. You may disable real-time protection temporarily:
      Uncheck "Enable Real-Time Protection" check box

  4. You may Unload F-Secure products temporarily:
      Right click blue F-icon and select Unload F-Secure Products

Option 1: If you change product manual scanning settings to "Action to take on infected files = Ask after scan", after running manual scanning, the product will ask what to do with infected files once the scan has finished. Then you may select REMOVE.

Option 2: If you change real-time scanner settings to "Scanning Options = Scan Files With These Extensions", you may delete renamed files (for example EICAR.0OM) manually in the Windows Explorer.

Option 3: If you disable real-time protection, you may delete renamed files (for example EICAR.0OM) manually in the Windows Explorer. Please remember to enable the protection once the file has been removed.

    Note: Please notice also that if you disable real-time protection, F-Secure Anti-Virus is not protecting your computer until you enable the protection again.

Option 4: If you unload F-Secure products, you may delete renamed files (for example EICAR.0OM) manually in the Windows Explorer. Please remember to enable the protection once the file has been removed.

    Note: Please notice also that if you unload F-Secure products, other product components (such as Firewall) will be unloaded also and your computer is not protected until you reload the F-Secure products.