My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Lists of frequently asked questions

If Dr.Web has detected a malicious program, one of the following actions can be applied to it:

  • Cure — Dr.Web can try to restore the infected file to its original state.
    In most cases, the "Cure" option will be unavailable. This action is only available for files infected with known, curable viruses. Trojans and compromised files found in other objects (archives, email files and file containers) cannot be cured.

  • Remove — a malicious object (file, script, email attachment, etc.) is permanently deleted.

  • Move to quarantine — if for some reason you want to save a file (for example, to send it to Doctor Web’s virus laboratory), you can move it to the secure quarantine folder where it will not be able to harm your PC.

  • Ignore — no action is taken. Choose this option only if you are completely sure that the threat is in fact a false positive.

Threat-neutralisation options have their limits:

  • Suspicious objects (seemingly infected files and files that supposedly contain malicious code) cannot be cured.

  • Threats that are not actually files (e.g., boot sectors) cannot be moved or deleted.

  • No actions can be performed with individual files in archives, installers or emails—in such cases, an action is applied only to the entire object.

New threats are emerging every day, and it is quite possible for a trojan to get into your system undetected since no corresponding definition yet exists in the virus database and the malware has not done anything suspicious to expose itself. As a result, the file monitor SpIDer Guard, which scans files, whenever they are being opened, launched, or modified, and watches over running processes, cannot detect it.

Dr.Web recommends

Schedule regular system scans to occur at least once a week. You can set up the scans to be run at the most convenient time for you—for example, when you are not using your PC.

Dr.Web scanner for Windows either scans files at the user’s command or on the schedule specified in the Scheduler. Not all the files are checked, but only those specified in the scanner settings instead. By default, files are checked by format — i.e., files in archives, packed and e-mail files, and RAM and all the autorun objects as well. You may choose to scan disks, folders, scan by file types, by preset mask, or scan all the files. To view current scanner settings, go to the program main window menu bar and select Settings–>Modify settings.

Quick scan of the critical system objects with the anti-virus scanner is launched automatically as the program starts. It is required to find out if any viruses exist in the system. After the scan is complete, two right windows indicate numbers. The left one shows the number of viruses found on your PC, while the right one — the number of RAM objects and files scanned with the anti-virus scanner.

In order to launch full scan, please use the Task scheduler.

Windows XP:

Open the Windows task scheduler (Start->Control panel->Assigned tasks). Find the Dr.Web Daily Scan task pre-installed during installation and open it to edit. In the Task tab, check Enabled. In the Schedule tab, specify scan frequency and time you need. Press Ok to apply the settings. Enter user name and password upon the operating system request.

Windows Vista/7:

In order to edit a task pre-installed during the anti-virus installation, right-click on the Dr.Web icon in the notifications area and select Tools->Scheduler. In the next window, select the Drweb Daily Scan task, which is disabled by default. You should enable it (by right-clicking the task and selecting Enable option). In the Triggers tab, edit launch time and frequency.

The Move action in respect to infected and incurable objects means the following: an object is moved to a special directory specified in the Move to field (by default, it is the infected.!!! subdirectory of the Dr.Web installation directory) and accessible even after the scan is over. Furthermore, after having been moved, the file loses its extension. Such actions mean that the virus is actually “disarmed”, rendered incapable and, therefore, absolutely safe.


Nothing found