Summary This article explains what you can do if malware is found in the Temporary Internet files folder. Malware found in Temporary Internet files The Temporary Internet files folder on Microsoft Windows computer systems contains files - such as images, HTML pages, executable and script files - that Internet Explorer has downloaded from websites visited by the user. Sometimes the F-Secure product may detect viruses and adware inside the folder. In Windows XP, the folder is located here: C:\Documents and Settings\\Local Settings\Temporary Internet Files\Content.IE5 Note: If you only have one user account on Windows XP, use Administrator as the username. In Windows Vista and 7, the folder is located here: C:\Users\\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 C:\Users\\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 In Windows 8 and 8.1, the folder is located here: C:\Users\\AppData\Local\Microsoft\Windows\INetCache Note: These files are hidden system files. To be able to access these files, you need to make changes to the folder options. Deleting files from the Temporary Internet files folder If the Temporary Internet files folder contains malware, we recommend that you delete all the files in the folder. Because the files are only cached copies, no actual data is lost. To delete the files in Windows XP: Do one of the following: Click Start > Control Panel > Internet Options. Open Internet Explorer and select Tools > Internet Options.The Internet Properties dialog box opens. Under Temporary Internet files, click the Delete Files... button. The Delete Files dialog box opens. Select first the Delete all offline content checkbox and click then OK to delete the temporary Internet files. To delete the files in Windows Vista, 7 and 8: Do one of the following: Click Start > Control Panel > Internet Options and, on the General tab under Browsing history, click the Delete... button. Open Internet Explorer and click Tools > Internet Options and, on the General tab under Browsing history, click the Delete... button. Open Internet Explorer and click Safety > Delete Browsing History.The Delete Browsing History dialog box opens. Select the Temporary Internet files checkbox and click the Delete button to delete the temporary Internet files. This article in other languages: Finnish, Swedish, German, French, Japanese, Italian, Danish, Norwegian, Dutch, Polish
Summary This article provides information about fake antivirus and antispyware products, known collectively as rogue security software or rogueware. Description Rogue security software is also known as Scareware. It is made purely to scare users into buying their way out of a "problem" that the software itself creates. It is possible that the software shows an infection that doesn't exist, that the software claims to clean an infection but does nothing or that it installs a real trojan. What to do with fake security software? If your computer gets infected with rogue security software, the case should be handled by F-Secure Security Labs. However, there are a few things that the lab requires before they can help you with the infection. To be able to help you, the Security Labs needs the following log files for further investigation: Execute F-Secure BlackLight. If it finds any hidden items, save the log file. This tool is available at ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe. Execute GMER tool. Click the Scan button on the main page, and once the scanning is finished, click the Save... button on the same page to save the produced log file. This tool is available at http://www.gmer.net/gmer.zip. Execute Autoruns.exe from Sysinternals. Remember to enable the Hide Signed Microsoft Entries setting. Save the produced log file. This tool is available from Microsoft at http://www.microsoft.com/technet/sysinternals/SystemInformation/Autoruns.mspx. Execute HijackThis. Save the produced log file. This tool is available at http://sourceforge.net/projects/hjt/. Send all generated log files to F-Secure Security Labs in a single ZIP file. We recommend that you protect the ZIP file with password infected. Send the ZIP file to F-Secure by registering for an account with our sample analysis system at https://www.f-secure.com/en/web/labs_global/submit-a-sample. Please login and submit the sample together with a short message describing the issue in the message field of the submission form. This article in other languages: Finnish, Swedish, German, French, Japanese, Italian, Danish, Norwegian, Dutch, Polish
Summary This article describes how you can create a ZIP archive and password-protect it. Description It is recommended that you create a dedicated folder where you copy all the sample files that you want to send to F-Secure for analysis. In addition, you need special software, such as WinZip, to be able to create archive files. If you do not have WinZip, download and install it from http://www.winzip.com/downwz.htm. Creating a ZIP file To create a ZIP file, complete the following steps: To create a new folder, right-click on your desktop and select New > Folder. Give the folder a name, such as samples. Copy the sample files to the folder you just created. To add the sample files to a new zip file, select the files (click Ctrl+A to select all), then select File > WinZip > Add to Zip file. The Add dialog is displayed. Enter the path and the zip filename, e.g. f-securesample.zip, in the Add to archive field. Note that the default folder is the one where the sample files are currently stored. Finally click Add. The f-securesample.zip file is created. Password-protecting the ZIP file To password-protect the ZIP file, complete the following steps: In the WinZip window, select Actions > Encrypt or click the Encrypt button. The Encrypt dialog is displayed. Enter infected as the password, confirm it by re-entering the password, and finally click OK. An asterisk (*) is shown at the end of the filename in the WinZip window to indicate that the file was successfully password-protected. Select File > Exit to close the WinZip window. This article in other languages: Finnish, Swedish, German, French, Japanese, Italian, Danish, Norwegian, Dutch, Polish
Question How can I check which version of the Windows operating system I have? Answer You can check the operating system version in Windows system properties. To check your system properties in Microsoft Windows: Click Start. Click Control Panel. Do one of the following: In Windows 7 and 8: Select System and Security. Click System. In Windows Vista: Select the System and Maintenance category. Note: This step may not be necessary in all computers. Click System. The System Properties window opens. In Windows XP: Select the Performance and Maintenance category. Note: This step may not be necessary in all computers. Double-click System. The System Properties window opens. You can view the properties of your computer, such as operating system version, processor information, and the amount of memory (RAM).
Question How can I clean an infected System Volume Information folder or a System Restore folder? Answer If a virus infects your computer, it is possible that the virus is backed up in the System Restore folder. System Restore is a feature of the Windows operating systems. To clean the System Restore folder, you need to first turn it off, and then scan and clean the folder. By turning off System Restore, you lose your last system restore point. Unfortunately, there is no other way to remove infections from System Restore. If you want to continue using the System Restore feature, it is important to turn it on after removing the infected files. To turn off System Restore in Windows 7: Close all open programs. Right-click Computer, and select Properties. The View basic information about your computer dialog box opens. Click System protection. The System Properties dialog box opens. Click the System protection tab. Click Configure. Select Turn off System protection. Click Apply. When the system asks if you want to turn off system protection, click Yes. Click OK. Scan all hard drives and all files for viruses with your F-Secure security product. Once you have scanned and cleaned the files, turn on System Restore in Windows 7 as follows: Right-click Computer, and select Properties. The View basic information about your computer dialog box opens. Click System protection Click the System protection tab. Click Configure. Select Restore system settings and previous versions of files. Click Apply. Click OK. To turn off System Restore in Windows XP: Close all open programs. Right-click My Computer, and select Properties. The System Properties dialog box opens. Click the System Restore tab. Select the Turn off System Restore on all drives check box. Click Apply. When the system asks if you want to turn off System Restore, click Yes. Click OK. Scan all hard drives and all files for viruses with your F-Secure security product. Once you have scanned and cleaned the files, turn on System Restore in Windows XP as follows: Right-click My Computer, and select Properties. The System Properties dialog box opens. Click the System Restore tab. Clear the Turn off System Restore on all drives check box. Click Apply , and then click OK. To turn off System Restore in Windows Vista: Close all open programs. Click Start. Select All Programs > Maintenance. Select Maintenance > Backup and Restore Center. Click Create a restore point or change settings. If asked, click Continue. Under Available disks, clear the check boxes for all drives. Click Apply. When the system asks if you want to turn off System Restore, click Turn System Restore Off. Click OK. Restart your computer. Scan all hard drives and all files for viruses with your F-Secure security product. Once you have scanned and cleaned the files, turn on System Restore in Vista as follows: Close all open programs. Click Start. Select All Programs > Maintenance. Select Maintenance > Backup and Restore Center. Click Create a restore point or change settings. If asked, click Continue. Under Available Disks, select all drives. Click Apply. When the system asks if you want to turn on System Restore, click Turn System Restore On. Click OK.
This article explains how to clean or disinfect a compressed file. Handling infection in a compressed file Compressed files are files created with Winzip, Winrar or other file archivers. Common file extensions used with compressed files include ZIP, RAR, CAB and GZ. With the current versions of F-Secure products, you cannot automatically disinfect a file that is inside a compressed file. To disinfect a file which has been found infected inside an archive, do as follows: Manually extract the files. Try to disinfect (or just delete) the infected file(s). Repack the files again. More information Currently, no malware is known to infect straight from compressed files. For such an infection to occur, the executable file would need to be extracted to a temporary location first in which case the F-Secure product would detect it before it could be launched by the user. This article in other languages: Finnish, Swedish, German, French, Japanese, Italian, Danish, Norwegian, Dutch, Polish
Summary This article describes how you can save a spam, ham or phishing message to a file. Description F-Secure welcomes samples of spam, ham and phishing messages that you have received. Note: Spam, ham and phishing message samples should be submitted to specific e-mail addresses. For more detailed instructions, see page http://www.f-secure.com/en/web/labs_global/submit-samples/spam-submission Saving sample messages to a file To save a spam, ham or phishing message, complete the following steps: Open the spam, ham or phishing message that you have received in your e-mail program. Select File > Save As. Find an appropriate folder for the file, give it a descriptive name (the subject of the message is the default name of the file) and save it. Send it to F-Secure. This article in other languages: Finnish, Swedish, German, French, Japanese, Italian, Danish, Norwegian, Dutch, Polish
Not all malware is listed in F-Secure's virus description database. Detailed descriptions are not available for all malware even though the product detects them. Also, many viruses belong to the same family and share the same description. If you cannot find the description of a particular malware that your product has found, look for a similar name in the virus description list. Note: The product detects much more malware than is listed on the database. This article in other languages: Finnish, Swedish, German, French, Japanese, Italian, Danish, Norwegian, Dutch, Polish
There are two types of antivirus scanning: protocol-level scanning and filesystem-level scanning. Protocol-level scanning checks data that enters the computer via the network. Filesystem-level scanning checks the files that are saved on the computer's file system, i.e. generally the computer's hard disk. Antivirus scans can be triggered in a number of ways. A filesystem-level scan is started when a file is accessed, i.e. when you open an application or save a document. This is also known as on-access scanning. Scheduled scanning is an on-demand scan of files. The functionality is the same in terms of finding viruses, but it is started deliberately rather than being automatically started based on file access. The same applies to a scan started by the user - this is a true on-demand scan. Protocol-level scanning takes place inside the software, in the firewall module. The file is scanned before it is allowed through the firewall, for example when downloading a zip file. The file will be scanned twice; first when it is downloaded and again when the file is saved to disk. The content files will be scanned again when they are extracted from the zip. On-access scanning is, strictly speaking, a variation of the on-demand scan. The difference is in the requester of the scan, not the scan itself. This article in other languages: Finnish, Swedish, German, French, Japanese, Italian, Danish, Norwegian, Dutch, Polish
Summary This article describes how you can clean a Java cache folder. Cleaning the folder In some rare cases, a few infected files and archives with infected files are detected inside Java cache folder. To remove the infection, empty the cache folder as follows: Click Start > Control Panel. Double-click the Java icon to open the Java Control Panel. (Don't know where to find Java Control Panel?) Click Settings under Temporary Internet Files. The Temporary Files Settings dialog is displayed. Click the Delete Files button. The Delete Files and Applications dialog is displayed. Select the check boxes and click OK. As this folder only contains cached files, no actual data is lost in the operation. Warning: Be careful when deleting files. Make sure that you are deleting files inside the Java cache folder only. Otherwise you may damage your system. This article in other languages: Finnish, Swedish, German, French, Japanese, Italian, Danish, Norwegian, Dutch, Polish
Applies to the Browsing Protection feature in the following F-Secure products: Internet Security F-Secure SAFE Mozilla releases a new version of its Firefox browser approximately once every six weeks (https://wiki.mozilla.org/RapidRelease/Calendar). The new versions are released to introduce new functionality and to address bugs, vulnerabilities and security issues. F-Secure supports two latest major versions of the Firefox browser. This means, as an example, that when Mozilla releases its next major browser version (Firefox 46) on April 19, our products will support Firefox browser versions 45 and 46 until the next Firefox release in June when the supported browser versions include 46 and 47. Note: We recommend that you upgrade your Firefox browser to the latest version as soon as it is available. To find out what browser version you are running, click (Firefox >) Help > About Firefox.
Question How can I clean Recycle Bin from malware? Answer The F-Secure product may detect infected files inside the Recycle Bin folders. These folders are used to store files that the user has deleted. You can usually find the folders here: C:\RECYCLED C:\RECYCLER C:\$RECYCLE.BIN\ To remove the infected files inside these folders, you need to empty Recycle Bin. To empty Recycle Bin, do as follows: Double-click the Recycle Bin icon on your desktop. From the File menu, select Empty Recycle Bin. Click OK. All files inside the Recycle Bin folders on all drives are removed. Note that because these files are meant to be deleted, no real data is lost in the operation. This article in other languages: Finnish, Swedish, German, French, Japanese, Italian, Danish, Norwegian, Dutch, Polish
Summary This article describes how you can use an EICAR test file to see how your antivirus software works. EICAR test file EICAR Standard Anti-Virus Test File (EICAR) is a safe file developed by the European Institute for Computer Anti-Virus Research (EICAR) for testing anitvirus software. It is commonly used to confirm that the antivirus software is installed correctly, demonstrate what happens when a virus is found, and check internal procedures and reactions when a virus is found. Your antivirus software detects EICAR as if it were a real virus. Testing with EICAR EICAR is a good way to get familiar with your antivirus software. The EICAR test file is available in the following four formats: eicar.com: EICAR test file. eicar.com.txt: Copy of eicar.com with a different file name. eicar_com.zip: EICAR ZIP file for testing compressed files. eicarcom2.zip: An archive which contains the eicar_com.zip file for testing nested compressed files. To download the EICAR test files, visit either the EICAR test file page or F-Secure's Security Lab page. From there, you can also find instructions on how to create an EICAR test file. Note : If you have problems downloading the eicar.com file, downlowad eicar.com.txt instead. Rename it then to eicar.com. See how the firewall blocks unsafe traffic These instructions apply to products which contain a firewall (F-Secure Internet Security): Download eicar.com. Change the security level (firewall profile) to a stricter one. See how real-time scanning detects harmful files See how harmful files are deleted or renamed: Try to save eicar.com on your computer or execute it. If your antivirus software is on and working properly, you should not be able to execute the file or save it to your computer. The antivirus software automatically detects and disinfects the file either by renaming or deleting it. See how harmful files become harmless when they are renamed: Change the file name of eicar.com to, for example, eicar.co0. The file becomes unexcecutable, similar to a dead virus. Change the name back to eicar.com to execute it, and you notice that your antivirus software detects it again automatically. See how harmful files in an archive are detected: By default, compressed or archive files, such as ZIP files, are not scanned in real time. F-Secure's antivirus products scan the archive files automatically once you attempt to extract or execute their content. Download the eicar_com.zip file and save the file to your computer. Note : To test nested compressed files, use eicarcom2.zip. Try to exctract the ZIP file or execute one of the files within the ZIP file. Right-click the eicar_com.zip file and select Scan eicar_com.zip for viruses. See how e-mail scanning detects infected e-mails You can use EICAR to test how e-mail scanning detects infected e-mails. Important: Before using EICAR to test your mailbox: EICAR is a safe file but actions taken during disinfection may make it dangerous, especially if your antivirus software does not scan incoming or outgoing e-mails. If the infected file is named OUTLOOK.PST , INBOX.DBX , or similar, do not select the Delete automatically action during disinfection. This file is your mailbox file, and if you select this action, your mailbox is deleted. If this happens, see article How to restore a deleted mailbox. This article in other languages: Finnish, Swedish, German, French, Japanese, Italian, Danish, Norwegian, Dutch, Polish
Summary This article explains how you can clean a temporary folder containing malware. Description In many cases, infected files and archives are detected inside temporary folders. These folders are used to store files used for a short period of time, e.g. during the installation of software. The location of these folders varies and can be one of the following: C:\Documents and Settings\\Local Settings\Temp C:\Documents and Settings\Guest\Local Settings\Temp C:\Documents and Settings\Administrator\Local Settings\Temp C:\Users\\AppData\Local\Temp (Windows Vista) where is your Windows user name. Removing infection Make sure Windows Explorer is configured to show all files, including system and hidden files: In Windows Explorer, select Folder Options from the Tools menu. Click on the View tab and select the Show hidden files and folders option. To empty the temporary folders: Go to the temporary folder where the infection was detected. Select all files and subfolders and press the Delete button on the keyboard, or select Delete from the File menu. Warning! Be careful when deleting files. Make sure that you are deleting files inside the temporary folders only. Otherwise you may damage your system. This article in other languages: Finnish, Swedish, German, French, Japanese, Italian, Danish, Norwegian, Dutch, Polish
Summary This article describes how you can take screenshots which you can then attach to your support request. Description When you contact technical support, it is often useful for the technical support to see, e.g. the error message as it appears on your screen. Screenshots enable our technical support to help you solve your issue faster and more efficiently. Taking screenshots To take a screenshot, do as follows: Find the Print Screen key on your keyboard. It can also be labeled as "Prnt Scrn", "Print Sc", or similar. On a standard keyboard layout, the key is at the upper right-hand corner of your keyboard. To take a snapshot of your entire screen or a specific window, do one of the following: Press Alt + Print Screen to copy the currently active window to the clipboard. Press Print Screen to copy the entire screen to the clipboard. Click Start > All Programs > Accessories > Paint to start the Windows Paint program. Select Paste from the Edit menu. Your screenshot appears on the canvas. Save the screenshot file. Now you can attach the file to your technical support request. Tip: The easiest way to take a screenshot in Windows Vista, Windows 7 and Windows 8 is to use the Snipping Tool which can be found by clicking Start > All Programs > Accessories > Snipping Tool. This article in other languages: Finnish, Swedish, German, French, Japanese, Italian, Danish, Norwegian, Dutch, Polish