Scan Results

Virus/Malware Scan Results

Scan results display in the virus/malware logs. Take the necessary steps if virus/malware scan action was unsuccessful.

1. Scan action was successful when the following scan results display.

Scan Result

Explanation

Deleted

  • First action is Delete and infected file was deleted.

  • First action is Clean but cleaning was unsuccessful. Second action is Delete and infected file was deleted.

Quarantined

  • First action is Quarantine and infected file was quarantined.

  • First action is Clean but cleaning was unsuccessful. Second action is Quarantine and infected file was quarantined.

Cleaned

An infected file was cleaned.

Renamed

  • First action is Rename and infected file was renamed.

  • First action is Clean but cleaning was unsuccessful. Second action is Rename and infected file was renamed.

Access denied

  • First action is Deny Access and access to the infected file was denied when you attempted to open the file.

  • First action is Clean but cleaning was unsuccessful. Second action is Deny Access and access to the infected file was denied when you attempted to open the file.

Passed

  • First action is Pass. OfficeScan did not perform any action on the infected file.

  • First action is Clean but cleaning was unsuccessful. Second action is Pass so OfficeScan did not perform any action on the infected file.

  • Real-time Scan may not perform any action on files infected with a boot virus even if the scan action is Clean (first action) and Quarantine (second action). MORE >>

    Explanation: One of the specifications of Real-time Scan is to perform no action on boot viruses because attempting to clean a boot virus may damage the Master Boot Record (MBR) of the infected computer.

    Solution: Run Manual Scan so OfficeScan can clean or quarantine the file.

     

Passed a potential security risk

This scan result only displays when OfficeScan detects "probable virus/malware".

OfficeScan automatically uses Pass as the scan action when it detects probable virus/malware.

Refer to the Trend MicroVirus Encyclopedia for information about probable virus/malware and to submit suspicious files to Trend Micro for analysis.

 

2. Scan action was unsuccessful when the following scan results display.

Scan Result

Explanation

Unable to clean or quarantine the file.

 

Unable to clean or delete the file.

 

Unable to clean or rename the file.

Explanation: Clean is the first action. Quarantine/Delete/Rename is the second action, and both actions are unsuccessful.

Solution:

Refer to the following scan results below for solutions:

  • Unable to clean the file

  • Unable to delete the file

  • Unable to quarantine the file/Unable to rename the file

Unable to quarantine the file.

 

Unable to rename the file.

 

Explanation 1: The infected file may be locked by another application, is executing, or is on a CD. OfficeScan will quarantine/rename the file after the application releases the file or after it has been executed.

Solution: For infected files on a CD, consider not using the CD as the virus may infect other computers on the network.

 

Explanation 2: The infected file is in the Temporary Internet Files folder of the client computer. Since the computer downloads files while you are browsing the Web, the Web browser may have locked the infected file. When the Web browser releases the file, OfficeScan will quarantine/rename the file.

Solution: None

Unable to delete the file.

Explanation 1: The infected file may be contained in a compressed file and the Clean/Delete infected files within compressed files setting in Networked Computers > Global Client Settings is disabled.

Solution: Enable the Clean/Delete infected files within compressed files option. When enabled, OfficeScan decompresses a compressed file, cleans/deletes infected files within the compressed file, and then re-compresses the file.

  • Note: Enabling this setting may increase computer resource usage during scanning and scanning may take longer to complete.

 

Explanation 2: The infected file may be locked by another application, is executing, or is on a CD. OfficeScan will delete the file after the application releases the file or after it has been executed.

Solution: For infected files on a CD, consider not using the CD as the virus may infect other computers on the network.

 

Explanation 3: The infected file is in the Temporary Internet Files folder of the client computer. Since the computer downloads files while you are browsing the Web, the Web browser may have locked the infected file. When the Web browser releases the file, OfficeScan will delete the file.

Solution: None

Unable to clean the file.

Explanation 1: The infected file may be contained in a compressed file and the Clean/Delete infected files within compressed files setting in Networked Computers > Global Client Settings is disabled.

Solution: Enable the Clean/Delete infected files within compressed files option. When enabled, OfficeScan decompresses a compressed file, cleans/deletes infected files within the compressed file, and then re-compresses the file.

  • Note: Enabling this setting may increase computer resource usage during scanning and scanning may take longer to complete.

 

Explanation 2: The infected file is in the Temporary Internet Files folder of the client computer. Since the computer downloads files while you are browsing the Web, the Web browser may have locked the infected file. When the Web browser releases the file, OfficeScan will clean the file.

Solution: None

 

Explanation 3: The Virus Scan Engine does not clean the following files:

  • Files infected with Trojans: Trojans are programs that perform unexpected or unauthorized, usually malicious, actions such as displaying messages, erasing files, or formatting disks. Trojans do not infect files, thus cleaning is not necessary.

Solution: OfficeScan uses the Virus Cleanup Engine and Virus Cleanup Template to remove Trojans.

  • Files infected with worms: A computer worm is a self-contained program (or set of programs) able to spread functional copies of itself or its segments to other computer systems. The propagation usually takes place through network connections or email attachments. Worms are uncleanable because the file is a self-contained program.

Solution: Trend Micro recommends deleting worms.

  • Write-protected infected files

Solution: Remove the write-protection to allow OfficeScan to clean the file.

  • Password-protected files (for example, password-protected compressed files or password-protected Microsoft Word files)

Solution: Remove the password protection for OfficeScan to clean these files.

  • Backup files: Files with the RB0~RB9 extensions are backup copies of infected files. OfficeScan creates a backup of the infected file in case the virus/malware damaged the file during the cleaning process.

Solution: If OfficeScan successfully cleans the infected file, you do not need to keep the backup copy. If your system functions normally, you may delete the backup file.

  • Infected files in the Recycle Bin: OfficeScan may not remove infected files in the Recycle Bin because the system is running.

Solution: Delete infected files in the Recycle Bin. MORE >>

For computers running Windows 2000/XP/Server 2003 with NTFS File System:

  1. Log on to the computer with Administrator privilege.

  2. Close all running applications to prevent applications from locking the file, which would make Windows unable to delete it.

  3. Open the command prompt, and type the following to delete the files:

cd \

cd recycled

del *.* /S

The last command deletes all files in your Recycle Bin.

 

For computers running other Operating Systems (or NT platforms without NTFS):

  1. Restart the computer in MS-DOS mode.

  2. Open a command prompt, and type the following to delete the files:

cd \

cd recycled

del *.* /S

The last command deletes all files in your Recycle Bin.

  1. Restart your computer in normal mode.

 

  • Infected files in Windows Temp folder or Internet Explorer temporary folder: OfficeScan may not clean infected files in the Windows Temp folder or the Internet Explorer temporary folder because the computer uses them. The files to clean may be temporary files needed for Windows operation.

Solution:

Delete infected files in the Windows Temp folder. MORE >>

For computers running Windows 2000/XP/Server 2003 with NTFS File System:

  1. Log on to the computer with Administrator privilege.

  2. Close all running applications to prevent applications from locking the file, which would make Windows unable to delete it.

  3. Open the command prompt and go to the Windows Temp folder (located at C:\\Windows\Temp for Windows XP/Server 2003 computers and at C:\\WinNT\Temp for Windows NT/2000 computers by default).  

  4. Type the following to delete the files:

cd temp

attrib -h

del *.* /S

The last command deletes all files in the Windows Temp folder.

 

For computers running other operating systems (or those without NTFS):

  1. Restart your computer in MS-DOS mode.

  2. At the command prompt, go to the Windows Temp folder. The default Windows Temp folder in Windows XP/Server 2003 is C:\Windows\Temp. The default Windows Temp folder in Windows 2000 is C:\WinNT\Temp.

  3. Open the command prompt, and type the following to delete the files:

cd temp

attrib –h

del *.* /S

The last command deletes all files in your Windows Temp folder.

  1. Restart your computer in normal mode.

 

Delete infected files in the Internet Explorer temporary folder. MORE >>

For computers running Windows 2000/XP/Server 2003 with NTFS File System:

  1. Log on to the computer with Administrator privilege.

  2. Close all running applications to prevent applications from locking the file, which would make Windows unable to delete it.

  3. Open a command prompt and go to the Internet Explorer Temp folder (located in C:\\Documents and Settings\{Your user name}\Local Settings\Temporary Internet Files for Windows 2000/XP/Server 2003 computers by default).  

  4. Type the following to delete the files:

cd tempor~1

attrib -h

del *.* /S

The last command deletes all files in your Internet Explorer temporary folder.

 

For computers running other operating systems (or those without NTFS):

  1. Restart your computer in MS-DOS mode.

  2. At the command prompt, go to the Internet Explorer temporary folder. The default Internet Explorer temporary folder in Windows 2000/XP/Server 2003 is C:\Documents and Settings\{Your user name}\Local Settings\Temporary Internet Files.

  3. Type the following commands:

cd tempor~1

attrib –h

del *.* /S

The last command deletes all files in your Internet Explorer temporary folder.

  1. Restart your computer in normal mode.

 

 

 

Spyware/Grayware Scan Results

Scan results display in the spyware/grayware logs. Take the necessary steps if spyware/grayware scan requires user action.

1. Scan action was successful when the following scan results display.

Scan Result

Explanation

The first level result is "Successful, no action required".

The second level results are as follows:

  • Cleaned: OfficeScan terminated processes or deleted registries, files, cookies and shortcuts.

  • Passed: OfficeScan did not perform any action but logged the spyware/grayware detection for assessment.

  • Access denied: OfficeScan denied access (copy, open) to the detected spyware/grayware components.

 

2. Scan action was unsuccessful or user action is required when the following scan results display.

Scan Result

Explanation

The first level result is "Further action required".

The second level results will have at least one of the following messages:

  • Spyware/Grayware unsafe to clean. MORE >>

    Explanation: This message displays if the Spyware Scan Engine attempts to clean any single folder and the following criteria are met:

    • Items to clean exceed 250MB.

    • The operating system uses the files in the folder. The folder may also be necessary for normal system operation.

    • The folder is a root directory (such as C: or F:)

    Solution: Contact your Support provider for assistance.

     

  • Spyware/Grayware scan stopped manually. Please perform a complete scan. MORE >>

    Explanation: A user stopped scanning before it was completed.

    Solution: Run a Manual Scan and wait for the scan to finish.

     

  • Spyware/Grayware cleaned, restart required. Please restart the computer. MORE >>

    Explanation: OfficeScan cleaned spyware/grayware components but a computer restart is required to complete the task.

    Solution: Restart the computer immediately.

     

  • Spyware/Grayware cannot be cleaned. MORE >>

    Explanation: Spyware/Grayware was detected on a CD-ROM or network drive. OfficeScan cannot clean spyware/grayware detected on these locations.

    Solution: Manually remove the infected file.

     

  • Spyware/Grayware scan result unidentified. Please contact Trend Micro technical support. MORE >>

    Explanation: A new version of Spyware Scan Engine provides a new scan result that OfficeScan has not been configured to handle.

    Solution: Contact your Support provider for help in determining the new scan result.