Removing dropped files

  • Article ID: 114040
  • Updated: 19 Dec 2011
The Sophos Malware Remediation Tool (SMaRT) provides a detailed step- through process for cleaning up malware infections on Windows 2000 and above. Details in the knowledgebase article 116418.

Dropped files are files that have been dropped by a virus, Trojan or worm and are detected by Sophos Anti-Virus. They include damaged versions of the original program. They can simply be identified and deleted.

1. Using Enterprise Console
2. Sophos Anti-Virus for Windows, version 7
3. Mac OS X computers
4. NetWare
5. Linux
6. UNIX
7. OpenVMS

1. Enterprise Console

You can remove dropped files over a network using Enterprise Console.

2. Sophos Anti-Virus for Windows, version 7

To remove a dropped file:

  • Close down all programs.
  • Go to Start|Programs|Sophos|Sophos Anti-Virus and run the 'Sophos Anti-Virus' program.
  • In the 'Available scans' list, select the scan for which you want to enable removal, or use 'Setup a new scan' to scan your local disks. (Do not select a scheduled scan, as you will not be able to run this manually.)
  • Click Edit|Configure this Scan.
  • Select the Cleanup tab and select 'Automatically clean up items that contain virus/spyware'. Click Apply|OK.
  • Click 'Save and Start' to save the scan, and run it immediately.
  • At the end of the scan, click the link in 'Items passed to Quarantine' to open Quarantine manager.
  • Select any items needing removal.
  • From the 'Perform action' dropdown, select 'Delete'.
  • Select 'Yes' or 'Yes to all' to delete files.
  • Run another scan to ensure that the file has been removed.
  • Click Edit|Configure this Scan.
  • Select the Cleanup tab and deselect 'Automatically clean up items that contain virus/spyware'. Click Apply|OK.

3. Mac OS X computers

To remove a dropped file:

  • Check the threat analysis to ensure it is a dropped file.
  • Run the 'Sophos Anti-Virus' program.
  • Go to 'Sophos Anti-Virus preferences'.
  • Choose 'Disinfection' from the 'Immediate Mode' menu.
  • Select 'Infected Files' and 'Delete'.
  • Close 'Sophos Anti-Virus preferences'.
  • Click the green 'Play' arrow button.
  • Click 'OK' when asked if files should be deleted.
  • Choose 'Disinfection' from the 'Immediate Mode' menu.
  • Deselect 'Infected Files' and 'Delete'. Click 'OK'

Alternatively, find the file and delete it.

4. NetWare

To remove a dropped file:

  • Check the threat analysis to ensure it is a dropped file.
  • Run a scan to locate the dropped file.
  • Delete the file manually from your server.

5. Linux

  • Check the threat analysis for details on the file and its removal.
  • Use savscan with the -remove option

    savscan -remove

  • Run a scan to check that the dropped files were deleted.

6. UNIX

To remove a dropped file:

  • Check the threat analysis to ensure it is a dropped file.
  • Use SWEEP with the -remove option
    sweep -remove

Alternatively, find the file and delete it.

7. OpenVMS

To remove a dropped file:

  • Check the threat analysis to ensure it is a dropped file.
  • Delete the dropped files by running VSWEEP from DCL using the command line qualifier '/REMOVEF'.
  • Note: '/REMOVEF' does not prompt for confirmation before deletion and should be used with caution.

Alternatively, find the file and delete it.

For details on the use of these command line qualifiers and sample batch files using them, see the Sophos Anti-Virus for OpenVMS manual.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments