Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recommended Offline Scanners


  • Please log in to reply
6 replies to this topic

#1 BeckoningChasm

BeckoningChasm

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:23 AM

Posted 09 July 2014 - 07:41 AM

I work for a small PC support company.  When someone brings us a severely infected machine, we typically pull the hard drive and put it into a USB caddy attached to a known uninfected PC (the workbench), and run various offline scanners on the infected drive only.

Currently we're using ESET, MalwareBytes, EMSISoft, and Microsoft Security Essentials (the active AV on the workbench PC).  All these allow us to choose the drives for scanning, which is great since we don't need to scan the C: drive or the 2 TB backup drive each time we want to use a different tool.

 

(Once the four scanners are run, we put the drive back into the PC and run more tools, including AdwCleaner and JRT.  Offline scanners are great but they don't always find everything.)

Are there any other offline scanners which allow you to choose which drives to scan, while leaving others alone?  Obviously free is best but I wouldn't mind paying for something outstanding.



BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:23 AM

Posted 09 July 2014 - 04:15 PM

List of Free Scan & Disinfection Tools which can be used to supplement your anti-virus and anti-spyware or get a second opinion:



Note: I created the above list a while ago and have a few listed you already mentioned. I have not used them all so I cannot confirm if all have the option to choose which drive to scan...you'll need to test them and confirm.

Also many of these tools are stand-alone applications contained within zipped files...meaning they require no installation so after extraction, they can be copied to and run from usb drives.


.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:23 AM

Posted 09 July 2014 - 04:16 PM

Free Malware Removal Tools by Anti-virus vendors:
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 BeckoningChasm

BeckoningChasm
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:23 AM

Posted 11 July 2014 - 07:36 AM

Thanks, Quietman.  I had seen those lists in your excellent malware removal guides.  I guess I will try each to see what options are available for running, and report back here.  I know that the Sophos doesn't appear to allow any customization (unless I'm missing something somewhere).  Thanks again.



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:23 AM

Posted 11 July 2014 - 12:12 PM

You're welcome and good luck.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 BeckoningChasm

BeckoningChasm
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:23 AM

Posted 18 July 2014 - 12:35 PM

Using QuietMan7's suggested list of additional tools, I've tested the following, with results listed accordingly.  The system used for testing was a Windows 7 Pro (32-bit) box with a Seagate external 2T USB drive. 

I want to emphasize that I'm not judging the effectiveness of any of these tools; my sole reason for testing was to find which scanners could scan user-specified drives (rather than simply scan everything).

Granted, simply scanning everything is probably the safest thing to do, but in most cases in my work it's unnecessary.  As mentioned, I usually run these tools from a known good system, pointing the tools to an external USB caddy that holds the infected drive.

The results are below, listed in no particular order.  The green ones are the ones I may start using regularly during AV operations.  Again, it's not that the others are bad - I'm not passing a judgment on any other than the ones that I had issues with.

ESET Rogue Application Remover (command based) - does not allow drive selection
VIPRE Rescue Scanner (command based) - does not allow drive selection
SuperAntiSpyware - allows drive selection
Hitman Pro - does not allow drive selection
McAfee Stinger - allows drive selection  (amazingly slow, however)
Kapersky Virus Removal Tool - allows drive selection
Microsoft Emergency Repair Tool (MSERT) - allows drive selection
Norman Malware Cleaner - allows drive selection.  Crashed the first time I tried it.  Redownloaded, tried again.  Scan proceeded without problems--not sure what caused the first crash; the original download was a few days old, perhaps like MSERT they have a limited life.  Requires email address to download.
Panda Cloud Cleaner - does not allow drive selection
Secure APlus = allows drive selection.  Anti-virus seems to be a secondary function of this one.
Trend Micro Anti-Threat Toolkit (command based at first, then GUI) - does not allow drive selection

Tools with Issues--

Trend Micro System Cleaner (command based at first, then GUI) - allows drive selection.  It told me "Install failed" but then seemed to continue on to a command window. The date file on the GUI says it's from January 19, 2010...if that's accurate and not just a bit of overlooked coding, that limits this tool's usefulness a lot.

Sophos Virus Removal Tool - "Error 1606 - Could not access network data."  Redownloaded, tried again, same result.

Windows Defender Offline - this is more of a rescue tool, like Norton Power Eraser, designed to be run on an infected system rather than as a simple scanner.  It does allow drive selection.  This would be more useful in phase 2.*

MicroWorld ESCan AV - want an awful lot of information before allowing download.  Downloaded anyway.  Allows drive selection, but definitions are from April 2014.  IOW, if you run this, it's not just download, choose drive and run, check the settings first.  Normally when one downloads, say, MalwareBytes it goes out and updates its definitions when you run it.  Not sure why this one doesn't.  You can manually update.  When I ran this, I watched to see if it updated itself prior to a run but it didn't.  

Dr.Web Cureit - want way too much information from me just to download their product.  Skipped.
Hitman Pro Kickstart - not tested.  Seems a bit too specific for my purposes, but I'll keep it in mind for ransomware.

_________________

 

Well, I can definitely see adding some of these to the scanning routine.  And hopefully someone else will find this information useful.

*Phase 2 - Once scanned externally, the drive is put back into the host system, and after either booting normally or in Safe Mode, more tools are run.  These tools include AdwCleaner, JRT, ComboFix and whatever else might be needed for a thorough cleaning.  I may add some of the tools listed above that don't allow drive selection.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:23 AM

Posted 18 July 2014 - 02:47 PM

Dr.Web CureIt alternate download link <- this is a direct download link to the author's site and does not require providing any information

I have not used Dr.Web CureIt recently but older versions did allow drive selection.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




5 user(s) are reading this topic

0 members, 5 guests, 0 anonymous users