Manual removal of harmful files

Every program consists of files. Even spyware, a virus or a different parasite – all have their own files. Removing the parasite often means deleting all its files. However, some files cannot be easily erased. For instance, you cannot delete the file while it is used by an active application. Furthermore, some files are simply “invisible”. Imagine the situation: your anti-spyware program keeps detecting a parasite, and you know where its files reside. You open the corresponding folder, but can see nothing in there! The parasite continues performing malicious actions and its files still remain in that “empty” directory.

If you still wonder how this can happen, we will try to explain everything from the very beginning. Files really can be “invisible”, i.e. hidden. However, it is not their exceptional feature – the operating system simply hides them from you. Such OS behavior can be a result of certain malware activity. But there are several ways to make the system display such files and thus delete them.

The following instructions explain how to find a file, make it visible (in case it is hidden) and completely remove it from the system. This information is also fully applicable to folders (directories).

1. Locate the file

Let’s assume you know the name of the file or at least a part of it. In such case run Windows default search tool: Start > Search > For Files and Folders. Type in the file name or its part to the search field. Specify a search location. For better results select “Look in: Local Hard Drives” or “Look in: My Computer“. Now start searching. The file should appear in search results.

Image 1. Search for the file

If you have no idea how to spell a filename, but you know, where it can possibly be, then you can try finding this file manually. Most parasites attempt to hide their tracks, so you will have to enable the displaying of hidden and system protected files. Start Windows Explorer. If you are using Windows Me, Windows 2000, Windows XP or Windows Server 2003, click on the Tools menu and select Folder Options. For prior OS versions navigate to View > Options.

Image 2. Make hidden files visible

Choose the View tab. In the Advanced Settings list find the option Show hidden files and folders and select it. Then remove a checkmark next to the line Hide protected operating system files (Recommended).

Image 3. Change view settings

Some files may still be invisible. To see them, launch the Command Prompt. Press the Start button and then select Run…. This should open the Run dialog. Type in cmd.exe and press enter or click on the OK button.

Image 4. Launch the Command Prompt

Within the appeared console window type: dir /A name_of_the_folder. This will list all the files, which reside in that folder. Hidden files will also be displayed.

Image 5. View folder content

2. Delete the file

Simply delete the file using the Windows Explorer or any other program that you use to browse the file system. Do not forget to empty the Recycle Bin. If an error message appears saying that file is in use and cannot be removed, try to terminate the associated process and then delete the file. To do this you will have to open the Windows Task Manager (press CTRL + ALT + DEL or CTRL + SHIFT + ESCAPE). Then in the Processes tab select the corresponding process and click on the End Process button.

Image 6. Terminate the corresponding process

However, some processes will start immediately after you terminate them. In such case you will have to reboot your system into the Windows Safe Mode (this tutorial article explains how to do this). In this mode many system services are disabled and programs do not run automatically on startup. Practically any file can be easily removed.

The malicious file can also be deleted from the Command Prompt. Open the Command Prompt and navigate to the folder, where the harmful file is. To do this issue the following command: cd name_of_the_folder. Then invoke this command: del name_of_the_file. To delete the folder use another command: rmdir /S name_of_the_folder.

Image 7. Delete the file from the Command Prompt

Image 8. Delete the folder from the Command Prompt

If you do not know how to perform described actions, if you are not sure why you have to do certain tasks, or the above guide is too difficult for you, feel free to try our recommended automatic spyware removers.