Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How do I remove a file that my anti-virus says can't be quarantined?

My anti-virus software says a trojan was found on my computer, and the file
in which the trojan lies can not be cleaned, deleted, or quarantined. I have
pictures of my children that I don’t want to lose. Is there a way for me to
delete that file where the trojan is and save the pictures of my children? I
was told if the trojan couldn’t be quarantined, deleted, or cleaned, then I
would need to completely start my hard drive over from scratch. Is this
true?

On the surface the answer here is simple: you should be able to recover your
pictures safely and still remove the trojan. And yes, I’ll walk through how you
might do that.

However…

There’s a much larger issue at play here. One that scares me much
more than the trojan.

Become a Patron of Ask Leo! and go ad-free!

Before I get to removing the trojan, I have to deal with the bigger
issue.

You’re not backing up.

Seriously, if the pictures that are so important to you are in one place and
one place only, you will lose them. Some day that hard disk will die
or your computer will have some kind of serious problem, and everything will be
lost.

Everything.

I hear it repeatedly from many people. They’ve placed all their eggs in one
basket, and the basket breaks. Sometimes they can get lucky and data recovery
tools can be used (sometimes at great cost), but why risk it?

I can’t emphasize this enough: start backing up. Copy things that are
important to you to another computer, burn them to CD-ROM, get an external hard
drive, use a backup program or a backup service, but do something.

Back up, back up regularly, and start backing up now.

End of sermon.

“Back up, back up regularly, and start backing up
now.”

OK, now, about those trojan files that can’t be removed.

First, make note of the full path to each of the files that can’t be deleted
by your anti-virus software.

Then boot into Safe Mode (typically that means pressing F8 as Windows begins
to boot, and selecting Safe Mode). Then delete(*) named files by hand. It’s
quite possible you’ll need to alter their read-only status to do so.

If that doesn’t work (and it won’t for some viruses), then you can try
using the MoveOnBoot utility as
discussed in How do I delete a
file in use?
to delete the file before Windows boots.

If that doesn’t work, though it should, then my next step would be to boot
into the Windows Recovery Console. If you boot from your Windows CD, then the
recovery console should be one of your options. Once in, the recovery console
is nothing more than a Windows Command Prompt with a limited set of commands
available. You should be able to delete the files here.

MoveOnBoot should work and the recovery console should work, but if for some
reason they both fail, or are unavailable, then the last approach I would take
gets just a little geeky: boot from a Linux live CD. Many such as the ever
popular Knoppix or Ubuntu distributions boot into Linux using only the CD-ROM,
and then allow you to access the hard drive on your machine. The “geeky” part
is simply knowing how to navigate around in Linux.

(*) Note: Though I use the word “delete” above, it’s
actually safest to copy the files to another location, or preferably
to a floppy disk or some other removable media. There’s always a slight chance
that the files are actually required and you’ll need to be able to restore
them should your system fail to boot. In a case like that, if things really are
that damaged, then a repair install of Windows may be called for.

Subscribe to Confident Computing! Tech problem solving & safety tips & a weekly confidence boost in your inbox every week.

I'll see you there!

10 Reasons Your Computer is Slow

Slow Computer?

Speed up with my special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.

NOW: name your own price! You decide how much to pay -- and yes, that means you can get this report completely free if you so choose. Get your copy now!

13 comments on “How do I remove a file that my anti-virus says can't be quarantined?”

  1. There’s also a free program called Unlocker that might help you out in this situation..

    If you follow the link below, you will see just how much better it is than most other programs that do this type of thing, including GiPo@MoveOnBoot.
    http://ccollomb.free.fr/unlocker/
    (see the chart at the bottom)

    Reply
  2. Actually, for the novice persons the easier thing would be the following:
    1) Upload those pictures to a website. There are plenty of websites where you could upload for free.
    2) Then do whatever you want to clean up your computer. Then download the pictures again. So you will not risk deleting your pictures anyway.

    Reply
  3. Great stuff, Leo, but I think the first step should be to try another anti-virus program, such as the free version of AVG or Panda. On several occasions, I have been able to do that, and avoid a lot of hassle.

    Reply
  4. I should back up important files but how do you put(example) pictures onto a CD. I think they call it burning. Do you need a speacial program. Any way I think the information in your letters are good for more experienced computer people.

    Reply
  5. Regarding burning to a CD:
    There are special programs, such as Nero or Easy Media Creator which you can purchase, or free programs (find some on http://www.download.com). If you have Windows XP, it has a built-in burning utility, which you can use by dragging-and-dropping the files you want to copy to an optical drive (of course, this assumes that you have a burner as one of your optical drives).

    Reply
  6. I had a similar problem recently. I could not start windows in safe mode, F8 does not seem to work for me. What I did was re-start windows with the windows restore turned off. It worked!

    Reply
  7. I have a problem – my Eset antivirus says I have trojan that cannot be deleted. It’s (supposedly) on operating memory (operatin memory – Win32/rootkit.agent.ODG – trojan)I tried scanning with Malwarebyte’s Anti-Malware but it doesn’t detect any malicius files. So I tried to find a path – well I can’t find the path or the file. So I can’t even delet it manually as the article above suggests. What can I do? Someone please help.

    Reply
  8. Yeah if you are not able to get rid of this trojan then u may need to format ur drive in that case you will loose data.Here is one product Advanced System Optimizer that have various tools and most importantly an AntiSpyware and a data recovery tool Undelete.You can firstly try to clean your system with the help of the tool System Protector and most probably can get rid of the trojan.But in some cases it is possible that the best of the AntiSpyware may also not revert back the changes that are caused due to spywares even though they remove the infections…So it is better to stay protected rather then cure.
    .Now in case if you are forced to format your drive then you can use the other tool Undelete to recover the lost data…this recovers the data even after format…but do take care that b4 recovering the data u don’t overwrite any data.Hope you can overcome ur problem..u can download this from cnet

    Reply
  9. i had similar problems using norton but i then used hitman pro and it managed to get rid of it. they do a free trial as well

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.