[KB3289] How do I remove a Quervar infection?



  1. Download the ESETQuervarCleaner.exe tool
  2. Click Start → All Programs → Accessories. Right-click Command Prompt and choose Run as administrator from the context menu.
    • Windows 8 / 10 users: Press the Windows key + Q to open an app search and type cmd into the Search field. Right-click the cmd application when it appears in results and select Run as administrator from the context menu.
  3. In the command prompt, type cd Desktop. The directory will change to indicate that you are accessing files from your Desktop.
  4. To run the ESETQuervarCleaner tool, type the command ESETQuervarCleaner.exe followed by any of the switches you want to use (listed below) and then the directory that you want to scan. For example, the command ESETQuervarCleaner.exe/d C: would scan the contents of the drive C: and create a log.

    The following switches can be used with ESETQuervarCleaner.exe:
    1. /d– Generate log: The scanner will produce a log of its activity which can be submitted to ESET for further analysis. We recommend that you use this switch so that ESET technical support agents can examine these logs if needed.
    2. /s– Silent mode: Files will be cleaned/decrypted in the background with no logs created.
    3. /f– Force cleaning: Any infected files will be cleaned or decrypted without any prompt from the user.

Need Assistance in North America?

If you are a North American ESET customer and need assistance, visit helpus.eset.com to chat with a live technician, view product documentation or schedule a consultation with an ESET Home Advisor.