My ESET product detected a virus but cannot clean or delete it

KB Solution ID: SOLN117|Last Revised: June 05, 2014

Issue

Important!

Before proceeding, we recommend that you: 

  1. Complete our preliminary malware troubleshooting steps.
  2. Check to see if there is a removal tool for your particular virus.
  • Your ESET product is unable to clean or remove infected files identified during a scan. Specifically:

    • The infected file or folder is hidden
    • The infected file is in use by another program or locked in memory
    • DNS Cache poisoning attack or Detected ARP cache poisoning attack
    • The threat was detected inside a damaged or password-protected archive file
    • The virus was detected inside a Microsoft Outlook Express .dbx file
    • Your computer was infected prior to installing an ESET product
    • Virus found in the Java cache directory
    • Potentially unwanted applications
    • Scan is configured to 'no cleaning'
    • Infected files found in the System Volume Information
    • The virus was detected in an .exe or .dll file archived with UPX

Solution

Infected file or folder is hidden

  1. Show hidden files or folders.
  2. Restart your computer in Safe Mode.
  3. Navigate to the infected file or folder.
  4. Right-click the infected file or folder and select Delete. When prompted to confirm, click Yes.
  5. Navigate to your Desktop, right-click Recycle Bin and select Empty Recycle Bin. When prompted, click Yes to confirm.
  6. Restart your computer and run a Computer scan.


Infected file is in use by another program or locked in memory

If you receive this notification while scanning your system, follow the steps below:

  1. Allow the scan to finish.
  2. Restart your computer in Safe Mode.
  3. Run another Computer scan.
     

DNS Cache poisoning attack or Detected ARP cache poisoning attack

This message usually appears as a result of a conflict between a router and the Personal firewall in ESET Smart Security. To resolve this issue, please see the article below:

The threat was detected inside a damaged or password-protected archive file

Archives (such as .zip or .rar) combine multiple files into one compressed file. ESET products do not delete archives because an archive file that is identified as infected can contain clean files as well as infected ones. If your ESET product has detected an infected file within an archive, you have two options:

  • Delete the archive file: Although you will lose the clean files within the archive, attempting to recover material from an infected archive could potentially spread an infection.
  • Use a file-archiving program (such as WinZip, 7zip or WinRar) to move individual files out of the archive (be sure to scan these files once you extract them from the archive).
     

The virus was detected inside a Microsoft Outlook Express .dbx file

If you locate an infected .dbx file, follow the steps below:

  1. Open the .dbx file in Outlook Express.
  2. Locate the message with the virus according to the sender, date of sending, subject, etc.
  3. Delete the infected message (click here for guidelines on submitting samples to ESET).

To prevent Outlook Exchange from downloading a virus when retrieving mail from your Internet service provider in the future, make sure that email client protection is enabled in your ESET product. 
 

Your computer was infected prior to installing an ESET product

Your ESET product may be unable to remove viruses and threats that were present on your system before your ESET product was installed. If you think that your computer was infected before you installed ESET and is still infected, contact ESET Customer Care.
 

Virus found in the Java cache directory

If a virus is discovered in the cache directory we recommend that you clear the cache manually. See the following article for assistance:

Potentially unwanted applications

The detected threat might be classified by your ESET product as a potentially unwanted application (what is a potentially unwanted application?). When you installed ESET you were given the option to enable/disable the detection of potentially unwanted applications.
 

Scan is configured to 'no cleaning'

If the Cleaning level of your ESET product has been set to 'no cleaning,' running a scan of your computer will detect threats without taking action to remove them. To resolve this issue, see the article below:

Infected files found in the System Volume Information

If your system creates System Restore files while infected with a virus and later that virus is removed, infected files can remain in the the System Volume Information folder. You can clean the System Volume Information folder using the steps in the following Microsoft Knowledge Base article:

 

The virus was detected in an .exe or .dll file archived with UPX

UPX files are similar to the archive files but contain files used to run a program. With Javascript enabled you can view and then delete an infected UPX file using Windows Explorer. If your ESET product cannot clean an infected UPX file, please submit the file as a sample to ESET.

Rate this article:
1 2 3 4 5
Please comment on your rating...
We cannot respond to feedback from this form. Requests for assistance should be submitted through your normal support channel.
5 - Definitely
4 - Mostly
3 - Somewhat
2 - Not Really
1 - Not At All