Uncleanable Files Parent topic

The Virus Scan Engine is unable to clean the following files:

Uncleanable File Solutions

Uncleanable File
Explanation and Solution
Files infected with Trojans
Trojans are programs that perform unexpected or unauthorized, usually malicious, actions such as displaying messages, erasing files, or formatting disks. Trojans do not infect files, thus cleaning is not necessary.
Solution: The Virus Cleanup Engine and Virus Cleanup Template remove Trojans.
Files infected with worms
A worm is a self-contained program (or set of programs) able to spread functional copies of itself or its segments to other endpoint systems. The propagation usually takes place through network connections or email attachments. Worms are uncleanable because the file is a self-contained program.
Solution: Trend Micro recommends deleting worms.
Write-protected infected files
Solution: Remove the write-protection which allows for the cleaning of the file.
Password-protected files
Password-protected files include password-protected compressed files or password-protected Microsoft Office files.
Solution: Remove the password protection which allows for the cleaning of the file.
Backup files
Files with the RB0~RB9 extensions are backup copies of infected files. The cleaning process creates a backup of the infected file in case the virus/malware damaged the file during the cleaning process.
Solution: If successfully cleaned, you do not need to keep the backup copy of the infected file. If the endpoint functions normally, you can delete the backup file.
Infected files in the Recycle Bin
The system may not allow the removal of infected files from the Recycle Bin because the system is running.
Solution on Windows XP or Windows Server 2003 with NTFS File System:
  1. Log on to the endpoint with Administrator privilege.
  2. Close all running applications to prevent applications from locking the file, which would make Windows unable to delete it.
  3. Open the command prompt.
  4. Type the following to delete the files:
    cd \
    cd recycled
    del *.* /S
    The last command deletes all files in the Recycle Bin.
  5. Check if the files were removed.
Solution on other operating systems (or those without NTFS):
  1. Restart the endpoint in MS-DOS mode.
  2. Open the command prompt.
  3. Type the following to delete the files:
    cd \
    cd recycled
    del *.* /S
    The last command deletes all files in the Recycle Bin.
Infected files in Windows Temp Folder or Internet Explorer Temporary Folder
The system may not allow the cleaning of infected files in the Windows Temp folder or the Internet Explorer temporary folder because the endpoint uses them. The files to clean may be temporary files needed for Windows operation.
 
Solution on Windows XP or Windows Server 2003 with NTFS File System:
  1. Log on to the endpoint with Administrator privilege.
  2. Close all running applications to prevent applications from locking the file, which would make Windows unable to delete it.
  3. If the infected file is in the Windows Temp folder:
    1. Open the command prompt and go to the Windows Temp folder (located at C:\Windows\Temp for Windows XP or Windows Server 2003 endpoints by default).
    2. Type the following to delete the files:
      cd temp
      attrib -h
      del *.* /S
      The last command deletes all files in the Windows Temp folder.
  4. If the infected file is in the Internet Explorer temporary folder:
    1. Open a command prompt and go to the Internet Explorer Temp folder (located in C:\Documents and Settings\<Your user name>\Local Settings\Temporary Internet Files for Windows XP or Windows Server 2003 endpoints by default).
    2. Type the following to delete the files:
      cd tempor~1
      attrib -h
      del *.* /S
      The last command deletes all files in the Internet Explorer temporary folder.
    3. Check if the files were removed.
 
Solution on other operating systems (or those without NTFS):
  1. Restart the endpoint in MS-DOS mode.
  2. If the infected file is in the Windows Temp folder:
    1. Open the command prompt and go to the Windows Temp folder (located at C:\Windows\Temp for Windows XP or Windows Server 2003 endpoints by default).
    2. Type the following to delete the files:
      cd temp
      attrib -h
      del *.* /S
      The last command deletes all files in the Windows Temp folder.
    3. Restart the endpoint in normal mode.
  3. If the infected file is in the Internet Explorer temporary folder:
    1. Open a command prompt and go to the Internet Explorer Temp folder (located in C:\Documents and Settings\<Your user name>\Local Settings\Temporary Internet Files for Windows XP or Windows Server 2003 endpoints by default).
    2. Type the following to delete the files:
      cd tempor~1
      attrib -h
      del *.* /S
      The last command deletes all files in the Internet Explorer temporary folder.
    3. Restart the endpoint in normal mode.
Files compressed using an unsupported compression format
Solution: Uncompress the files.
Locked files or files that are currently executing
Solution: Unlock the files or wait until the files have been executed.
Corrupted files
Solution: Delete the files.