On-demand Spyware Scanning from CD or USB Stick

I clean PC's regularly as a side job and have for quite a few years now. I have a good set of anti-virus programs that can be run from the command line from either a CD or USB stick depending on the job and works great for removal in Safe Mode. However, I am trying to find a few more spyware removal programs that can be run this way without installation.

I am aware of Ad-Aware SE running this way by simply copying the program executable and latest definition file. But I would like a few more.

What I need:
- something that I can just copy to CD or USB along with definitions
- something that will run in Safe Mode
- something just for on-demand spyware scans and removal
- needs to be free (I don't pirate software)

What I don't need:
- something that needs to install first, making use of the registry and so on
- real-time protection
- automatic updates

I am just testing out Spyware Terminator for the first time but don't know yet if it can work the way I need it to. Please let me know if this is possible.

Are there any other spyware removal programs that can be run this way?

I appreciate all comments and suggestions.

Thanks,
Dave

 

Hello,

Forensic tools for a Windows user
http://www.ubcd4win.com/

Ultimate Boot CD for Windows

Knoppix live CD
http://www.knoppix.org/

Helix live CD
http://www.e-fense.com/helix/

Mrk

 

Very nice, thank you for pointing this out. I have messed around with BartPE before, but I was not aware of this project. This will definitely simplify things for me. I will certainly bookmark this and likely look into it further, although I still prefer cleaning in Safe Mode so that the registry can be cleaned as well.

Thank you.

 

a-squared Command Line Scanner 2.1

Freeware! This program is a console application to scan your PC. It was made for professionals who don't need a setup or graphical user interface. All features of the Anti-Malware scanner are included.

I use this one from a USB stick

Gerard

 

One more screenshot from a2.

Gerard

 

DR Web Cure it. link in my Sig.
i want kaspersky to make a scanner like that so i can use it on other people's pc's but they haven't yet.
lodore

 

gerardwil,

Perfect! All of the antivirus scanners I use are command line as well, so this will work out great. I have not used a2 before, but I have heard of it.

Are the detections the same with the command line version as with the normal version?

Is a2 a relatively trusted antispyware application when it comes to detection rates?

Thank you so much,
Dave

 

I gave Dr. Web CureIt! a try and it is quite good. I'm glad that it utilizes their full signature database.

If Kaspersky made a standalone program like this, that would be amazing. It would be a one-stop fix for removal. We can only wish...

Thank you for your suggestion for Dr. Web CureIt!, I will be adding that to my other tools.

 

no problem i sometimes use it myself to double check.
lodore

 

Detection should be the same

I am not a (skilled enough) tester.
It's one more toy which might be helpfull in detecting malware.

Gerard

 

Hi DaveD,

Great topic. Can you tell us what you have been using so far? That will help those of us who have not been using the command line until now.


Thanks
pnadon

 

I would be glad to share. First of all, I would like to point out that I only use software that is freely available.

McAfee Command Line Scanner
Download Site: http://vil.nai.com/vil/virus-4d.aspx
Engine File: win_betaengdat.zip
DAT Updates: win_netware_betadat.zip

This does include the latest 5100 engine. The DAT files are beta and have been minimally test. However, I should point out that I have never had a problem with them. These DATs are basically just before they go in for final QA testing. I would probably avoid removing viruses that are detected by heuristics just to be safe, I use the move to quarantine option for that. But like I said, I have not had any FPs using this during the 2-3 years that I have been using this.

Example: scan.exe /adl /all /analyze /mime /program /streams /unzip /winmem
Means: Scan all local drives, heuristics, mime-types, spyware, ntfs streams, archives, windows memory.
You could also throw in the "/clean" or the "/move 'location'" when cleaning.
scan.exe /? (will show you all commands)

Not only do these DATs have the current and official virus signatures already tested and approved, but also included several hundred signatures not yet fully tested or approved. Therefore, I prefer them to the official DATs anyways. You could technically use the official DATs without any problems, but that would be going against any agreements or whatever.

-------------

Trend Micro Sysclean (which has been improving in detections lately)
http://www.trendmicro.com/download/dcs.asp
You need to get the Sysclean Package and latest pattern files. Unzip pattern files.

This will show you command line options:
http://esupport.trendmicro.com/support/viewprint.do?ContentID=en-117058&View=p

Basically, run sysclean.com by double-clicking.
While running, copy vsapi32.dll and vscantm.bin to another directory.
Also copy the latest unzipped pattern file to that directory.
Therefore, you only need those 3 files for command line scanning from CD or USB.

vscantm.bin /nbpm /? (will show you the options)
The "/nbpm" must be included always or it will not work.

Those are all instructions provided by Trend Micro.

-------

Both of these I run in Safe Mode when cleaning PCs. Once they clean up the mess I would go ahead and install Active Virus Shield or another freebie to protect the PC in the future. I have never had a situation yet where AntiVir PE Classic or Active Virus Shield detected anything at all left behind from my cleanup with McAfee or Trend Micro. Safe Mode certainly works much better and provides less headaches. I might look into F-Prot's command line scanner in the future, but I don't know if it is freely available or not.

Cheers,
Dave

 

Ewido micro scanner runs without installation. It does require an internet connection to download the latest definitions however.

 

Is this still around and functional?

The reason why I ask is because of their purchase by Grisoft and how the name and all switched to AVG.

 

it works for me still.
lodore

 

Yes its still around and functional. I don't know if its downloadable from other websites. What i do is visit the ewido website using firefox and select an online spyware scan. Because it doesn't support firefox it lets you download the app for manual on demand scans.
http://www.ewido.net/en/onlinescan/