Sometimes after running a complete scan, NOD32 will inform me that it needs to reboot the system to finish removing certain infected files. My question is, how is the infected file actually deleted after restarting? Does NOD32 have some sort of mechanism in place to finish the job, or am I suppose to run another scan after the restart to actually accomplish the deletion? Here's why I'm asking. I may run 3 scans with 3 different products and they may each indicate that I need to restart the computer so they can clean or delete (or whatever) the files they are having issues with. Do I have to restart after each scan is complete, or can I wait until after the last scan to restart the pc? Would that leave files from the first two scans untouched or will they be deleted? I just want to reduce the number of restarts, but not at the expense of leaving infected files on the system. Thanks!

Some infections will hook themselves in to other running processes. Attempting to unload these while the process is running can cause system instability, so Nod32 clears them out during the following reboot before they can re-add themselves to the process they were previously hooked in to.

I stumbled upon at least one mechanism for deleting files after a restart and it's built into the operating system. It varies slightly depending on the OS but there is a registry key named PendingFileRenameOperations. It consists of a pair of strings, with the 1st string being the name and location of the file to be renamed or deleted. If the 2nd string is empty, then the file specified in the 1st string is deleted. Otherwise, the file in the 1st string is renamed/moved according to the entry in the 2nd string. Cool! There is a link to a Microsoft KB article below. Although it doesn't mention Vista, I'm going to presume it works the same way in Vista. Does anyone know for sure?

http://support.microsoft.com/?kbid=181345

Yes it works in Vista and Win7. That API has been around for ages.

It's a bit like the QChain approach when you're installing Windows Updates; at the reboot Windows ensures that it installs the latest version of the file. So if you installed 5 hotfixes which all affected the same Windows DLL, and you installed them "out of sequence", then Windows ensures that it's the latest one that gets installed.

Off topic I know, but same idea.



Jim