What is the safest way to handle quarantined adware?

A computer's adware has been quarantined. Now what? Expert Ed Skoudis explains the safest way to dispose of unwanted adware.

Once I quarantine adware like Starware Toolbar, what do I do with it? Can I destroy it from the quarantine folder? What is the safest way to handle quarantined adware?
Generally speaking, it's usually safe to delete the items in a quarantine folder. But, notice those weasel words in the previous sentence: "Generally speaking" and "usually." In other words, users have to be careful. Quarantine folders exist primarily because antimalware products sometimes issue false positives; accidentally classifying a legitimate program -- or even a part of the operating system -- as malware. If the antimalware tool were to outright delete the given file, it could break the app or render the whole machine inoperable. This happens on a periodic basis, with numerous examples of an antivirus tool detecting a piece of Windows as malware, resulting in major problems.

Thus, the best bet is to make a copy of the items in the quarantine directory, writing them to a USB token that...

has no other legitimate use (make sure it's not one of those auto-executing U3 USB devices). Then, clear out the quarantine folder. Keep in mind that it could take weeks for a user to know if the items that were quarantined were useful for an application on the machine. A problem would only manifest itself when a legit app requires an esoteric DLL or even an EXE that has been deleted. Thus, hold onto the contents of the USB token for a about a month before finally deleting it thoroughly. This process, although cumbersome, is the safest way to empty a quarantine folder.

More information:

This was last published in February 2008

Dig Deeper on Malware, Viruses, Trojans and Spyware



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: