Video Screencast Help

What does "Cleaned by Deletion" mean

Created: 19 Aug 2009 • Updated: 21 May 2010 | 8 comments

We have an Symantec Antivirus 10.1 environment.
We have found the Mibling virus in our network and Symantec does detect that virus.

Within the log we found that the Mibling virus is removed with the "Cleaned by Deletion" option.

But what does "Cleaned by Deletion" mean ?
is the virus removed/cleaned ? Is the Mibling created backdoor removed ?

I hope someone can help me with some usefull info.


Comments 8 CommentsJump to latest comment

Rafeeq's picture

If an infection is found soon after the file became infected, the formerly infected file will probably be fully functional. In some instances, however, Symantec AntiVirus may clean an infected file that has already been damaged by the virus. For example, if Symantec AntiVirus finds the Word.Wazzu macro virus in an infected document file, Symantec AntiVirus removes the virus, but does not remove the word wazzu that the virus places in the infected document. In this case, Symantec AntiVirus cannot repair the damage that has been done to the infected file.

Cleaned by deletion

View the events where the action configured was "clean," but a file was deleted because that was the only way to clean it. For example, this action is generally needed for Trojan horse programs.

M Samir0n's picture

its only the deletion of changes made by a virus in a file or a special file I think, not the entire file.

Vikram Kumar-SAV to SEP's picture

Trojans cannot be cleaned they are full of when Symantec tries to clean it first because first it looks at it as a good file..but when it finds out its full of will delete it
So it has cleaned it by deleting it... if the first option would have been to quarantine it would have directly sent it to quarantine rather than trying to clean it...

Trojans can not be cleaned as they are full of junk/Malicious codes.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search use it.

ShadowsPapa's picture

M - wrong, it means it was deleted - the file was deleted.
Otherwise, it would be "cleaned".

3 things can happen.....
Infected file - viral code removed, file remains
Trojan - there is no viral code because the infection IS the file and the file IS the infection, so the file is deleted - cleaned by deletion
Quarantined. It can't be cleaned, you didn't want it deleted so it was quarantined. Generally things like documents you want to quarantine, or file that may later be cleanable by later new defs you'd quarantine. There are times SAV or SEP know a file is naughty, but it is a very important document for the boss, so you don't want it deleted. Quarantine it in case later defs can clean it, and it happens.

Trojans have to be deleted - cleaned by deletion, or files that are corrupted or can't be cleaned.
GOOD files that have viral code inserted are cleaned.
Quarantined files - files that are infected but can't be cleaned now, but maybe can be cleaned and thus saved later.

(been doing this since about 1992 so trust me a bit, eh?  LOL  )

Rafeeq's picture

Its deleted, I took those lines form Help File, you can trust :) 

ShadowsPapa's picture

LOL. sort of when all else faily, click HELP? 
Naw, I'm more like Red Green - I throw the manuals away, a real man can assemble anything without the manuals.
(It's a Canadian and American thing, I guess)

Ramji Iyyer's picture

"Cleaned by Deletion" mean Symantec detected the virus & deleted the virus.

It is the term used by symantec to delete the virus.

Actually it should be "Deleted"

Ramji Iyyer

Ramji Iyyer

ben_cSEPticons_secured's picture

"Cleaned by Deletion", the title speaks for itself... :-)