Offline virus scanner - what do you use?

coliver

Have you checked the IP's they are talking to? When I was running SW it did the same thing and generally they were legitimate IPs that had been flagged by a third party for malicious adware.

travisdh1

You mean nobody has a PXE boot to scanner option setup? What are we coming to? Actually, I'm guessing by the time we're considering an off-line scan it's past time to nuke-it-from-orbit.

Nic

There's a bunch of good recovery CD options out there. Plus it looks like MBAM has a rootkit scanner now:

http://www.techrepublic.com/blog/smb-technologist/two-portable-rootkit-tools-no-smb-should-be-without/
https://www.malwarebytes.org/antirootkit/
http://www.techsupportalert.com/best-free-rootkit-scanner-remover.htm

Dashrender

@coliver said:

Have you checked the IP's they are talking to? When I was running SW it did the same thing and generally they were legitimate IPs that had been flagged by a third party for malicious adware.

Yeah, I'm guessing this is probably the situation, but I figure it's better to be safe than sorry and run an outside of norm scan on them.

scottalanmiller

@Nic said:

What's the use case for scanning offline? Isn't that like asking what brand of condom you like wearing when you aren't having sex?

Quote of the Day right there.

Dashrender

So what's your thought on the issue Scott? Should I not even bother? If my running AV seems clean, just move on?

scottalanmiller

I agree with MBAM as a good secondary scanner. I use that as a "backup" to Webroot. By offline, do you mean booting into a Linux LiveCD and scanning when the Windows kernel is not loaded? If so, yes, that's a good way to go if you are concerned and ClamAV should be fine for that.

Dashrender

OK wow, no love for Defender offline here.

I guess I'll have to get a live CD with Clam AV on it.

dafyre

@Dashrender said:

OK wow, no love for Defender offline here.

I guess I'll have to get a live CD with Clam AV on it.

You mean BitDefender?

Dashrender

@dafyre said:

@Dashrender said:

OK wow, no love for Defender offline here.

I guess I'll have to get a live CD with Clam AV on it.

You mean BitDefender?

No, MS Defender offline.

windows.microsoft.com/en-us/windows/what-is-windows-defender-offline

dafyre

@Dashrender Never heard of it.... runs off to read

Dashrender

@dafyre said:

@Dashrender Never heard of it.... runs off to read

I've been using it for at least 2 years, if not more like 4.

dafyre

@Dashrender said:

@dafyre said:

@Dashrender Never heard of it.... runs off to read

I've been using it for at least 2 years, if not more like 4.

Does it work well?

Dashrender

@dafyre said:

@Dashrender said:

@dafyre said:

@Dashrender Never heard of it.... runs off to read

I've been using it for at least 2 years, if not more like 4.

Does it work well?

It does find things from time to time. I will have to do double scans for the next few times, once with Clam and again with Defender Offline and see if they show different things - though now that i think about that.. that won't work.. as the first AV should get rid of any badies on there.

travisdh1

@Dashrender said:

@dafyre said:

@Dashrender said:

@dafyre said:

@Dashrender Never heard of it.... runs off to read

I've been using it for at least 2 years, if not more like 4.

Does it work well?

It does find things from time to time. I will have to do double scans for the next few times, once with Clam and again with Defender Offline and see if they show different things - though now that i think about that.. that won't work.. as the first AV should get rid of any badies on there.

If you do it a number of times, reversing which one you use first, it would be an indication if one is missing things.

Ambarishrh

I've used http://www.sarducd.it/rescue-cd-antivirus.html once and used kaspersky from there to remove. Not sure if its still as effective as it used to be!

Basically this gives you an option to boot and use most of the free AV rescue disk and if your machine is connected to internet, it will download the latest signature updates to the temp storage and use it for scanning

dafyre

@Ambarishrh I forgot about that one. I haven't had to use it in ages.

Dashrender

@Ambarishrh said:

Basically this gives you an option to boot and use most of the free AV rescue disk and if your machine is connected to internet, it will download the latest signature updates to the temp storage and use it for scanning

I would assume ClamAV would have to do the same thing.

Defender online can often get online as well, but I generally just make a new disk with the latest definition files on it.

Alex Sage

Tron

Dashrender

@anonymous said:

Tron

Lightcycle