Summary: Anti-virus programs are good at removing more problems, but occasionally they can't. We'll look at approaches to manually dealing with the issue.
My anti-virus software says a trojan was found on my computer, and the file in which the trojan lies can not be cleaned, deleted, or quarantined. I have pictures of my children that I don't want to lose. Is there a way for me to delete that file where the trojan is and save the pictures of my children? I was told if the trojan couldn't be quarantined, deleted, or cleaned, then I would need to completely start my hard drive over from scratch. Is this true?
•
On the surface the answer here is simple: you should be able to recover your pictures safely and still remove the trojan. And yes, I'll walk through how you might do that.
However...
There's a much larger issue at play here. One that scares me much more than the trojan.
•
Before I get to removing the trojan, I have to deal with the bigger issue.
You're not backing up.
Seriously, if the pictures that are so important to you are in one place and one place only, you will lose them. Some day that hard disk will die or your computer will have some kind of serious problem, and everything will be lost.
Everything.
I hear it repeatedly from many people. They've placed all their eggs in one basket, and the basket breaks. Sometimes they can get lucky and data recovery tools can be used (sometimes at great cost), but why risk it?
I can't emphasize this enough: start backing up. Copy things that are important to you to another computer, burn them to CD-ROM, get an external hard drive, use a backup program or a backup service, but do something.
Back up, back up regularly, and start backing up now.
End of sermon.
•
OK, now, about those trojan files that can't be removed.
First, make note of the full path to each of the files that can't be deleted by your anti-virus software.
Then boot into Safe Mode (typically that means pressing F8 as Windows begins to boot, and selecting Safe Mode). Then delete(*) named files by hand. It's quite possible you'll need to alter their read-only status to do so.
If that doesn't work (and it won't for some viruses), then you can try using the MoveOnBoot utility as discussed in How do I delete a file in use? to delete the file before Windows boots.
If that doesn't work, though it should, then my next step would be to boot into the Windows Recovery Console. If you boot from your Windows CD, then the recovery console should be one of your options. Once in, the recovery console is nothing more than a Windows Command Prompt with a limited set of commands available. You should be able to delete the files here.
MoveOnBoot should work and the recovery console should work, but if for some reason they both fail, or are unavailable, then the last approach I would take gets just a little geeky: boot from a Linux live CD. Many such as the ever popular Knoppix or Ubuntu distributions boot into Linux using only the CD-ROM, and then allow you to access the hard drive on your machine. The "geeky" part is simply knowing how to navigate around in Linux.
(*) Note: Though I use the word "delete" above, it's actually safest to copy the files to another location, or preferably to a floppy disk or some other removable media. There's always a slight chance that the files are actually required and you'll need to be able to restore them should your system fail to boot. In a case like that, if things really are that damaged, then a repair install of Windows may be called for.
Related:
-
Ask Leo! - What backup program should I use?
-
Ask Leo! - How do I delete a file in use?
-
Ask Leo! - How should I reinstall Windows?
Article C3111 - August 8, 2007
Actually, for the novice persons the easier thing would be the following:
Posted by: Yudhi at August 10, 2007 6:53 PM1) Upload those pictures to a website. There are plenty of websites where you could upload for free.
2) Then do whatever you want to clean up your computer. Then download the pictures again. So you will not risk deleting your pictures anyway.
Great stuff, Leo, but I think the first step should be to try another anti-virus program, such as the free version of AVG or Panda. On several occasions, I have been able to do that, and avoid a lot of hassle.
Posted by: Jim Breslin at August 10, 2007 7:00 PMI should back up important files but how do you put(example) pictures onto a CD. I think they call it burning. Do you need a speacial program. Any way I think the information in your letters are good for more experienced computer people.
Posted by: Raymond Hughes at August 10, 2007 10:58 PMUnlocker has worked for myself many times and is a great program when normal delete or an erase program does not work.
Posted by: Bob at August 11, 2007 3:43 PMRegarding burning to a CD:
Posted by: Harry at August 12, 2007 8:50 AMThere are special programs, such as Nero or Easy Media Creator which you can purchase, or free programs (find some on www.download.com). If you have Windows XP, it has a built-in burning utility, which you can use by dragging-and-dropping the files you want to copy to an optical drive (of course, this assumes that you have a burner as one of your optical drives).
I had a similar problem recently. I could not start windows in safe mode, F8 does not seem to work for me. What I did was re-start windows with the windows restore turned off. It worked!
Posted by: Christopher at August 12, 2007 11:49 AMI recommend this procedure: http://forums.majorgeeks.com/showthread.php?t=35407
It has saved my life (and that of many others) on numerous occasions.
Good luck!
Posted by: vincent at September 3, 2007 8:47 AMmy removable disc says it has some virus.hw can i remove it.
Posted by: samsheer at November 18, 2008 7:05 AMI removed several trogans that I got yesterday, I used Malwarebytes. Now when I go to my pictures, the folders are there with the title, but they won't open. Any suggestions?
21-Mar-2009
I have a problem - my Eset antivirus says I have trojan that cannot be deleted. It's (supposedly) on operating memory (operatin memory - Win32/rootkit.agent.ODG - trojan)I tried scanning with Malwarebyte's Anti-Malware but it doesn't detect any malicius files. So I tried to find a path - well I can't find the path or the file. So I can't even delet it manually as the article above suggests. What can I do? Someone please help.
Posted by: Zala at July 4, 2009 11:03 AM