Q

What is the safest way to handle quarantined adware?

A computer's adware has been quarantined. Now what? Expert Ed Skoudis explains the safest way to dispose of unwanted adware.

Once I quarantine adware like Starware Toolbar, what do I do with it? Can I destroy it from the quarantine folder? What is the safest way to handle quarantined adware?
Generally speaking, it's usually safe to delete the items in a quarantine folder. But, notice those weasel words in the previous sentence: "Generally speaking" and "usually." In other words, users have to be careful. Quarantine folders exist primarily because antimalware products sometimes issue false positives; accidentally classifying a legitimate program -- or even a part of the operating system -- as malware. If the antimalware tool were to outright delete the given file, it could break the app or render the whole machine inoperable. This happens on a periodic basis, with numerous examples of an antivirus tool detecting a piece of Windows as malware, resulting in major problems.

Thus, the best bet is to make a copy of the items in the quarantine directory, writing them to a USB token that...

has no other legitimate use (make sure it's not one of those auto-executing U3 USB devices). Then, clear out the quarantine folder. Keep in mind that it could take weeks for a user to know if the items that were quarantined were useful for an application on the machine. A problem would only manifest itself when a legit app requires an esoteric DLL or even an EXE that has been deleted. Thus, hold onto the contents of the USB token for a about a month before finally deleting it thoroughly. This process, although cumbersome, is the safest way to empty a quarantine folder.

More information:

This was last published in February 2008

Dig Deeper on Malware, Viruses, Trojans and Spyware

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close