Chris Hall bio photo

Chris Hall

Principal Technical Consultant

PolarCloudsUK Chris LinkedIn Github
Chris Hall Nutanix Certified Master - Multicloud Infrastructure 6 Chris Hall VMware vExpert 2024 Nutanix Certified Professional - Cloud Integration Chris Hall Nutanix Certified Professional - Multicloud Infrastructure 6 Chris Hall Nutanix Certified Professional - Unified Storage 6 Chris Hall VMware vExpert 2023 Chris Hall VMware vExpert 2022
Weighing in at fourth place most popular post on this site is Easy Bootable Antivirus CD/USB written in April 2010,  just over two years ago (yes, time does fly!)

Recap:
With the prevalence of Viruses / Rootkits / Spyware and all sorts of other malware these days, quite often I get asked to take a look at machines that are suspected of infestation with one or more of the above "nasties".

Quite often this comes about because the nasties have "grown resistant" to the antivirus tool being used  - that is they do not clean as expected.  Sometimes this can be because the nasty hooks itself deep into the operating system or it locks itself as in use and hence cannot be deleted.

One way around this is to boot the computer from an alternative operating system located on a device such as a CD or USB pen drive.  This will get around both issues, thus making the removal much easier.
/Recap

Many tools have come and gone over the last two years, however luckily for us an even easier  CD/USB based anti-virus tool has been released.  Surprisingly it's written by Microsoft.

Windows Defender Offline
Follows is the process to create and use a Windows Defender Offline (WDO) CD/USB.

Prerequisites:
  1. Find out if the infected (or suspected infected) machine is running a 32-bit or 64-bit version of Windows.  See Is my PC running the 32-bit or 64-bit version of Windows?
  2. The infected (or suspected infected) machine must have a minimum of 512Mb memory
  3. A blank CD, DVD, or USB flash drive(250Mb minimum)
  4. 500Mb free hard disk space to download to and create the CD/USB
  5. Download the appropriate version of the WDO creation tool from here (download links are at the bottom of the page)
Prerequisites satisfied, lets get on an use the tool.

Process:
Launch the downloaded executable (mssstool32.exe or mssstool64.exe).  You will be presented withe the following welcome page:

 
Click Next


Choose the media to create, CD or USB or create an ISO image file.  I chose to create an ISO file to burn to CD later. 


Choose the location of the ISO file


The tool will now download the required files from the Microsoft website.  Remember that at this point the WDO creation tool is downloading the latest version of the WDO boot media and the very latest anti-virus definition files for use with WDO.


All done.  Click finish.

I burnt my ISO image onto a CD using the excellent free ISO burning tool ImgBurn

Upon booting the infected (or suspected infected) machine from the WDO CD/USB, you are presented with the following:

 

The tool will boot into a quick scan. This will scan only areas of the computers hard disk that are known to potentially harbor nasties.  


I chose to cancel the quick scan and run a full scan instead.

All being well you will / will not (depending whether you were expecting to) be notified with details of an infection and that WDO has cleaned the infection.... or infections plural!

Shut down, eject the CD / remove the USB, and boot back up as normal.

Final word:
As most nasties spread due to lack of security patching,  upon first boot I would highly recommend a visit to Windows Update to install all missing security patches as soon as possible.

Perhaps even look at running Microsoft Security Essentials anti-virus instead of whatever windows anti-virus application you were running.  

Update:
If you find that your WDO CD/USB is not working as expected, have a look at this post over at Alex Verboon's blog: How to add drivers to the Windows Defender Offline Tool


- Chris