Manual removal of infected files
Posted by Gunnar Þór Jónsson on 09/04/2013 14:53

How do I manually remove infected files?


You should be able to remove an infected file by deleting it.

Our programs will give the path of the infected file when it is detected.

If our programs detect the file but can not disinfect it, try to delete the file.  This is the easiest way to "clean" your PC.  If the file can not be deleted in Normal Mode, try deleting it in Safe Mode.

This can be done by finding the infected file, but you may have to stop the running process associated with it.

Hit Ctrl-Alt-Delete, click Task Manager, and click Processes.

Look for any processes that look out of the ordinary (all caps, numbers and letters, ect). Some are tricky in their naming and may look like a valid process but may have different capitalization or be misspelled.  You can look up anything that looks suspicious in a web search engine to see exactly what they are. (CASE matters)

A program available free from Microsoft to assist with this is Process Explorer. You can download it from here. More information on the program can be found here.

If you find a suspicious file or notice suspicious behavior of your PC and our programs do not detect it, it should be submitted to our Virus Lab.  Detailed instructions on how can be found in our knowledgebase.  Search for keyword "submit" 

We always recommend installing Windows Updates, as many updates are security related and patch "security vulnerabilities" in your operating system.

If the infection is is shown to be in a RESTORE file, simply disable your System Restore. This will delete your Restore Points and any infected files that are contained within the Restore Point.

An antivirus scan can complete much faster if you delete your temporary files prior to scanning your hard drive.  Many infections download to your temporary internet files so cleaning them periodically is recommended.

F-PROT Antivirus and Command Anti-Malware are products of CYREN