Antivirus that can be run from a flash drive with complete definitions

Discussion in 'other anti-virus software' started by trott3r, Oct 2, 2014.

  1. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    829
    Location:
    UK
    Hello,

    I am trying to run a virus scan on a computer which has its internet down.

    Which scanners can download their full definitions on to a flash drive and then run from the flash drive without an internet connection/

    Malwarebytes and SASpyware both cannot download their updates and so are of limited use.
    Hitman pro kickstarter will not run inside of windows and requires booting from the usb however the pc will not boot from usb.

    thanks for your time

    Martin
     
  2. Charyb

    Charyb Registered Member

    Joined:
    Jan 16, 2013
    Posts:
    552
    Emsisoft Emergency Kit - http://www.emsisoft.com/en/software/eek/

    Have you tried pendriveapps.com and/or portableapps.com? I know these have portable scanners.

    You could try changing the boot order in bios in order to boot from usb.
     
    Last edited: Oct 3, 2014
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I think these will work:

    ComboFix
    Dr.Web CureIt
    Emsisoft Emergency Kit
    Kaspersky Virus Removal Tool
    Trend Micro Anti-Threat Toolkit

    plus some live media anti-malware
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,054
    Avira PC Cleaner also.
     
  5. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    the portable version of SAS does not need to as it already has the latest definition files upon download
     
  6. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    854
    You can simply copy over the Malwarebytes definition from a working computer:
    Some more for the list:
    Aswmbr (Avast) - you can run it on a networked computer to download the definitions, then copy the folder created for the definitions (in C:\Users\xxxxx\AppData\Local\Temp\_av4_), and put in the equivalent location on the ?infected computer;

    Comodo Cleaning Essentials - run it on a networked computer first, download updates, then copy the whole folder intact.

    Kaspersky, Dr Web Cureit are both good choices, as mentioned by others. Combofix as a last fix.

    Personally I'd start with Malwarebytes, while I looked myself with Autoruns.
     
  7. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    829
    Location:
    UK
    Last time i looked at portable apps it was only the miserable clamAV.

    I cant boot from usb as it only has 2 slots and they are taken up by multi card reader, hard drive and optical drive.
    Will have to disconnect one of them.
     
  8. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    829
    Location:
    UK

    Thanks for the malwarebytes tip.

    combofix is a bit of a napalm solution, when i last tried it it messed up a fair amount of my preferences.
    Definitely a last resort
     
  9. kikesan

    kikesan Registered Member

    Joined:
    Dec 26, 2008
    Posts:
    13
  10. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    in my opinion, kaspersky's "rescuecd" should be used instead of the "virus romoval tool".. the rescuecd is intended to be run from a USB flash drive..

    here is a link for kaspersky's rescuecd:

    http://support.kaspersky.com/viruses/rescuedisk

    note that you have to use kaspersky's tool for setting up the USB flash drive, so read the instructions for doing that..

    kaspersky's rescuecd includes a registry editor.. that could be useful if you need to remove some regkeys that are used for starting up malware..

    some alternatives are avira's rescuecd or microsoft's rescuecd, which is called "windows defender offline"..

    if you find that you have an issue with a "poweliks" malware-infection, you could try using "roguekiller" to remove it.. here is an article relating to that:

    http://www.adlice.com/poweliks-removal-with-roguekiller/

    (the article is a little outdated since a new variant of "poweliks" has been found, but the roguekiller program has been updated, to handle the new variant)..

    some other good programs to use are:

    adwcleaner
    junkware removal tool
    hitmanpro
    malwarebytes
    ESET's online-scanner

    p.s. you might need to adjust some settings in the bios in order to be able to boot from the USB flash drive.. either way, you could look at the bios-settings.. on my computer, i didn't need to adjust any settings, in the bios.. i just tapped the F12 key, on my keyboard, as the computer was booting up, and it gave me the option to boot from the USB flash drive.. (i am using an OLD Dell computer, running windows xpsp3)..
     
    Last edited: Oct 4, 2014
  11. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,054
    I tried to use Kaspersky RescueCD but it doesn't support UEFI. I don't like to change UEFI settings each time I want to boot from CD.
     
  12. chromicus

    chromicus Guest

    I believe you left out one major piece of AV software which can be run from a portable device, and can do a better job than Kaspersky or other alternatives listed above. I am talking about ClamWin (ClamAV) software, and you can find detailed intructions for installing ClamWin on portable devices on this page. The only thing you need to remember before using ClamWin from a portable device is to change its settings to move viruses and other threats to quarantine instead of simply presenting a report after scan is finished. The quarantine folder is better to be created on the portable device and not on the hard disk.

    Here is a complete list of portable AV software on this page right here on Wilders forums. Some of those apps include support for Windows XP too even if the question asked is meant for Windows 7 users.
     
    Last edited by a moderator: Oct 18, 2014
  13. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    854
    Since when can it do a better job?

    It's traditionally been quite slow, with lower detections than the rest. Has something changed?
     
  14. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,054
    Yes, F-Prot was really fast, the last time I used it (it was years ago...). But both Clam Av and F-Prot are not top AVs when it comes to detection and prevention.
     
  15. phalanaxus

    phalanaxus Registered Member

    Joined:
    Jan 19, 2011
    Posts:
    499
    I would burn my computer if i had to resort to clamwin for cleaning.

    MBAM, Emsisoft Emergency Kit, CCE, Vipre rescue, spybot portable, Avira PC Cleaner can all do what you want AFAIK. If you don't know how to use Combofix I suggest you to not run it, it's a scriptable malware removal tool and it's not intended for everyday use.
     
  16. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    854
    Clamwin has always performed worse in threat detection in independent testing, i.e. testing against known or unknown (heuristic) threats. This test of yours proves nothing in relation to its effectiveness. You can't make a sweeping claim that Clamwin is more effective than the other tools, without a reasonable argument and some evidence.

    It does however prove the point that Clamwin is slow - it took 2m 21seconds to scan the memory, some processes, and 369 files. In roughly the same time, a Quick Scan from Malwarebytes did this much on one of my computers:
    Objects scanned: 291839
    Time elapsed: 2 minute(s), 22 second(s)


    Without defining what an 'object' is exactly, it's clear that the scan was far more comprehensive than just a memory/processes scan. The MBAM quick scan also includes looking in all the autorun locations, and the common locations for malware to be stored locally based on what's known about current families of malware.

    Malwarebytes has demonstrated effectiveness through independent testing - which matches real world experience. There's a reason why it's the go-to tool for techies in malware removal. In my experience of malware removal, I'd never have used Clamwin as it has always been slow, and misses things that others find. What's the point of using it? I'd rather utilise tools like Malwarebytes, Hitmanpro, and my own eyes with Autoruns - significantly faster and more effective. Bootable antivirus programs are great, but can be hit-and-miss if they'll even load correctly, and often time consuming. Personally I prefer to reinstall a system after I've found what has infected it (and ideally the root cause of how it became infected.)
     
  17. chromicus

    chromicus Guest


    I agree, MBAM, Emsisoft Emergency Kit, CCE, Vipre rescue, spybot portable, Avira PC Cleaner and so on may be excellent solution for cleaning up your OS. But I do have a question for you .. have you ever had to reinstall a program or the entire Windows OS after using one of these solutions? And I am asking because, in the end, all these virus/malware cleaners can restore partial data from whatever was corrupted but they are no good for prevention only for data recovery.

    A reliable AV and a good Firewall can protect your Windows system for years but once you get infected there is little chance you'll be using that operating system for long. You clean-up, save what data can be saved (without even being sure it is completely safe and disinfected), and the you do have to format and start everything from scratch. So, be it clamwin or other av software or malware cleaners, data backup will always be the best "antivirus" solution for both prevention and cleaning your PC. Better than clamwin, and better even than MBAM, Emsisoft Emergency Kit, CCE, Vipre rescue, spybot portable, Avira PC Cleaner.
     
  18. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    854
    You made the claim that Clamwin "can do a better job than Kaspersky or other alternatives listed above" when:
    1/ this is simply not the case (based on independent testing, and real world experience);
    2/ you apparently have no experience of the main anti-malware programs in the first place, so on what grounds do you compare Clamwin?

    Sorry, Clamwin has always been slow with poor detections. It's poor advice to recommend it. Also Malwarebytes is quite usuable offline, one just needs to copy over the database files from a networked computer - as discussed earlier in the thread.
     
  19. chromicus

    chromicus Guest

    F-Prot still is one of the best yet, strangely, one of the least-known antivirus software with active protection on the market. They're having some problems ever since they merged with Cyren??!!!, but they're still some of the best out there. One of the new "additions", after this merge, is that they offer home users a minimal package which includes license for up to 5 computers (around 30 dollars the whole package), and I was wondering who on earth needs 5 computers in the house? No way they could set you up for just 1 license for 1 computer or at most 2 computers. It is these little changes that make me believe F-Prot will vanish in the night in a few years or less.

    Nevertheless, it is still a deal, but you have to talk your neighbours into buying F-Prot so you split costs and pay only 6 dollars or 10 or 15 dollars per year :), which is extremely cheap.
     
  20. chromicus

    chromicus Guest

    Ok, forget clamwin, not that good for cleaning up a system, Malwarebytes is the best since you say you've tested it with best results. I'll give it a try myself. Let's hope trotter has already solved his issues using your portable solution for Malwarebytes :).
     
  21. phalanaxus

    phalanaxus Registered Member

    Joined:
    Jan 19, 2011
    Posts:
    499
    We are not discussing protection or data backup solutions here, OP is asking for offline Av tools nothing more, nothing else. Data backup is not a AV solution and it does not work for prevention. It acts after you are infected, it does not prevent an infection. Btw I used to clean computers on a daily basis and had to reformat or start from scratch only on a few of them, though i didn't just resort to conventional solutions.
     
  22. chromicus

    chromicus Guest

    That's exactly what I did when aswering trotter, I offered him some ideas for offline Av tools, ClamWin and a few others included. I thought he was entitled to choose for himself whatever he thought to be useful for his particular needs. And here we are, arguing about ClamWin being worse or better than other software, and during all this time trotter (Martin) is still looking for a solution or maybe found one but forgot to mention that his problem is solved.

    Btw data backup is done before catching a cold :), and not after. And it still is the best prevention against malware and viruses especially with this new cloud-computing trend present all over the Internet.
     
  23. phalanaxus

    phalanaxus Registered Member

    Joined:
    Jan 19, 2011
    Posts:
    499
    We are arguing about clamwin because it was claimed that clam is quite successful at doing what op wants. Many people including me, thinks it's not the case. You are the one bringing up backup solutions into what was a discussion about offline av

    The point you are missing is back-up while being immensely useful is not able to prevent malware. Prevention is what real time protection does. First you are infected or something goes wrong then you resort to restoring backups (or cleaning). Neither back-ups nor cleaning can't prevent infection, they just bring you back to an assumed clean baseline. Just as an example: You have a backup, you get infected, malware stole credentials for your credit card, you restore your backup. It doesn't magically take what malware mailed home.

    prevention (noun): the act of stopping something from happening or of stopping someone from doing something.
     
  24. phalanaxus

    phalanaxus Registered Member

    Joined:
    Jan 19, 2011
    Posts:
    499
    Where did I say the OP was looking for a realtime protection, I only stated that real time protection is for prevention. Also where in this whole thread I said that MBAM is a magical cleaning solution ? Either you aren't reading the posts or you don't understand what you read.

    Btw MBAM is free for on-demand scanning; realtime protection and ip filter costs money. While ADWCleaner is an excellent piece of software and excels at doing its' job, the program is coded for removing PUPs, toolbars, etc (grayware in general).
     
  25. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    In this context, it means the person who started the thread (OP=Original Poster).
     
Loading...