My ESET product detected a threat—what should I do?
Types of threat notifications
Depending on the type of threat, your ESET program might clean, block, or quarantine one or multiple files, block access to a website, make changes to online communication settings, or take no action at all. To see records of previously detected threats, view your detected threat log.
See below for a list of notifications that you might see from your ESET product and our suggestions about how to follow-up when you see them:
This type of notification is displayed when your ESET product detects a malicious file or malicious communications taking place that might damage your system. The Threat parameter will display the name of the threat that was detected. In most cases, your ESET product will clean, quarantine or block threats that result in this type of notification. If a threat is not cleaned, deleted or quarantined, it is a special case and requires further action.
Some "Threat found" detections are classified as UwS. Depending on the type of detection, ESET may automatically clean the threat or ask for user interaction to Disconnect or Ignore threat.
This type of notification is displayed when your ESET product detects a file associated with a potential threat. In most cases, this type of notification is displayed because a potentially unwanted application (PUA) was detected on your system. Potentially unwanted applications are licensed software that have been identified by ESET because they contain adware, install toolbars or perform other actions that might negatively affect your experience when using your computer.
You can configure your ESET product to detect or ignore these types of applications, based on your preference. To remove all applications of this type, make sure that you have configured your ESET product to detect PUAs and then perform a scan with strict cleaning.
Threat found during a scan
If your ESET product detects a threat during a scheduled or on-demand scan and does not automatically clean the threat, the Threats found dialog will be displayed. The location and type of threat will be displayed in the Name and Threat columns. Use the drop-down menus in the Action column to select the type of action taken against a threat. Click Finish when you are finished.
- Show hidden files or folders.
- Restart your computer in Safe Mode.
- Navigate to the infected file or folder.
- Right-click the infected file or folder and select Delete. When prompted to confirm, click Yes.
- Navigate to your Desktop, right-click Recycle Bin and select Empty Recycle Bin. When prompted, click Yes to confirm.
- Restart your computer and run a Computer scan.
Infected file is in use by another program or locked in memory
If you receive this notification while scanning your system, follow the steps below:
- Allow the scan to finish.
- Restart your computer in Safe Mode.
- Run another Computer scan.
- Restart your computer in normal mode.
DNS Cache poisoning attack or Detected ARP cache poisoning attack
This message usually appears as a result of a conflict between a router and the Personal firewall in ESET Smart Security. To resolve this issue, see the article below:
The threat was detected inside a damaged or password-protected archive file
Archives (such as .zip or .rar) combine multiple files into one compressed file. ESET products do not delete archives because an archive file that is identified as infected can contain clean files as well as infected ones. If your ESET product has detected an infected file within an archive, you have two options:
- Delete the archive file: Although you will lose the clean files within the archive, attempting to recover material from an infected archive could potentially spread an infection.
- Use a file-archiving program (such as WinZip, 7zip or WinRar) to move individual files out of the archive (be sure to scan these files once you extract them from the archive).
The virus was detected inside a Microsoft Outlook Express .dbx file
If you locate an infected .dbx file, follow the steps below:
- Open the .dbx file in Outlook Express.
- Locate the message with the virus according to the sender, date of sending, subject, etc.
- Delete the infected message (click here for guidelines on submitting samples to ESET).
To prevent Outlook Exchange from downloading a virus when retrieving mail from your Internet service provider in the future, make sure that email client protection is enabled in your ESET product. To do so, press F5 to access Advanced setup, expand Web and email → Email client integration → Email client Integration and make sure that the check box next to Integrate into Microsoft Outlook is selected.
Your computer was infected prior to installing an ESET product
Your ESET product may be unable to remove viruses and threats that were present on your system before your ESET product was installed. If you think that your computer was infected before you installed ESET and is still infected, contact ESET technical support.
Virus found in the Java cache directory
If a virus is discovered in the cache directory, we recommend that you clear the cache manually. See the following article for assistance:
Potentially unwanted applications
The detected threat might be classified by your ESET product as a potentially unwanted application (what is a potentially unwanted application?). When you installed ESET you were given the option to enable/disable the detection of potentially unwanted applications.
Scan is configured to 'no cleaning'
If the Cleaning level of your ESET product has been set to 'no cleaning,' running a scan of your computer will detect threats without taking action to remove them. To resolve this issue, see the article below:
Infected files found in the System Volume Information
If your system creates System Restore files while infected with a virus and later that virus is removed, infected files can remain in the System Volume Information folder. To resolve this issue, clean the System Volume Information folder.
The virus was detected in an .exe or .dll file archived with UPX