chrishoffman — 2013-11-09T06:41:29-05:00 — #1
Originally published at: http://www.howtogeek.com/175234/how-to-use-an-antivirus-boot-disc-or-usb-drive-to-ensure-your-computer-is-clean/
If your computer is infected with malware, running an antivirus within Windows may not be enough to remove it. If your computer has a rootkit, the malware may be able to hide itself from your antivirus software.
pd86535 — 2013-11-09T09:54:12-05:00 — #2
When I encounter a machine with malware I almost always go directly to using a boot disc. It can take longer than doing it with the OS running, but it is more likely to clean the machine on the first attempt.
When you try to clean a machine while the OS is running, you can never be sure you got everything and most of the time I ended up using a boot disc to clean up leftover remnants anyway. Now I use a boot disc from the start and just get it done on the first try.
I generally use the Microsoft DaRT tools since that also gives me other tools I may need to clean the machine.
exrelayman — 2013-11-09T10:02:38-05:00 — #3
I am glad to see you cover this topic, because I have a problem doing this and maybe I can get some help.
I have used both Kapersky and Dr. Webb to do this very thing with my old windows 7 pc, but my windows 8 and windows 8.1 on my new pc built for windows 8 will not boot into the rescue media, which I think is linux. I changed the boot order also per the article and that did not help. The computer simply does not recognize the rescue media. So I wondered whether this might be a windows 8 phenomenon or a phenomenon specific to my Gateway, or if there is some other thing to try that I have not thought of. Any ideas would be appreciated.
fredlit — 2013-11-09T10:49:47-05:00 — #4
ajb746 — 2013-11-09T11:03:55-05:00 — #5
My favorite antivirus is Comodo Rescue Disk. I have it installed on a usb drive that can also boot an Ubuntu live cd, Hiren's Boot CD, and GParted.
baht — 2013-11-09T11:10:47-05:00 — #6
I have Windows Defender 32 bit and 64 bit on two USB sticks.
exrelayman — 2013-11-09T12:16:35-05:00 — #7
Thanks you for your attention to my problem. I have already done that particular thing. I can use F12 and DEL to interrupt the boot process. When I use a windows based Macruim boot disk, my windows pc will recognize it and boot from it when I do interrupt the boot sequence and so instruct. But any linux based rescue media simply does not show as a boot option. I do still at least have the option to remedy via going to a backup, but I like having as many remedies as possible.
pd86535 — 2013-11-09T20:52:39-05:00 — #8
Perhaps secure boot is preventing the Linux OS from booting.
jeorge_kabbi — 2013-11-10T00:33:34-05:00 — #9
thank you very much for this helpful article.
exrelayman — 2013-11-11T13:10:26-05:00 — #10
I am updating here for the sake of others in a similar fix. First: the article is only good for pcs up thru windows 7. Once windows 8 is installed, you can't no way in Hades use any linux based rescue system, which is the gist of the article. Windows 8 just won't let you boot them up. Period. Disable secure boot or not. I made an Avast rescue disc that was supposed to be windows based and windows 8.1 refused to recognize it also.
Many free backup softwares make a backup but wont restore to it in windows 8. Windows itself still makes backups, as does the free Macrium. You can also make a custom refresh.
As to remedies short of having to resort to restoring to some sort of backup, there is a way to boot into safe mode with networking. In there, I found that Avast, SuperAntiSpyware, Glary, and AdvancedSystemCarePro do not work. However, Panda Online works from there and I would suspect so does MalwareBytes though I am writing this before trying it.
I am not a techie. So I would love for someone who is a techie to demonstrate how wrong I am in what I have stated above, and that some sort of rescue media might be available for windows 8.1 pcs. I did try the Windows Defender Offline and got it to try to boot, but it sat there saying it was booting for about half an hour and I gave up on it - it was on a 3.0 usb stick in a 3.0 usb slot, and even my Kapersky recue CD loaded in under 5 minutes on windows 7.
It is a shame that windows 8 in trying to make us more secure took away the powerful defensive resource of rescue media. So please, some techie, come in and show me how wrong I am about this!
nick5 — 2013-11-14T14:21:41-05:00 — #11
When you are in Windows 8, open command prompt (Windows key + Q, then search for 'cmd' - without quotes)
Type in following command
shutdown /s /t 0
Windows will shut down properly (instead of cached shutdown for fast-startup)
Now try to boot from the rescue USB/CD,
Please note that a reboot will also do the same (ie proper shutdown and proper startup)
I hope this will solve your problem
Please reply back with updates
exrelayman — 2013-11-14T16:23:18-05:00 — #12
Thanks very much for trying. Alas, that did not help. I am successfully interrupting the boot process. I am able to see Windows Defender Offline Beta for 8.1 as a boot option, but it simply says it is loading windows but never does. Anything linux based, I see that there are files on the cd or flash drive, but in the boot situation no option to boot from them is offered.
I am pretty well resigned to just having to do a reset to a custom image or restore to a Macrium image if Panda or Malwarbytes in safe mode doesn't cure the problem. I have already spent days on this and am sick of fighting it any more.
It may be of course, that the new safe boot is of greater value than the rescue media was - I have no ability to assess. It would have been nice to gain secure boot without losing rescue media as an option. Also I have no ability to assess whether my problem is just my machine or if it is endemic, I have heard no other complaints like mine despite searching. But I am pretty resigned by now that its just how things are gonna be.
A note to anyone else who may wrestle with this problem with their windows 8.1 pc: you must go into bios and disable secure boot to even see Windows Defender Offline as a boot option (that don't boot in my case!). Go back and enable secure boot when finished, I feel sure what it does is desirable with the notable exception of this particular problem.
ringhalg — 2013-11-15T07:47:46-05:00 — #13
Windows 8.1 encrypts the drive by default, I am guesing this will prevent any antivirus program from scanning/accessing the system from outside the OS. If that is the case, then the only way to scan the system is from within the OS or disable encryption.
nick5 — 2013-11-15T16:07:35-05:00 — #14
Like the ringhalg said in above comment, Windows 8.1 default encryption may be the culprit,
Go to this HTG article http://www.howtogeek.com/173592/windows-8.1-will-start-encrypting-hard-drives-by-default-everything-you-need-to-know/ and disable the encryption as the article mentioned,
Please report back whether this fixed the issue or not
exrelayman — 2013-11-15T18:10:11-05:00 — #15
Your post enlightens me as to the relevance of ringhalg's post, which I did not understand.
Alas again, I use a local account and not a microsoft account and thus the encryption option should not be in play - per both the referenced article and also the fact that when I go through the steps described in the article I do not see anything about encryption at the bottom of the PC info list.
This is a windows 8 machine updated to 8.1 via the free windows store update. I think I tried to use rescue boot media while it was still on windows 8 and could not do so then either. I must be the one black sheep because no one else has complained of it. I can live with it, but sometimes some malware will go undetected for 2 or 3 weeks and restoring to a backup that old really involves a lot more time getting back up to date than the mere restore process (eg, finding out how far back you need to go through multiple tries, then updating files, windows, and software) - but still beats reinstall/reset by a mile!
exrelayman — 2013-11-16T16:06:08-05:00 — #16
I am replying to you rather than myself to be sure you are notified to read this. It is also my hope that my experience will benefit others who experience my difficulty.
In an earlier post I despaired of any remedy and implored any real techies to show me wrong. I was wrong! There is a remedy. I have booted from the Kapersky Rescue Disk and also from the Avast Rescue disk, the former operating in linux and the latter operating in Windows PE.
While I found this on my own, I would never have accomplished this without the replies of you and Ringhalg determined to help me. I was inspired to keep plugging away at the problem that I had thought helpless.
It is true that disabling secure boot did not cause my bios to see either of these disks as a bootable option. What was needed was this sequence: 1) disable 'secure boot', AND 2) at another place in bios, enable 'launch CMS'. Voila! The rescue disks can be recognized and booted from! (Remember to go back and activate secure boot when finished!)
So thanks for the desire to help and for nudging me in the right direction! I post this update on my situation both because you asked me to and also in hopes it may help someone else experiencing the same difficulty. And I am so grateful to have gotten to the solution before comments on this article were closed so that my findings may help others.
geek — 2013-11-19T16:03:09-05:00 — #17
This topic was automatically closed after 8 days. New replies are no longer allowed.