Why can some viruses be ‘cleaned’ while others cannot?

Joseph Videtto December 17, 2012
Ads by Google

Why can some detected viruses be ‘cleaned’ and others can not?

  • Is it a function of the quality of the antivirus software ?
  • Is it possible that some antivirus programs can clean viruses that others cannot ?
  • Is it just the nature of the virus – that some viruses are inherently ‘uncleanable’

I have detected some viruses in files that I cannot easily replace, and I am wondering if I have any options in trying to clean files that my antivirus software says at best it can quarantine.

What good is the quarantine if you can’t clean the file? You might as well just delete it then and there, no?

  1. Lisa Santika Onggrid
    December 19, 2012 at 1:54 pm

    Some antivirus work better on certain virus family, and depending on the coding, able to detect more virus than the others. This way, it's normal that some virus could be cleaned by an antivirus but not the others. That's why many people like to keep two antivirus. One for live scanning (works in the background) and one on-demand scanner for second opinion. Other alternative is using online virus scanner like in Virustotal.com for comparison.

    Some virus are so intricate that you're required to do more steps manuallt to clean them thoroughly.

    As for the last part of your question, I honestly don't know. I think if you delete the quarantined files, the infected files would be deleted as well while if you succeed in cleaning the file, it remains intact.

  2. Jan Fritsch
    December 17, 2012 at 3:07 pm

    I would say all points are correct to a certain point. Of course a virus is not "uncleanable" but there are cases where a reinitialization of the hard drive is (a) the most reliable option (b) the fastest and easiest option – although it could even nest itself deeper into the hardware e.g. within the firmware.

    One can always try to clean a virus but the success and resulting damage varies. For example some virus just put themselves at the end of a file while others actually overwrite parts of it. In the latter case the files are simply put unusable, garbage, afterwards.

    The quarantine has multiple uses.
    Mostly it is used for tracking of the infection (what was it, how far did it go), for example if you get the same virus over and over again you should be alarmed that you are doing something "wrong" or missing something (e.g. a virus on a USB flash drive you regularly use but never scanned or deleted).
    Another possible use could be for infections that are detected by your AV but no reliable cleanup function is yet implemented.
    And then there are false positives - imagine you are downloading a legitimate download e.g. from the Microsoft server and your third-party AV is telling you this specific file is infected. Of course it is a good idea to redownload the file but you can also have it put into the quarantine until the AV software has updated it's definition.

  3. Rohit Jhawer
    December 17, 2012 at 3:00 pm

    Every Antivirus has its own database, kaspersky and bitdefender are really good at their database they are the best in the market now. Some antivirus may find a virus but wont be able to clean it, If that happens try to run a anti-spyware or anti-malware and check in most of the cases this should work. Time has changed now these company's provide cloud based services which are effective and free to use. Bitdefender 60sec scan is good to see if there are any active virus in your PC.

  4. Irshaad Abdool
    December 17, 2012 at 1:46 pm

    some viruses have a copy of themselves hidden somewhere on your pc plus a registry key that lauches a script at startup to copy the virus from the hidden location. So need to get an antivirus that will delete it each it the virus replicates. Use antiviruses will file execution shields

  5. Mathias Dika
    December 17, 2012 at 12:32 pm

    some time antivirus softwares detect unknown file extension and report them as virus aklso depend on strength of virus for example if u use free/tyrial antivirus softwares dioesnt remove all virus but may give us type of virus which doesnt delete

  6. salim benhouhou
    December 17, 2012 at 12:15 pm

    i do believe that it is a function of the quality of the antivirus software

  7. susendeep dutta
    December 17, 2012 at 11:23 am

    All antiviruses works on a set of virus definitions which gets updated over a time.So,if a virus is found but not cleanable,it might be cleaned in future as the company develops some solution for it.

    It's not a good idea to delete the quarantined files as sometimes due to false positives,it might delete some system driver files of other attached devices or some other important files which can lead to system instability.

  8. Âdil Farôôq
    December 17, 2012 at 8:39 am

    It may be because your virus database is not yet updated so it may not delete all the viruses.

  9. ha14
    December 17, 2012 at 8:30 am

    if you cannot delete them on desktop you can try safe mode or live cd antivirus. On safe mode or on Live cd some or all process will be shutdown so no less or no activity from the virus.

    possible depends if antivirus are cloud based or database updates.

    quarantine is like prison virus should not have activity

  10. Ahamed Yaseen
    December 17, 2012 at 7:32 am

    Some of the antivirus software may not have some virus samples...So they not clean all the virus...

  11. Fawad Mirzad
    December 17, 2012 at 5:34 am

    The reason why some viruses can be cleaned and some do not. Most viruses tries to protect them selves and prevent antivirus from deleting them. although if your antivirus supports you can use boot time scan.
    And in most cases updating virus engine will help cleaning viruses. if not you can submit the file to your antivirus manufacturer.

  12. Kulwinder Rouri
    December 17, 2012 at 4:20 am

    It depends on the Updates of antiviruses, Antivirus can only remove those viruses which are included in the update file, that's the reason why some viruses can not deleted after scanning and always update your antivirus.

  13. Junil Maharjan
    December 17, 2012 at 4:08 am

    some antivirus programs cannot delete all the viruses. use a good antivirus like avg, avast and boot into safe mode then use the antivirus. i hope this helps.

  14. luis donis
    December 17, 2012 at 3:09 am

    What antivirus also it depends because some not cleaned at all and is somewhat difficult for them to remove it in person and I passed but I could remove antivirus that have good detection.

  15. Jim Chambers
    December 17, 2012 at 2:37 am

    Forgot to add that quarantine safely locks away files containing a virus and gives you a way of restoring the file if they are false positives. You can access the quarantine folder and delete the contents.

  16. Jim Chambers
    December 17, 2012 at 2:31 am

    Some antivirus programs are better than others with some being so aggressive that you get false positives. No virus present just a program displaying a virus like property. With certain viruses the antivirus gets rid of active component and on reboot a hidden component re-installs the virus. With hard to clean viruses you may have to turn off system protection to delete restore points where viruses can hide, use program like Ccleaner to get rid of Temp files and caches and run the anti-virus software in safe mode or from a live DVD or flashdrive after updating its virus definitions. Even then the virus may be hiding on one of your devices such as a flash drive and be re-installed when you connect to your computer.

    • Joseph Videtto
      December 17, 2012 at 11:48 am

      ...love your point about the 'false positive' - I'm going to open a question just on that topic.

Ads by Google