Files that cannot be deleted specific processing methods

1, with poison files in the temporary Internet files directory

Because the files in this directory will have a certain protective effect (unconfirmed). So the poison file in this directory cannot be purged even in safe mode, for this situation, please close some other program software, and then open IE, select the IE Toolbar "tools" Internet Options, select "Delete Files" Delete, if prompted to "Delete all offline content" , please also delete the selected.

　　2, with poison files in the _restore directory, or the system Volume information directory

This is the directory where restore files are stored by System Restore, only if the ME/XP operating system is installed, because the system has a protective effect on the directory. For this situation, you need to cancel the System Restore feature, and then remove the poison file, or even the entire directory to delete it. Turn off System Restore methods. Me, disable System Restore, DOS delete. XP to turn off System Restore: Right-click My Computer, select Properties--System Restore--tick before "Turn off System Restore on all drives"--press OK to exit.

　　3, with poison files in the. rar,. zip,. cab and other compressed files

Today can support the direct killing of compressed files with poison files in the anti-virus software is still very few, even if there are only some of the commonly used compression format; Therefore, for the vast majority of anti-virus software, the most can only check out the files in the compressed file, but not directly removed. And some encrypted compressed files are less likely to be directly erased.

To clear the compressed file of the virus, we suggest that after decompression, or with the help of the compression tool software plug-in anti-virus program function, the poison of the compressed file antivirus.

4, the virus in the boot area or SUHDLOG.DAT or Suhdlog.bak files

This virus is generally the boot area virus, the reported virus name is generally with the word boot, wyx and so on. If the virus only exists on mobile storage devices (such as floppy disk, flash disk, mobile hard disk), you can use the anti-virus software on the local hard drive directly to the killing, if the virus is on the hard disk, you need to use a clean bootable disk to start the killing.

For this type of virus is recommended to use a clean floppy boot to the killing, but before killing must back up the original boot area, especially the original installed other operating systems, such as Japanese, Linux and so on.

If you do not have a clean bootable disk, you can use the following method for emergency antivirus:

(1) Make a clean bootable disk on another computer, this boot disk can be made by adding/removing programs on the 95/98/me system, but it should be noted that the operating system that makes the floppy disk must be the same as the operating system it uses;

(2) Use this floppy disk to boot the computer with the poison, and then run the following command:

A:>fdisk/mbr

A:>sys A:C:

If the poisoned file is in a SUHDLOG.DAT or suhdlog.bak file, delete it directly. This is the system at the time of installation of the hard disk boot area to do a backup file, the general role is not large, the virus in which has no effect.

　5. The suffix name of the poisonous file is. vir,. Kav, KBK, etc.

These files are usually the anti-virus software for the original poison file backup files, in general, if you confirm that these files are useless, then delete these files.

　　6, with poison files in some mail files, such as DBX, eml, box, etc.

Some antivirus software can directly check whether the files in these mail files are poisonous, but often can not carry on the direct operation to these poisonous files, for some email in the poisonous letter, can according to the information that the anti-virus software provides to find that poisonous letter, delete the attachment in the letter or delete the letter; if it is eml, NWS Some of the letters file with poison, you can use the relevant mail software open, confirm the letter and its attachments, and then delete the relevant content. Generally have a large number of eml, NWS with poison files, are automatically generated by the virus files, recommendations are directly deleted.

　　7, the file has the virus residue code.

This is more common with CIH, FUNLOVE, macro viruses (including macro viruses in documents such as Word, Excel, PowerPoint, and WordPro) and the residue code for individual web viruses. Usually antivirus software reports the virus name suffix for these files with virus residue code is usually the end of int, app, etc., and is not common, such as W32/funlove.app, W32. Funlove.int. In general, these residual code will not affect the normal operation of the program, and will not infect, if the need to completely clear, according to the actual situation of the virus to clear.

　8. File Error

This situation is not much, usually some anti-virus software will be the original poison files did not clean up the virus, there is no good repair files, resulting in files can not be used normally, while causing other anti-virus software false positives. These files can be deleted directly.

　　9, Encrypted file or directory

For some encrypted files or directories, please decrypt the virus after the killing.

　　10, share the directory

There are two scenarios: a local shared directory and a remote shared directory on the network (which also includes a mapping disk).

Encountering a poison file in a locally shared directory that cannot be purged, it is usually the other users in the LAN read and write these files, antivirus when the performance is not directly clear the virus in the file, if there is a virus in these directories in the write virus operation, performance for the shared directory to clean the virus after the operation, Still have files are infected or continue to generate virus files. In both cases, it is recommended to cancel the sharing, and then for the shared directory for a thorough killing, restore the sharing time, pay attention not to open too high permissions, and the shared directory to add a password.

When killing viruses on a remote shared directory (including the mapping disk), the first step is to ensure that the local computer's operating system is clean and has the highest read and write access to the shared directory. If it is a remote computer infected with the virus, it is recommended or directly on the remote computer for killing the virus. In particular, if you are cleaning up other viruses, Shihudu recommends canceling all local shares and then doing antivirus operations. In peacetime use, should also pay attention to the security of the shared directory, add a password, and, if not necessary, do not directly read the remote shared directory of files, the proposed copy to the local check virus before operation.