Actions to take if PC-cillin cannot clean file

Trend Micro PC-cillin

Actions to take if PC-cillin cannot clean file

What do you do if you have updated your pattern files, scan engine and program files and find that an infected file still cannot be cleaned? This depends on the actions you have set for the different PC-cillin scans (Real-time Scan, Manual Scan, Internet mail scan). The default Real-time and Manual Scan action for files that cannot be cleaned is Quarantine. This means PC-cillin will move the file to the Quarantine folder. Files placed in the Quarantine folder are isolated and rendered harmless. After you quarantine the file you have several options, for example, after the next pattern file update you can clean the file. You can also restore it, send it to Trend Micro for analysis and manually cleaning, or ultimately you can still delete it if you choose.

The following provides further information about alternate methods on how to proceed for different types of viruses.

Important: Infected files that cannot be cleaned may be important system files. If you choose to quarantine or delete a file, it might cause a system error or failure to boot up the system. You need to be careful what the file is when you choose to take these actions.

Trojan horses (Virus name: Troj_xxx)

Because Trojan horses do not infect other files, but rather destroy or steal information from your computer, there is no way to clean the file. The only way to clean a Trojan is to delete the actual Trojan horse file.

Compressed files

While the Trend Micro scanning engine can detect viruses within compressed files, it cannot clean the files inside of a compressed archive beyond the second layer of compression. To clean a virus in a deeper layer of compression, you must first decompress the file.

To clean a compressed file:

  1. Disable PC-cillin’s real-time scanning function so that it will not interfere with the decompression process.

  2. Use an archive utility (for example, WinZip) to extract the files from the compressed file.

  3. Start PC-cillin's real-time scanning function.

  4. Run the main program. You can now manually scan and clean the infected files that were extracted in the second step.

Insufficient disk space or write-protected diskettes

PC-cillin creates a backup file, *.rb0, before attempting to clean an infected file. This is to prevent files from being corrupted if the cleaning fails. You need to provide enough disk space or you have to copy the infected files to a hard disk drive before attempting to clean the files. If the disk is write-protected, make it writeable before attempting to clean the file.

Password-protected files

If the infected file is password-protected (for example, a password-protected ZIP or Word file), PC-cillin will not be able to detect or clean it. Please disable the password-protection before attempting to scan or clean the file.

PE-type virus infection (Virus name: PE_xxxx)

Since PE-type viruses (Portable Executable: standard Win32 file format) always stay in memory, the virus may not be completely cleaned.

To clean a PE-type virus:

  1. Boot your computer with the rescue disk labeled Emergency Boot Disk (Disk 1).

  2. Insert the PC-cillin rescue disk labeled PCSCAN Files Disk (Disk 2) into the A:\drive and at the DOS command prompt type:

 A:\>PCSCAN /V/C

Follow the onscreen instructions. You can now start scanning and cleaning the viruses.

Note: If you do not have emergency rescue disks, refer to the Creating rescue disks procedure.

See also:

About virus scan actions

About Manual Scan

About Real-time Scan

About Internet mail scan

About quarantined files

About scan tasks

About rescue disks