Helping people with computers... one answer at a time.
Anti-virus programs are good at removing more problems, but occasionally they can't. We'll look at approaches to manually dealing with the issue.
My anti-virus software says a trojan was found on my computer, and the file in which the trojan lies can not be cleaned, deleted, or quarantined. I have pictures of my children that I don't want to lose. Is there a way for me to delete that file where the trojan is and save the pictures of my children? I was told if the trojan couldn't be quarantined, deleted, or cleaned, then I would need to completely start my hard drive over from scratch. Is this true?
•
On the surface the answer here is simple: you should be able to recover your pictures safely and still remove the trojan. And yes, I'll walk through how you might do that.
However...
There's a much larger issue at play here. One that scares me much more than the trojan.
•
Before I get to removing the trojan, I have to deal with the bigger issue.
You're not backing up.
Seriously, if the pictures that are so important to you are in one place and one place only, you will lose them. Some day that hard disk will die or your computer will have some kind of serious problem, and everything will be lost.
Everything.
I hear it repeatedly from many people. They've placed all their eggs in one basket, and the basket breaks. Sometimes they can get lucky and data recovery tools can be used (sometimes at great cost), but why risk it?
I can't emphasize this enough: start backing up. Copy things that are important to you to another computer, burn them to CD-ROM, get an external hard drive, use a backup program or a backup service, but do something.
Back up, back up regularly, and start backing up now.
End of sermon.
•
OK, now, about those trojan files that can't be removed.
First, make note of the full path to each of the files that can't be deleted by your anti-virus software.
Then boot into Safe Mode (typically that means pressing F8 as Windows begins to boot, and selecting Safe Mode). Then delete(*) named files by hand. It's quite possible you'll need to alter their read-only status to do so.
If that doesn't work (and it won't for some viruses), then you can try using the MoveOnBoot utility as discussed in How do I delete a file in use? to delete the file before Windows boots.
If that doesn't work, though it should, then my next step would be to boot into the Windows Recovery Console. If you boot from your Windows CD, then the recovery console should be one of your options. Once in, the recovery console is nothing more than a Windows Command Prompt with a limited set of commands available. You should be able to delete the files here.
MoveOnBoot should work and the recovery console should work, but if for some reason they both fail, or are unavailable, then the last approach I would take gets just a little geeky: boot from a Linux live CD. Many such as the ever popular Knoppix or Ubuntu distributions boot into Linux using only the CD-ROM, and then allow you to access the hard drive on your machine. The "geeky" part is simply knowing how to navigate around in Linux.
(*) Note: Though I use the word "delete" above, it's actually safest to copy the files to another location, or preferably to a floppy disk or some other removable media. There's always a slight chance that the files are actually required and you'll need to be able to restore them should your system fail to boot. In a case like that, if things really are that damaged, then a repair install of Windows may be called for.
Article C3111 - August 8, 2007 « »
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
November 18, 2008 7:05 AM
my removable disc says it has some virus.hw can i remove it.
March 20, 2009 6:50 AM
I removed several trogans that I got yesterday, I used Malwarebytes. Now when I go to my pictures, the folders are there with the title, but they won't open. Any suggestions?
21-Mar-2009
July 4, 2009 11:03 AM
I have a problem - my Eset antivirus says I have trojan that cannot be deleted. It's (supposedly) on operating memory (operatin memory - Win32/rootkit.agent.ODG - trojan)I tried scanning with Malwarebyte's Anti-Malware but it doesn't detect any malicius files. So I tried to find a path - well I can't find the path or the file. So I can't even delet it manually as the article above suggests. What can I do? Someone please help.
July 8, 2010 1:42 AM
Yeah if you are not able to get rid of this trojan then u may need to format ur drive in that case you will loose data.Here is one product Advanced System Optimizer that have various tools and most importantly an AntiSpyware and a data recovery tool Undelete.You can firstly try to clean your system with the help of the tool System Protector and most probably can get rid of the trojan.But in some cases it is possible that the best of the AntiSpyware may also not revert back the changes that are caused due to spywares even though they remove the infections...So it is better to stay protected rather then cure.
.Now in case if you are forced to format your drive then you can use the other tool Undelete to recover the lost data...this recovers the data even after format...but do take care that b4 recovering the data u don't overwrite any data.Hope you can overcome ur problem..u can download this from cnet
April 4, 2013 7:01 AM
i had similar problems using norton but i then used hitman pro and it managed to get rid of it. they do a free trial as well