Offline Virus & Malware Scanning

Obviously I would like you to hire me to perform this kind of task, but for those do-it-yourselfers out there this article gives a brief introduction to offline security scans.

Sometimes the antivirus and anti-malware software you use on a daily basis isn’t enough.  This includes ALL such protection software.  Don’t listen to the salesmen or enthusiasts of one product or another; no security product is 100% effective.  Offline scans can help find and remove pernicious and persistent malicious code from your computer.

For the sake of this blog post I will say “security threats” rather than use the terms virus, malware or malicious code; and “security products” rather than antivirus and anti-malware software.

First, let me define offline malware scanning.   Offline scanning is the process of booting to a specially prepared CD, DVD or USB thumb drive to use third-party software to scan your hard drive for security threats.  This bypasses Microsoft Windows altogether, which is not active at the time of the offline scan.  Security threats are sometimes able to successfully hide from Windows itself, which means those same security threats can hide from any security products running on your Windows computer.

Let’s also agree to use “bootable device” instead of continuing to repeat the phrase “CD, DVD or USB thumb drive.”

There are a number of companies that offer free offline security scanners.  I will cover two of them in this blog post.  Other software producers have products that work much the same way as these two.

RECOMMENDATION: Always download security products ONLY from the websites of the software makers themselves.  All other download locations should be considered unsafe for the purposes of this discussion.

RECOMMENDATION: Use a computer that you are pretty sure is NOT infected to create these bootable CD, DVD or USB thumb drives.  It is possible for an infected computer to interfere with and infect these items and render them useless.

RECOMMENDATION: Professional standards indicate your computer should be considered free of these security threats only after two – or perhaps three – clean scans.  This means you run your initial scan which should catch the security threats, then reboot and run the scans again.  Do this until you get at least two consecutive “clean” scans.

Windows Defender Offline

Windows Defender and Windows Defender Offline continue to change and improve as time goes by, as any successful software must.  You can download it from the bottom of the page at the link provided below.  Be sure to download the correct version for your computer, 32-bit or 64-bit.  Download and run that file, make sure there is a CD, DVD or USB drive available on your computer.  Anything on the USB drive will be erased, so take care to empty it before you start.  Follow the directions provided by the installer.  Then boot your computer to that CD, DVD or USB drive.

The process is even more simple for Windows 10 users; Windows Defender – including Windows Defender Offline – is built in to Windows 10.  Follow the brief directions in the link below.

Download Windows Defender Offline

Kaspersky Rescue Disk

Kaspersky also provides an offline scanner I have used successfully.  This download is not an executable file.  You must use some software to burn this ISO file to a bootable device.  You cannot simply copy the ISO file to a bootable device and have it work as expected.

I like to use ImgBurn, a free and useful software product you can download here: Download ImgBurn v2.5.8.0

Download and install ImgBurn, then download the Kaspersky ISO file.  Navigate to the download folder, then right-click the file named kav_rescue_10.iso and select Burn Using ImgBurn from the pop-up menu.  Ensure your bootable device is ready, whether it’s a CD, DVD or USB drive.  Here is a screenshot you may find helpful.  There are a number of options, but all you really need to is select your bootable media, then click the “write” icon shown in this screen shot.

Once the ISO file is successfully written to disc, you can use it to boot your computer and perform an offline scan.

Download Kaspersky Rescue Disk ISO file

There are two handy YouTube videos by Haig Dickson that show you how to use your Kaspersky Rescue Disk

How Remove Malware with Kaspersky Rescue Disk 10 Part 1

How Remove Malware with Kaspersky Rescue Disk Part 2

I will create one of my own in the near future, but for now I recommend you jump to the 18 minute mark in the first video to skip some non-useful content.

—
Dennis Strain
Enclave Managed Networks
Box 365, Smithers, BC, Canada V0J 2N0
1-877-877-8793 toll-free phone & fax
1-250-847-2589 office
dstrain@enclave365.ca