Home > Parasites & Security > Here

Last Updated May 7, 2007 (Version 2.0)
Receive notice whenever this page is updated.

Sometimes it is necessary to delete a file that doesn’t want to be deleted. Frequently, this is the case in a virus-laden computer where the resident antivirus software is incapable of removing the afflicting files.

This page is aimed primarily at manual removal of virus-infected files that resist deletion. Whether you want to delete stubborn files for that reason or others, the following approach is recommended and should prove helpful. In following these tips, please understand that stubborn file deletion often is as much art as science. To some extent, you have to develop your own technique and, in the case of deeply-rooted viruses, it probably will involve some going back and forth because as you remove some files they may be replaced by others you haven’t yet removed.


  1. Print out, or otherwise have at hand, the list of infected files to delete.
  2. Be sure that Windows is set to show Hidden and System files and folders. In Windows Explorer orMy Computer, at Tools | Folder Options | View, set Hidden files and folder to “Show,” and uncheck Hide protected operating system files. (Beginning with Windows Vista, My Computer is called Computer, and you need to press Alt before you will see the Tools menu.)
  3. Download HijackThis, IBProcMan, Advanced Process Manipulation, and Killbox. Have these at hand (say, on your desktop) before you start.
  4. Boot to Safe Mode. (Do all remaining work on this problem in Safe Mode.) Make sure nothing is running. To boot your computer in Safe Mode you need to restart the computer and bring up the Boot Menu. How to do this varies slightly with different versions of Windows.


  1. In Safe Mode, using My Computer, go to the relevant folder(s) and just try deleting each infected file. If you can’t delete one, go on to the next until you’ve deleted everything you can this way.
  2. NOTE: When deleting a file from the System32 folder, check first to see if it is in the System32\dllcache folder. If it is, then delete it from there first — otherwise, Windows will restore the file from dllcache when you delete it from System32. Confirm (when asked) that you do not want Windows to restore it!

  3. For those you haven’t been able to remove, something is running in the background. You have to catch it when it isn’t running before you can delete it. The two main ways are to End Process on the file while Windows is running, or to delete the file at a time that Windows isn’t running. (On Windows 9x, or on NT-based versions using FAT32, this can be done simply by booting from a startup floppy and deleting the file; but on Windows 2000, XP, etc. using NTFS, that isn’t possible.) Each of the suggestions below attempt one or the other of these approaches.
    • Delete on reboot approach
      1. If any infected files are left, use another tool in HijackThis Config | Misc Tools — the utility to delete a single file on next reboot. Select one of the files remaining and mark it to remove. Don’t close HijackThis (leave it running). Then reboot (back to Safe Mode).
      2. If this doesn’t work, try Killbox another tool that provides the opportunity to delete a file on next reboot.
  4. Here’s where it can get tricky: If the wrong file is left undeleted, new infected files may be recreated on next startup. Do your best and keep plugging away.


When I asked the brightest and most experienced pool of Desktop Support MVPs I know, several of them (no surprise!) had some further suggestions on how to delete stubborn files. These included the following:

Visit Microsoft.com