A method includes stalling a cache flush instruction to flush a cache; determining that the cache comprises a file that has been infected with malicious code, and terminating the cache flush instruction to prevent the cache from being flushed to disk. By preventing copying of the infected file from the cache to disk, the malicious code is prevented from being propagated to disk. Accordingly, the malicious code is detected and defeated without having the malicious code be present on disk. Thus, detection of an infected file on disk and the repair of the infected file on disk are unnecessary and obviated.