One of the more difficult situations to find yourself in is to have a malware-infected machine that either won’t boot, or won’t allow you to run anti-malware tools because of the infection.
The most common next step is to download a bootable anti-malware disc, and burn it to CD or install it on a USB flash drive. You then configure your computer’s BIOS or UEFI to boot from the CD or USB, reboot, and instead of starting Windows you’re running the anti-malware tool instead that can then scan the hard disk in your system.
There are several, but my first choice is Microsoft’s own Windows Defender Offline.
We first need to talk about the name, “Windows Defender”. Microsoft continues to confuse us with their choice of product names.
There have been, I think, three different Windows Defenders:
As we’ll see in a moment, Windows Defender Offline looks a lot like the Windows Defender that’s actually installed in Windows 10.
Getting Windows Defender Offline
Getting Windows Defender Offline is a two step process. First you download the creation tool1 from the Microsoft website, and then run that tool to create the actual bootable Windows Defender Offline media.
After running the tool and accepting the inevitable license agreement, you’re offered a choice of what to create:
Choose whatever is most convenient and you know your machine can boot from.
The tool will then create the media you requested – burning it to a blank CD, creating a bootable USB drive, or writing an ISO file you can later burn to CD yourself.
This may take some time since the actual Windows Defender Offline program is not actually downloaded until this point.
Running Windows Defender Offline
Boot from whatever media you just created. (It’s important to create new media each time, as the malware definitions are part of the media, and you want to make sure you have the latest available.)
You’ll get the (new) Windows Logo for a bit:
Then a Windows Defender Offline activity indicator:
Once fully loaded Windows Defender Offline immediately begins scanning:
Upon completion it’ll either report what was found, or as in my example, report a clean bill of health:
That’s basically the process. You can now perform a deeper scan if you like.
Windows Defender Offline Options
Once the initial quick scan is complete you can then fiddle with options or perhaps run a Full scan to ensure that Windows Defender has an opportunity to scan your entire machine.
Just remember that whatever options you select or changes you might make while Windows Defender Offline is running will probably be lost when you’re done – there’s no way for the tool to save those updates to the CD from which it was run, and it’s unlikely that it’ll treat the USB installation any differently.
Close Windows Defender Offline, and your machine will reboot. Make sure to remove the Windows Defender Offline bootable media so that the machine boots from the hard disk as normal.
Windows Defender Offline Alternatives
First, if you have an anti-malware tool other than Microsoft’s installed already you might want to check that product’s documentation and/or web site; you may have available to you a stand-alone boot version that may (or may not) be more current and/or more full featured than some of these free alternatives.
I’d start with that, but particularly if you suspect that your anti-malware tool didn’t catch something you’ll want to try another tool.
In addition to Windows Defender Offline, there are several other free stand-alone anti-malware tools:
Each of these are free downloads that you burn to CD. You then boot from that CD to run the anti-malware software.
Which to use? Well, aside from starting with my choice, Windows Defender Online, and then perhaps whatever your installed anti-malware tool might provide, conventional wisdom is: all of them. If you’re fighting a nasty malware infection it’s completely expected that some tools may catch malware that other tools may miss; it’s the nature of the fight against malware.
More practically, though, having one or two of your favorites on call is typically enough.Remember, though, you’ll want to download and create the CD when you need it, not before, so that it’s as up to date as possible.