How to manually remove an infected file from your computer

http://blog.csdn.net/pipisorry/article/details/41258577

How to manually remove an infected file from your computer

In order to manually remove an infected item from your computer you need to perform the following steps:

1. Restart the computer in Safe Mode. You can do that, by following the steps in our article, here. 

2. Display hidden objects in Windows; information on how to display the hidden object can be found here.

3. Locate and delete (right click on the file > delete) the infected file. In our example the infected file is:

C:\\test\\eicar.com.txt

 

4. After you do this, you can restart the computer in Normal Mode.

Please run a Bitdefender System Scan to be sure the computer is clean.

 

 Important; We recommend manually deleting an infected file only if you are sure the file isn't an important operating system file. Deleting a system file may result in the malfunction of your operating system. If you are not sure about the file, please contact the Customer Care Department. 

 

 

Most common types of files you could encounter and can be safely deleted:

 

I.  Temporary Files

The Temporary files are usually recognized as follows:

•   .tmp files found on C:\\, C:\\Windows, C:\\Windows\\temp, etc.
•   files found in the locations:

               C:\\Windows\\Temp

 

               C:\\Documents and Settings\\Local Settings\\Temp(for Windows XP)

 

               C:\\Users\\AppData\\Local\\Temp(for Windows Vista/7)

 

Note: The system drives where the primary boot volume and OS are. So if you install it to the default it will be C:\\ drive; else please modify the paths accordingly.

 

For more details and step by step instructions please check the KB article How to clean infected Temporary Files.

 

II.  Temporary Internet Files

A temporary Internet file is a file that is located on your hard drive that a browser uses to store Web site data for every Web page or URL address that you visit. When the Web server sends the Web page files to the browser, they are stored in a file so that the next time you visit the same Web site the browser takes the data from the temporary Internet file. Loading the Web site in this way from a temporary Internet file is called caching.

 

The Temporary Internet Files can be found in different locations depending on the internet browser:

 

For Internet Explorer: the folder is …user’s profile...\\Temporary Internet Files

For Mozilla Firefox: ….user’s profile…\\Mozilla\\Firefox\\Profiles\\xxxxxx.default\\cache

Very similar for other browsers:

For Google Chrome: ….user’s profile…\\Google\\Chrome\\User Data\\Default\\Cache

For Safari: ….user’s profile…\\Apple Computer\\Safari\\cache.db

For Opera: ….user’s profile…\\Opera\\Opera\\cache

 

For more details about the exact locations and how to delete temporary internet files check this  this article .

 

 

III. Files located in System Volume Information

Check this KB article to learn how to clean system restore points from System Volume Information

 

IV. Email archives which cannot be repacked by Bitdefender

For more details and how to clean them please check this article.

 

V. For files located on optical devicessuch as CDs, DVDs, Blue-Ray Discs

Unfortunately, these files cannot be cleaned since modify/delete actions are not permitted on this kind of storage devices. You can rest assured that, if you still want to use the respective device, Bitdefender On-Access Scanning will protect your PC from any attack. However, we recommend you to take safety measures or not using the device at all on computers with no up to date security solution installed.

 

VI. For files located on network storages, NAS,  network shares, mapped network drives, etc.

There are several reasons for Bitdefender not being able to clean the respective files such as: you only have read permissions on the respective network share/storage, therefore no actions can be taken due to limited privileges or the network share has a different operating system not supported by your Bitdefender virus engines. You can rest assured that, if you still want to access this share, Bitdefender On-Access Scanning will protect your PC from any attack.

 

VII. For tmp.ebd files

In order to remove the infected objects from your computer you need to reset the Windows Update and Windows Search services by following these steps:

  - Temporarily disable the Bitdefender On-Access Scanning from Bitdefender > Settings > Antivirus > Shield tab > use the ON/OFF switch for On-Access Scanning

  - Go to Start > run… (for Windows XP) or Start > click on the Search box (for Windows Vista/7), type services.msc and hit Enter;

  - Locate the Windows Update service, right click on the entry and choose Restart from the dropdown menu;

  - Locate the Windows Search service and restart it as well;

  - Reboot the PC and check if the issue reoccurs.

from:http://blog.csdn.net/pipisorry/article/details/41258577

ref:http://www.bitdefender.com/support/how-to-manually-remove-an-infected-file-from-your-computer-1312.html