In this section

• Home
• Support
• Virus disinfection

Online support

• Knowledgebase
• Virus disinfection

Product maintenance

• Downloads and updates
• Documentation
• Software lifecycle

Contact support

• Talk to an expert
• Send a sample
• Email us

Support services

• Overview
• Technical Support
• Professional Services
• Technical Training

Removing infected executable files

1. Using Enterprise Console
2. Windows 95/98
3. Mac OS X computers
4. NetWare
5. Linux
6. UNIX
7. OpenVMS

1. Using Enterprise Console

You can remove infected executable files over a network using Enterprise Console.

2. Windows 95/98

To remove an infected executable file:

• Check the threat analysis for details on the virus and its removal.
• Back up any important data on the hard drive.
• Close down all programs.
• Go to Start|Programs|Sophos Anti-Virus and run the Sophos Anti-Virus program.
• Select the Immediate tab.
• Go to Options|Configuration... select the Action tab, select 'Infected files', select 'Move', then click 'OK'.
• Click the Go button on the toolbar to start the scan.
• Make a note of the infected files from the on-screen log.
• Delete the files. Run another scan for viruses. Replace the files with 'clean' versions from the original installation media or a clean PC.
• Go to Options|Configuration... select the Action tab, uncheck 'Infected files', deselect 'Move', then click 'OK'

If the virus is memory resident or the files cannot be removed because they are held open by the operating system:

• Reboot the PC from a clean startup or system disk.
• Delete and replace the file manually, or using the following DOS instructions:

You will need SWEEP for DOS on floppy disk. To do this, make a set of Emergency SAV disks.

• Check the threat analysis for details on the virus and its removal.
• Back up any important data on the hard drive.
• Reboot your PC from a clean system disk, put the 'SWEEP for DOS' disk in the floppy drive and at the A: prompt type:
  

  SWEEP *:

• Make a note of the infected files.
• Delete the infected files using
  

  SWEEP *: -REMOVEF

• Restore the infected files from the original installation media or a clean PC.

3. Mac OS X computers

To remove an infected executable file:

• Check the threat analysis for details on the virus and its removal.
• Close down all programs.
• Run the Sophos Anti-Virus program.
• Click the green 'Play' arrow button.
• Make a note of the infected files.
• Go to 'Sophos Anti-Virus preferences'.
• Choose 'Disinfection' from the 'Immediate Mode' menu.
• Select 'Infected Files' and 'Delete'.
• Close 'Sophos Anti-Virus preferences'.
• Click the green 'Play' arrow button.
• Click 'OK' when asked if files should be deleted.
• Run another scan to ensure that the executable has been removed.
• Go back to 'Disinfection' and deselect 'Infected Files' and 'Delete'.
• Replace the files with 'clean' versions from the original installation media or a clean Macintosh.
• If problems persist, contact support.

4. NetWare

Infected executables can be quarantined, renamed (so they cannot be executed), deleted, purged, or copied with non-executable filenames.

Note: This method of removal will also apply to documents infected with macro viruses.

• Check the threat analysis for details on the virus and its removal.
• Run a scan to locate all the infected executables and make a note of them.
• Choose your preferred method of removal in the 'Removal mode' option of the Immediate Mode menu.
• Delete the infected files and restore them from the original installation media or a backup.

5. Linux

• Check the threat analysis for details on the virus and its removal.
• Run a scan to locate all the infected executables and make a note of them.
  
• Use savscan with the -remove option
  

  savscan -remove

• Run a scan to check that all files were deleted. Replace them with 'clean' versions from the original installation media or a clean computer.

6. UNIX

• Check the threat analysis for details on the virus and its removal.
• Run a scan to locate all the infected executables and make a note of them.
• Use SWEEP with the -remove option
  

  sweep -remove

• Run a scan to check that all infected files were deleted. Replace them with 'clean' versions from the original installation media or a clean computer.

7. OpenVMS

• Check the threat analysis for details on the virus and its removal.
• Run VSWEEP from DCL using the command line qualifier '/VF' to write the names of any infected files to the file SWEEP.VIR.
• Use SWEEP.VIR to identify infected executables for replacement.
• Delete the infected executables, either by using the DCL command DELETE/ERASE, or by running VSWEEP from DCL using the command line qualifier '/REMOVEF'.
• Note: '/REMOVEF' does not prompt for confirmation before deletion and should be used with caution.
• Restore the deleted executables from the originals or from sound backups.

For details on the use of these command line qualifiers and sample batch files using them, see the Sophos Anti-Virus for OpenVMS manual.