The “Quarantine” folder in the ESET NOD32 antivirus application is intended to isolate all infected or suspicious files. In this case, the user is given the opportunity to independently quarantine files, restore them, or delete them.
Instructions
1. A file locked in the Quarantine folder of the ESET NOD32 antivirus application does not pose a threat to the operation of the computer system. One of the purposes of quarantine is the possibility of correcting a moved system file manually. The “Restore” function is responsible for this, access to which can be obtained from the context menu of the “Quarantine” window. Please note that there is also the “Restore to” option, which allows you to save the restored file to a location different from the original one.
2. If you need to remove infected files from quarantine, temporarily disable the system repair function. To do this, call the context menu of the “My Computer” element by right-clicking and select “Properties”. Go to the “System Repair” tab in the dialog box that opens and check the box in the “Disable system repair on all drives” line. Confirm that the selected action is completed by clicking OK.
3. Launch the NOD32 application and press the F5 function key. Select the “Protection against viruses and spyware” option and select the “On-demand PC scan” option. Set "Large Scan" in the "Selected Profile" line and confirm the use of the changes made by clicking the OK button. Wait for the verification process to complete.
4. Open the main menu of the NOD32 application and go to “Utilities”. Expand the “Quarantine” node and carefully examine the list of files that opens. Please note that in the “Reason” field, the reason for isolating the entire file is indicated. Call the context menu of the file to be deleted by right-clicking and specify the “Delete from Quarantine” command. Restart your computer to apply the changes you made.
Nod32 antivirus is deservedly one of the leaders among antivirus programs, allowing you to effectively protect your system from a wide variety of virus threats.
However, a user who decides to remove nod32 from his system may face some serious difficulties. The fact is that many viruses can disable anti-virus systems installed on a computer; therefore, disabling nod32 by the creators of the program is meaningfully made available only to a system manager who has both the appropriate authority and sufficient knowledge. After attempting to delete the files of the antivirus program manually, the user may find that the folders in which the antivirus was installed are still not deleted, and some of the processes related to it continue to run in the computer’s memory. If you remove the antivirus in the standard way (Control Panel - Programs and Features - Uninstall) does not work, then in order to still remove nod32, carefully follow the sequence of steps:
Video on the topic
While scanning your computer for infected and suspicious viruses files are placed by the anti-virus program in a special folder - “quarantine”. Files are also sent to quarantine in cases where there is no likelihood of their treatment, in case of fresh harmful code. Typically, when quarantined, an antivirus blocks access to suspicious files in order to prevent the virus from spreading throughout the system. To remove viruses from quarantine It’s best for everyone to take advantage of the capabilities of an antivirus program. The main anti-virus programs are considered.
You will need
- Computer, antivirus
Instructions
1. Kaspersky Anti-Virus1. Open the main program window.2. Switch to the Settings tab.3. Left-click on the “Quarantine and Backup” menu item.4. In the window that opens, configure the operating parameters quarantine.5. Select the command “Delete objects stored for more than ... days” and specify: how many days they must be stored files in quarantine.
2. Antivirus Nod 32To clear quarantine: 1. Go to the “Utilities” menu.2. Select "Quarantine".3. Select the ones you need files, right-click and select Delete.
3. Antivirus Doctor Web cleaning quarantine:1. Go to the quarantine menu.2. Select the required files.3. Execute the “Delete” command.
4. Avast1 antivirus. Go to the Maintenance menu.2. Select "Quarantine".3. Select the ones you need files.4. Execute the “Delete” command.
5. Avira Antivir Personal antivirus1. Open the Control menu.2. Select "Quarantine".3. Select the required objects.4. Click the "Remove selected items from" button. quarantine ».
6. Panda Antivirus1. Click the "Quarantine" button in the main window.2. Select a file (or files).3. Select the “Delete” command in the context menu (activated by right mouse button).
7. McAfee antivirus with support for main menu, open administrator quarantine, in which select the infected files and execute the “Delete” command.
8. Antivirus utility AVZ1. Open the File menu.2. Execute the command “View quarantine".3. Select the ones you need files.4. Execute the command "Clean quarantine ».
Note!
You can try to detect and manually delete files from quarantine folders, but this is not available or dangerous in all cases.
While working in the Windows Explorer context menu, a large number of unused menu items related to non-existent programs accumulate. Removing such items using standard system methods is absolutely doable and requires minimal computer knowledge.
You will need
- –ContexEdit
Instructions
1. Make a backup copy of your registry files so you can recover accidentally lost data.
2. Click the “Start” button to open the main system menu and go to “Run” to launch the “Registry Editor” utility.
3. Enter regedit in the Open field and click OK to confirm the command.
4. Expand the HKEY_CLASSES_ROOT\*\shell branch and select the folders of inappropriate applications.
5. Delete the selected folders. There is no need to restart the system or the Explorer tool.
6. Go to the HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers branch. Please note that many applications do not record their explicit name, but an internal identifier.
7. Determine the identity of the identifiers by copying the name and searching the registry under HKEY_CLASSES_ROOT\CLSID.
8. Disable the selected identifier by adding a “-” sign at the beginning of its name. This algorithm is also suitable for determining the identity of the identifier - check which of the context menu items disappeared after adding the “-” sign at the beginning of the name of the selected identifier.
9. Make sure that the shutdown does not affect service identifiers that are not displayed in the system. If an identifier has been disabled and not a single item has disappeared from the menu, it is recommended to restore the original appearance of the identifier.
10. Use the paid utility ContextEdit to make the process of editing the context menu easier and more clear.
11. Select the editing mode: All Files or regardless of extension in the menu on the left side of the program window.
12. Uncheck the boxes of the items to be deleted in the Shell Commands and Context Menu Handlers windows on the right side of the application window and click the Exit button to exit the program.
Note!
Commands associated with a specific file type can be found in the registry sections corresponding to that type.
Helpful advice
Some programs check their integrity every time they start and write them back to the context menu.
ESET NOD32 antivirus, like similar programs, has a special section for storing infected and suspicious files. This section is called “Quarantine”; you can send files and folders to it yourself, as well as extract those that you are sure are safe. In this article we will look at how to extract documents from the “Quarantine” section of ESET NOD32 antivirus. For this you will need:
- Computer;
— ESET NOD32 Antivirus (To fully protect your computer, we recommend using only the 100% licensed version of this antivirus. You can also have it instantly delivered to your email).
Instructions
- Documents placed in the Quarantine section of ESET NOD32 software automatically become isolated from the computer system. This section contains files infected with a virus and those that are suspicious to this antivirus.
If you are confident that the document from this section is safe, you can restore it to the working partition of your hard drive.
- To perform file recovery, you must temporarily stop the operating system recovery function. To do this, open “My Computer” and right-click in an empty space of the window, in the additional menu click the “Properties” command. In the window that loads, select the “System Protection” option, open the “System Protection” tab. Designate drive C and click the “Configure” button
in the window that opens, check the line “Disable system protection”, click the “Apply” and “OK” buttons. Repeat the steps for the remaining disk partitions.
- Launch NOD32 antivirus and press the F5 button on your keyboard. Click the “Virus and spyware protection” option and check the “On-demand PC scan” checkbox.
In the Selected Profile field, select Deep Scan and click OK. Wait until the antivirus completes its task.
- Open the NOD32 antivirus working window and go to the “Utilities” section.
Open the “Quarantine” section and carefully study the list of documents contained in it. Pay special attention to what is written in the “Reason” column. Right-click on the desired file and select the command “Remove from Quarantine” or “Restore” in the context menu (depending on the version of the antivirus). After completing all the described steps, you need to restart the operating system and enable the recovery option; to do this, do everything in step 2 and check the “Restore system settings” line. Save the changes by clicking on the “Apply” button and the “OK” button.
Video: How to add a folder to an ESET NOD32 antivirus exclusion
Modern anti-virus programs have a very wide “spectrum of action”. They disinfect infected files, monitor information coming from the Internet, monitor the contents of email messages and monitor programs loaded into the computer's RAM. At the same time, they usually choose their own method of dealing with the threat. But sometimes the user just needs to delete infected files, rather than try to cure or isolate them.
You will need
- - computer
- - Nod32 antivirus package
- - basic computer skills
Instructions
Using the tips "How to clean an infected computer" given in this article, you can remove any type of malware from your computer and return it to working condition
1. Make sure your computer is really infected
Before you try to remove any infection from your computer, you need to make sure that the computer is actually infected. To do this, please refer to the recommendations I give in the article "". If this does indeed indicate that your computer is infected, then continue with the steps in the next section. Make sure you do them in the proper sequence.
2. How to clean your computer and make sure it's really clean
Please note that advanced users here can simply skip to the last part about and clean up the computer accordingly. This is the most effective approach, but it is also one of the most time-consuming. However, if necessary, you can go straight to that section and then return back to the beginning again if the infection was not completely removed.
2.1 Cleaning your computer using CCE and TDSSKiller
Download Comodo Cleaning Essentials (CCE) from this page. Make sure you select the correct version for your operating system. If you are not sure whether your computer is running a 32-bit or 64-bit operating system, see. Also, download Kaspersky TDSSKiller from this page. If you are unable to download any of these programs, or if your Internet connection does not work, you will need to do it using another computer and transfer it to the infected one using a flash drive. Make sure there are no other files on the flash drive. Be careful with the flash device as malware can infect it when you insert it into your computer. Hence, do not connect it to any other computers after transferring these programs. Also, I would like to point out that both programs are portable. This means that once you're done using them, you won't have to uninstall them. Just delete their folders and they will be deleted.
Once you have downloaded CCE, unzip the file, open the folder and double-click the file named "CCE". The Comodo Cleaning Essentials main window will open. If it doesn't open, press and hold the Shift key and double-click the file named "CCE". Once CCE has successfully opened, you can release the Shift key. However, do not release it until the program is completely loaded into memory. If you release it at least during the UAC prompt, it will not be able to open correctly even with the forced method. Holding Shift will help it open even on heavily infected computers. It does this by suppressing many unnecessary processes that could prevent it from running. If this still doesn't help get it running, then download and run a program called RKill. It can be downloaded from this page. This program will stop known malicious processes. Thus, once it is launched, CCE should launch perfectly.
Once it's running, run a Smart Scan in CCE and quarantine everything it finds. This program also looks for system changes that may have been made by malware. They will be shown in the results. I would advise allowing the program to fix this too. Restart your computer when prompted. After restarting the computer, launch Kaspersky TDSSKiller, scan and quarantine what is found.
Also, if your Internet connection was not working previously, check if it is working now. A valid internet connection will be required for further steps in this section.
Once the CCE scan is complete and you are sure your internet connection is working, open CCE again. Hopefully it will open this time, but if not, then open it while holding down the Shift key. Then from the "Tools" menu in CCE, open KillSwitch. In KillSwitch, in the "View" menu, select the "Hide Safe Processes" option. Then right-click on all processes that are marked as suspicious or dangerous and select the option to remove them. You should also right-click on any unknown processes that remain and select the "Kill Process" option. Do not remove processes marked as FLS.Unknown. Next, in CCE, from the tools menu, launch Autorun Analyzer and select the "Hide Safe Entries" option from the "View" menu. Then disable any items belonging to files that are flagged as suspicious or dangerous. You can do this by unchecking the boxes next to the items. You should also disable any items that are marked as FLS.Unknown, but which you think are likely to be malware. Do not remove any items.
Now restart your computer. After rebooting, check your computer again using the advice I give in the article "". If everything is good, then you can move on to the " " section. Remember that disabled registry entries are not dangerous. Also, note that even if your computer is clear of active infections, there may still be pieces of malware on it. They are not dangerous, but don't be surprised if scanning with another program still finds malware on your computer. These are the dormant remnants of what you just deleted. If you are unhappy with the presence of these residues on your computer, then you can remove the vast majority of them by scanning with the programs mentioned in the next section.
However, if your computer is not yet cleared of active infections, but at least one of the programs was able to start, go through the steps described in this section again and see if this removes the infections. But, if none of the programs were able to start, please proceed to the next section. Additionally, even if following the instructions in this section again is not enough to clean up your computer, you need to move on to the next section.
2.2 If your computer is still not clean, scan using HitmanPro, Malwarebytes and Emsisoft Anti-Malware
If the above steps did not help to completely eliminate the infection, then you need to download HitmanPro from this page. Install the program and run "Default Scan". If it doesn't install, skip to the next paragraph and install Malwarebytes. When prompted during HitmanPro installation, I recommend that you select the option to perform a one-time scan of your computer only. This should suit most users. Also, if malware is preventing it from launching correctly, then open the program by holding down the CTRL key until it loads into memory. Quarantine any infestation she finds. Keep in mind that this program will only be able to remove infections for 30 days after installation. During uninstallation you will be asked to activate your trial license.
Once HitmanPro has removed all detected infections, or if Hitman Pro fails to install, you need to download the free version of Malwarebytes from this page. Note that it has chameleon technology, which should help it install even on heavily infected computers. I advise you that during installation you uncheck the "Enable free trial of Malwarebytes Anti-Malware Pro" checkbox. Make sure the program is completely updated and then run a quick scan. Quarantine any infection she finds. If any program asks you to restart your computer, be sure to restart it.
Then download Emsisoft Emergency Kit from this page. Once it finishes downloading, extract the contents of the zip file. Then double click on the file named "start" and open "Emergency Kit Scanner". When prompted, allow the program to update the database. Once it is updated, return to the Security menu. Then go to "Verify" and select "Quick", then click "Verify". Once the scan is complete, quarantine all detected items. Restart your computer every time you need to.
After scanning your computer with these programs, you must restart it. Then check your computer again using the tips I give in the article "". If everything is good then you can move on to the " " section. Remember that disabled registry entries are not dangerous. However, if your computer is still not clean, then go through the steps in this section again and see if it helps remove the infections. If the programs in section 2.1 were previously unable to run correctly, then you should go back and try running them again. If none of the above programs were able to start, boot into Safe Mode with Networking and try scanning from there. However, if they were able to start correctly and the threats still remain even after following the advice in this section again, then you can move on to the next section.
2.3 If necessary, try these less-quick methods
If the above measures did not completely remove the infection, then there is probably some very unresponsive malware living in your machine. Thus, the methods discussed in this section are much more powerful, but will require more time. The first thing I recommend doing is to scan your computer with another anti-rootkit scanner called GMER. It can be downloaded from this page. Remove anything that will be shaded in red. Be sure to click the Scan button immediately after the program finishes its quick analysis of the system. Additionally, if you are running a 32-bit operating system, you must download the ZeroAccess rootkit scanner and removal tool. Information about this rootkit and a link to a program for removing it from 32-bit systems can be found here. AntiZeroAccess can be downloaded from the link in the second paragraph.
After scanning in the above programs, the next thing you should do is open CCE, go to settings and select the option “Scan for suspicious MBR modification”. Then click "OK". Now in CCE, perform a full scan. Reboot when required and quarantine anything found. Please note that this option can be relatively dangerous as it may reveal problems where there are none. Use it with caution and make sure everything important is already backed up. Please note that in rare cases, scanning with these options may render the system unbootable. This rarely happens, but even if it happens, it is fixable. If your computer stops starting after running this scan, use the Windows installation disc to perform a system recovery. This should help get your computer running again.
Once CCE is completely finished, open CCE again while holding down the SHIFT key. This action will end most of the unnecessary processes that may be preventing you from scanning. Then open KillSwitch, go to the "View" menu and select "Hide Safe Processes". Now, remove all dangerous processes again. Then, you should also right-click on all the unknown processes that remain and select "Kill Process". Don't delete them. You should follow the advice in this paragraph every time you restart your computer to ensure that the next scans are as effective as possible.
After completing all processes that were not considered trustworthy, you should open the HitmanPro program while holding down the CTRL key. Then run a "Default Scan" and quarantine everything it finds. Then run a full scan in Malwarebytes and Emsisoft Emergency Kit. Quarantine what they find. After that, download the free version of SUPERAntiSpyware from this page. Be very careful during installation as there are other programs included with the installer. On the first page, make sure to uncheck both options regarding installing Google Chrome. Now select the "Custom Install" option. During the custom installation, you will have to once again uncheck two checkboxes from the option to add Google Chrome.
Apart from this, the program will install perfectly. When prompted to start a free trial, I advise you to refuse. Once the program is fully loaded, select the Complete Scan option and click the "Scan your Computer..." button. Then click the "Start Complete Scan>" button. Delete any detected files and restart your computer when required.
After completing these steps, you must restart your computer. Then test it again using the advice I give in the article "". If everything is good, then you can move on to the " " section. Remember that disabled registry entries are not dangerous. However, if your computer is still not cleaned, then follow the steps described in this section again and see if this helps in eliminating the infection. If not, then you need to move on to the next section.
2.4 If necessary, make a boot disk
If the above methods do not completely eliminate the infection, or if you cannot even boot your computer, then in order to clean your computer you may need a bootable CD (or flash drive), also called a boot disk. I know this may all seem like a lot of work, but it's actually not that bad. Just remember that you need to create this disk on a computer that is not infected. Otherwise, the files may be damaged or even infected.
Since this is a boot drive, no malware can hide from it, disable it, or interfere with its operation in any way. Therefore, scanning in different programs in this way should allow you to clean almost any machine, no matter how infected it may be. The only exception here is if the system files themselves were infected on the machine. If this is the case, then removing the infection may cause harm to the system. This is mainly the reason why you have backed up all your important documents before starting the cleaning process. However, sometimes you can get around this by following the advice I give below.
To do this you must download . This is an excellent program that will allow you to create a single bootable disk with multiple antivirus programs. It also has many other useful features that I won't discuss in this article. Several very useful textbooks for SARDU can be found on this page. Be very careful about the additional offers now included in the installer. Unfortunately, this program is now trying to scam people into installing additional programs that are mostly unnecessary.
After downloading it, unzip the contents and open the SARDU folder. Then run the executable that matches your operating system - either sardu or sardu_x64. On the Antivirus tab, click the antivirus applications that you would like to write to the disk you are creating. You can add as much or as little as you see fit. I recommend that you scan your computer with at least Dr.Web LiveCD, Avira Rescue System and Kaspersky Rescue Disk. One of the nice things about Dr.Web is that it sometimes allows you to replace an infected file with a clean version of it, instead of simply deleting it. This will help you clean up some computers without harming the system. Thus, I highly recommend including Dr.Web in your boot drive.
Clicking on the names of various antivirus applications will often direct you to a page from which you can download an ISO image of the corresponding antivirus. Sometimes you will be given the option to download it directly through SARDU instead, which can be found under the Downloader tab. If given a choice, always select the ISO download option. Also, after downloading the ISO file, you may need to move it to the ISO folder located in the main SARDU folder. Once you have moved the ISO images of all the antivirus products you need into the ISO folder, you are ready to create an emergency boot disk. To do this, go to the Antivirus tab and make sure that all the antiviruses you have selected are checked. Now click on the button to create either a USB device or a disk. Any of these options will be acceptable. It just depends on how you want to run the rescue disk - from USB or from CD.
After creating the rescue disk, you will likely need to change the boot sequence in your BIOS settings to ensure that when you insert a bootable CD or bootable flash device, the computer will boot into it rather than the operating system as usual. For our purposes, you should rearrange the order so that "CD/DVD Rom drive" comes first if you want to boot from a CD or DVD, or "Removable Devices" if you want to boot from flash drive. Once this is done, boot your computer from the rescue disk.
After booting from the disk, you can choose which antivirus you would like to start scanning your computer with. As I mentioned earlier, I would recommend starting with Dr.Web. When this program has finished and you have restored or deleted everything it finds, you will need to turn off your computer. Then be sure to boot from the disk again and then continue scanning with other antiviruses. Continue this process until you have scanned your computer with all the antivirus programs that you included on the boot disk.
After cleaning your computer in the programs you burned to disk, you now need to try starting Windows again. If the computer is able to start under Windows, then check it using the instructions that I give in the article "". If everything is fine, then you can move on to the " " section. Remember that disabled registry entries cannot pose a risk.
If your computer has not yet been cleaned, but you can boot from Windows, then I would advise you to try cleaning it while in Windows, starting with this article and following the suggested methods. However, if your computer still cannot boot into Windows, then try again to get it in order using the Windows installation disc. This should help get your computer started again. If even this does not help make it bootable, then try adding more antiviruses to the emergency boot disk and then rescan the computer. If doing this still doesn't help, then read.
3. What to do if the above methods did not help clean your computer
If you have followed all of the above steps and are still unable to clean up your computer, but you are convinced that malware is causing the problems, we would be very grateful if you leave a comment and explain what you tried to do to clean up your computer and what remained signs that make you think that the computer is still not cleaned. This is very important in order to improve this article. Really hope no one ever gets to this section. This article is intended to give you the opportunity to completely clean up your infected computer.
You can also seek advice from a specialized forum dedicated to malware removal. A very useful forum, which is our partner -. However, if even after seeking help from a malware removal forum, your computer is still not free of malware, you may need to format your computer and run it that way. This means you'll lose anything you didn't copy ahead of time. If you do this, be sure to fully format your computer before reinstalling Windows. This will destroy almost any type of malware. Once Windows has been reinstalled, follow the steps in .
4. What to do after all malware is finally identified for removal
Once you've made sure your computer is clean, you can now try to recover anything you've lost. You can use Windows Repair (All In One) - an all-in-one tool that allows you to fix a large number of known Windows problems, including registry errors, file permissions, Internet Explorer, Windows Updates, Windows Firewall. If after completing all the procedures, your computer is working normally, then you can also open Comodo Autorun Analyzer and select the option to remove those registry items that you previously only disabled. Thus, they will no longer be on your computer at all.
Once you have safely removed all infections from your computer and eliminated any remaining destructive effects, you must take steps to ensure that this does not happen again. For this reason, I have written a guide, How to Stay Safe Online (coming soon to our website). Please read it afterwards and implement the methods that you think best suit your needs.
After securing your computer, you can now restore any of the files lost during the cleanup process that were previously backed up. Hopefully you won't have to do this step. Also, before restoring them, make sure that your computer is very well protected. If you do not protect your computer sufficiently, you may accidentally infect it, and then you will have to clean it out again. Additionally, if you used a USB device to move any files to the infected computer, you can now insert it back into the computer and make sure that there is no malware on it. I recommend doing this by deleting any files remaining on it.
Found a typo? Highlight and press Ctrl + Enter
Infections can enter your computer from various sources, such as websites, shared folders, email, or removable media (USB drives, external drives, CDs or DVDs, floppy disks, etc.).
Standard behavior
Typically, ESET NOD32 Antivirus detects infections using the following modules:
real-time file system protection;
Internet access protection;
mail client protection;
on-demand computer scanning.
Each module uses a standard level of cleaning and attempts to clean the file, quarantine it, or terminate the connection. A notification window appears in the lower right corner of the screen. For more information about cleaning levels and behavior, see Cleaning.
Cleaning and removal
If there is no default action defined for the real-time file system protection module, the user is prompted to select one in a warning window. Typically the options available are Clear, Delete, or Do nothing. It is not recommended to select an action Do nothing, since infected files will not be cleaned. An exception is only allowed if you are sure that the file is harmless and was detected in error.
Cleaning should be used if the file was attacked by a virus that added malicious code to it. In this case, the program first tries to clean the infected file to restore it to its original state. If the file contains only malicious code, it will be deleted.
If an infected file is locked or in use by some system process, it is usually deleted only after it is freed. Typically, this happens after the system is restarted.
Multiple threats
If any infected files were not cleaned when you scanned your computer (or the Cleaning level was set to No Cleaning), a warning window will appear on your screen asking you to choose an action for those files. You must select actions for the files (actions are selected separately for each file in the list), and then click Finish.
Removing files from archives
In the default cleaning mode, the entire archive is deleted only if it contains only infected files. In other words, archives containing uninfected files are not deleted. However, you should be careful when scanning in the thorough cleaning mode, since this deletes the archive if it contains at least one infected file, regardless of the status of other files in the archive.
If your computer shows signs of being infected with malware (for example, it becomes slower, freezes frequently, etc.), we recommend that you follow these steps.
Open ESET NOD32 Antivirus and select Scan your computer.
Select an optionScan computer(See Scanning your computer for more information.)
After the scan is completed, check the log for the number of scanned, infected, and cleaned files.
If you want to scan only a specific part of the disk, select the option Selective Scan and specify the objects that need to be scanned for viruses.