How to do a super-clean malware scan

No matter how good your security software, and how well you keep it up to date, there’s always that nagging doubt: “What if some malicious program is interfering with my antivirus, protecting itself while hurting me?”

That’s a legitimate question, and it’s one of the reasons I frequently recommend that people use a second malware scanner to supplement their main antivirus program. But even that suggestion involves running a program already installed on your PC (and thus, possibly compromised), while something evil may be running in memory.

I’m going to recommend two ways to scan for infection in a clean environment. Pick which makes the most sense to you, or–if you’re really paranoid–use both.

Windows Safe Mode and a Portable Scanner

Only the minimum, basic code loads when you boot Windows into Safe Mode. It’s a good bet your malware infection won’t be running in this environment.

On a safe computer, download the SUPERAntiSpyware Portable Scanner and save it to a flash drive. This self-contained malware program (in the form of a DOS .com executable file with a Windows user interface) gets updated regularly, so you can assume the version you just downloaded is up-to-date.

Then boot the suspect PC into Safe Mode. Press F5 just before Windows starts loading (it may take a few tries to get the timing right), and select Safe Mode from the resulting menu.If you don’t see a Safe Mode option, press F8.

Once the PC is booted, insert the flash drive. Unlike Windows’ normal mode, nothing automatic happens when you plug in a drive, but if you select Start then Computer (or My Computer) the drive will very likely be there. Open it, double-click the program file with a name that starts with SAS and ends with .COM. Once the program is up, click Scan your Computer.

SAS COM program

It’s possible that your PC won’t see a flash drive in Safe Mode–some do, some don’t. If yours falls into the second category, boot it normally, then copy the SAS…COM file onto your desktop. Then boot into Safe Mode and run the scanner.

Boot from a Live CD

If Safe Mode doesn’t seem quite safe enough, you can skip Windows, altogether. To do so, on a safe computer download the F-Secure Rescue CD.

This “CD” comes in the form of an .iso file (which itself comes inside a compressed .zip file). It’s important that you run the .iso file in a program that knows what to do with it; merely copying the file to a CD will not have the desired effect. When you double-click the .iso file, there’s a good chance that some program on the computer will automatically load and ask for a CD-R onto which it can burn the file’s contents. If that doesn’t happen, download and install ISO Recorder.

Once the disc is complete, place that disc in the PC you wish to scan and boot your PC off the CD. It will boot a text-based version of Linux.

Using a wizard, F-Secure will update its database over the Internet, then scan your PC.

At least, it can do that if it can find the Internet. Linux may not have access to any special drivers for your networking hardware, and certainly won’t have your WiFi password. Your chances of getting through are greatly enhanced if you use ethernet.

If you can’t get an Internet connection, there’s a workaround: On a healthy computer, you can download the latest update and put it onto a flash drive. The F-Secure Rescue CD manual (a .pdf in the .zip file) explains how.
But the F-Secure Rescue CD comes with a very serious warning.

If it has to alter Windows system files to clean your system, it may render Windows unbootable. That’s something to consider before you decide to take this route.


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs