How to address malware that was not removed from your PC
Bitdefender On-Access Scanning reports an infected file could not be cleaned.
Solution: we recommend you to make sure you are logged in with an user with Administrative Privileges, close the applications you do not need, any work in progress documents, your internet browsers and then start a System Scan.
1. First of all, bring up the main Bitdefender interface
Note: if you are still in Antivirus events click on the home button to see the dashboard
2. From the Antivirus panel click on Scan now, then choose System Scan from the drop down menu
3. When the scan is finished check the scan summary to see if there are any threats/files that could not be cleaned.
If there are any, you should find an option on the Scan summary page - “Please click here to rescan files”. Use this option to start a new scan task with advanced option on the respective files
4. When the scan is finished you can click on View log and check if there are any unresolved items.
5. We also strongly recommend you to click on the Save Log button from the bottom and save this log in an easy to access location, e.g your Desktop, for easy access if further needed.
If Bitdefender still displayed there are items that cannot be cleaned (either in real time or during system scan) you can try to manually remove the infections following the guidelines below depending on the types of files.
Important: the steps bellow should be followed only by advanced users!
Most common types of files you could encounter:
I. Temporary Files
The Temporary files are usually recognized as follows:
- .tmp files found on C:\,C:\Windows, C:\Windows\temp, etc.
- files found in the locations:
C:\Documents and Settings\\Local Settings\Temp(for Windows XP)
C:\Users\\AppData\Local\Temp(for Windows Vista/7)
Note: The system drives where the primary boot volume and OS are. So if you install it to the default it will be C:\ drive; else please modify the paths accordingly.
For more details and step by step instructions please check the KB article How to clean infected Temporary Files.
II. Temporary Internet Files
A temporary Internet file is a file that is located on your hard drive that a browser uses to store Web site data for every Web page or URL address that you visit. When the Web server sends the Web page files to the browser, they are stored in a file so that the next time you visit the same Web site the browser takes the data from the temporary Internet file. Loading the Web site in this way from a temporary Internet file is called caching.
The Temporary Internet Files can be found in different locations depending on the internet browser:
For Internet Explorer: the folder is …user’s profile...\Temporary Internet Files
For Mozilla Firefox: ….user’s profile…\Mozilla\Firefox\Profiles\xxxxxx.default\cache
Very similar for other browsers:
For Google Chrome: ….user’s profile…\Google\Chrome\User Data\Default\Cache
For Safari: ….user’s profile…\Apple Computer\Safari\cache.db
For Opera: ….user’s profile…\Opera\Opera\cache
For more details about the exact locations and how to delete temporary internet files check this article.
III. Files located in System Volume Information
Check this KB article to learn how to clean system restore points from System Volume Information
IV. Email archives which cannot be repacked by Bitdefender
For more details and how to clean them please check this article.
V. For files located on optical devicessuch as CDs, DVDs, Blue-Ray Discs
Unfortunately, these files cannot be cleaned since modify/delete actions are not permitted on this kind of storage devices. You can rest assured that, if you still want to use the respective device, Bitdefender On-Access Scanning will protect your PC from any attack. However, we recommend you to take safety measures or not using the device at all on computers with no up to date security solution installed.
VI. For files located on network storages, NAS, network shares, mapped network drives, etc.
There are several reasons for Bitdefender not being able to clean the respective files such as: you only have read permissions on the respective network share/storage, therefore no actions can be taken due to limited privileges or the network share has a different operating system not supported by your Bitdefender virus engines. You can rest assured that, if you still want to access this share, Bitdefender On-Access Scanning will protect your PC from any attack.
VII. For tmp.ebd files
In order to remove the infected objects from your computer you need to reset the Windows Update and Windows Search services by following these steps:
- Temporarily disable the Bitdefender On-Access Scanning from Bitdefender > Settings > Antivirus > Shield tab > use the ON/OFF switch for On-Access Scanning
- Go to Start > run… (for Windows XP) or Start > click on the Search box (for Windows Vista/7), type services.msc and hit Enter;
- Locate the Windows Update service, right click on the entry and choose Restart from the dropdown menu;
- Locate the Windows Search service and restart it as well;
- Reboot the PC and check if the issue reoccurs.
If you need further assistance please contact Customer Care. When completing the form, please also attach the latest scan log showing the unresolved items.