Stand-Alone Antivirus Software?

An anonymous reader writes "I work for a company that repairs specialty devices that have an embedded Mini-ATX motherboard without a CD-ROM drive and run Windows XP Home. And while the USB flash drives we insert into them have a physical write-protect tab, we still encounter a (rather annoying) display dialog from malware/viruses to remove the write-protect so the malware can infect the flash drive. We don't remove the write-protect, obviously, but would like to offer our customers the option of removing the malware/virus without having to install any software. We would rather not install/uninstall antivirus software even for one-time use, due to various licensing issues, nor do we want to connect to the Internet to use web-based online scanners. Is there any stand-alone anti-virus/anti-malware software for Windows that can be run directly from the write-protected flash drive itself?"

Plenty

[Anonymous Coward]

ClamWin, Dr. Web CureIt: etc http://thepcsecurity.com/ultimate-list-of-portable-antiviruses-for-your-usb/ [thepcsecurity.com]

Re:Plenty

[The MAZZTer]

ClamWin Portable from http://portableapps.com/ [portableapps.com]

You need a bigger gun.

[pushf popf]

AV software will never catch everything and just gives a false sense of security.

My suggestion would be to maintain a clean image of the OS and blow the whole image in, instead of trying to clean the machines.

Aside from anything else, I believe you have more liability if you to a bad job of something (cleaning the virus) than if you do nothing or do a clean re-install. I'd vote for the reinstall. New viruses are very stealthy and getting better all the time. I don't know of any reliable way to detect

Re:You need a bigger gun.

[b4dc0d3r]

It's a good suggestion, but these are likely random users bringing in an out of warranty computer. They ideally should be keeping their own clean images, but they didn't, and they don't want to lose their stuff. Scan and clean is the way to go here, not reimage.

Re:

[pushf popf]

I'm not sure these are general purpose computers. It sounds like some sort of tool or device.

Re:

[Z00L00K]

Even then it shouldn't be a problem, at least when it comes to the operating system.

Windows computers will always benefit from the yearly reinstall.

Re:Plenty

[SausageOfDoom]

But isn't there a risk with this whole USB-virus-scanner thing that if a computer is infected, you can't be sure that your scanner is being read and executed correctly? If the OS you're scanning is infected, the malware could be monitoring for clamwin.exe etc and running its own version, or intercepting the important IO calls. I know if I was writing a virus and wanted to take control of as many computers as possible, one of the first things I'd do would be to make it look like my virus wasn't there.

Surely the only way to really scan a computer is by booting into a guaranteed-clean OS? And even then, isn't there a risk that firmware could be compromised? Or am I just being way too paranoid?

Re:

[RDW]

'Surely the only way to really scan a computer is by booting into a guaranteed-clean OS?'

Yes, and there are a bunch of different, generally Linux-based, bootable CDs that do exactly this. Several of the major antivirus companies make these available, and I tried about half a dozen last year. Not all of them worked well (out of date, or ran slowly, or found too many false positives and deleted them without asking!), but I was happy with the Avira Rescue System:

http://www.free-av.com/en/tools/12/avira_antivir [free-av.com]

Re:

[AmiMoJo]

Linux's NTFS driver is actually better than the Windows one for removing viruses. It ignores all the permissions on files so you can always read and delete every file.

It also shows files which even a clean Windows will hide. Some rootkits do something to the NTFS stream which makes files invisible even on a clean system; the only way to access them is by name directly. You can tell when it happens because you can see the files being loaded at boot time, e.g. c:\windows\system32\jkhasdakj.dll but jkhasdakj.d

Re:

[SleazyRidr]

Or am I just being way too paranoid?

Yes.

Good Luck!

[Dr.D.IS.GREAT]

the boyz and i have tried to figure out a solution to that same problem. AVG has a linux based rescue cd as well as some other guys, it could easily be adapted to a usb disk

Re:

[Anpheus]

You should be careful though, because renaming or cleaning a system file can leave the machine unbootable or prone to strange BSODs.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[pmsr]

It won't do the trick. ClamWin doesn't remove malware or viruses.

Re:

[Anonymous Coward]

Yes it does, but you have to turn on the removal feature first (defaults to report-only). SuperAntiSpyware and MalwareBytes also have portable versions (I think MalwareBytes' portable version may be an unsupported mod, though.)

and spyware detected/removed this way

[Ilgaz]

It isn't very widely known but, clamav doesn't detect "spyware" by default. If you pass '--detect-pua' (potentially unwanted apps) to its arguments, it will detect them too.

Of course, in this situation, if he "fixes" the computer via removing spyware and idiot customer jumps up and down saying "his mp3 downloader is broken", it will cause some issues. That is why most antiviruses stay away from detecting spyware by default.

Re:

[hitmark]

spybot? gotta love the immunize feature. Still, that needs to be refreshed regularly...

Re:

[Monkeedude1212]

Works for me, 60% of the time, every time.

(The other 40% are when we come across old Bios versions that don't allow you to boot from the USB).

and another link

[Ilgaz]

I really think with such usage and money is being made

http://www.clamwin.com/content/view/180/105/ [clamwin.com] (donation)

and of course, same donation to clamav(.net), the "real thing" should be made.

People may think such famous projects are swimming in donations money but it is generally not the reality. There is no license confusion there either, it is free but donations accepted, whatever money you feel like. In TV business, I sometimes see ffmpeg being used in million dollar projects without a cent of donation, it r

Re:

[innerweb]

I bet little shops are way more ethical.

I thought business ethics was an oxymoron.

Re:

[aiht]

Plus, if your flash drive is write-protected, then how can you update to the latest definitions?

Turn off the write-protect?
You only need it on when you connect it to a possibly-infected customer computer.

Re:

[berzerke]

...it's been my experience that ClamWin misses more malware than it catches...

Mine too. About 2 years ago I personally tested 10 different scanners, including Clam. I was hoping to use those tests to promote Clam, i.e I was trying to create evidence that Clam was as good as some of the commercial products. In the end, the article came out with Clam in the "not recommended" category. Since then, if I have time, I run it against some other malware I clean off client computers, and the results so far have no

clamav

[simcop2387]

While it won't catch everything, clamav i believe can be setup on the usb drive to be used that way.

Re:

[toastar]

While it won't catch everything, clamav i believe can be setup on the usb drive to be used that way.

Nothing will catch everything, The second you write it to disk your virus definitions will be out of date.

Re:clamav

[csrjjsmp]

Other programs will catch 98-99%. Clamwin is lucky to catch 30.

Re:

[profplump]

99% of what? The viruses they have definitions for? There's not a product on the market that catches 99% of all viruses.

You might make a comparison of the number of entries in their definitions library, or the different techniques each has available to match the various types of obfuscation in use, but a claim of catching 99% is both meaningless and unsupportable.

Re:

[Bryansix]

Actually besides missing a lot of viruses my problem with ClamAV or ClamWin was the false positives that would quarantine critical system files making computers unbootable.

Re:

[BagOBones]

I agree, clamAV has a very mediocre success rate in our environment, it runs as an extra feature on our anti spam appliance as first line defense.. Our multi engine exchange antivirus package still manages to get hits on it in the backend..

It is good for reducing load on our backend systems... I would never trust it as a desktop scanner.. it regularly scores poorly in 3rd party test reports as well.

Clamwin

[Kissing Crimson]

I have thumbdrive with Clamwin just for this purpose. I remove the write-protect when I need to update the virus definitions, then flip it back before inserting in a suspect PC. Works great.

F-Prot

[mcrbids]

Why run Antivirus from an O/S that is vulnerable? F-prot has a Linux version that works well on the command line, and detects Windows viruses. Set up a Fedora boot CD/Flash disk and run the latest f-prot on it, and relax in the comfort of knowing that you are virus scanning from a position of relative security.

U3?

[stevel]

I know that U3-enabled flash drives can run AV scans directly from the flash drive. I don't know if this requires that some part of the drive be writeable. U3 drives appear as a CD-ROM plus a separate flash drive. http://en.wikipedia.org/wiki/U3 [wikipedia.org]

Re:

[ushering05401]

Running a U3 drive is asking for trouble. I don't know of any portable storage technology that has more malicious payloads available for free download on the net. The problems have been detailed widely... I stopped using U3 devices after an article in 2600 (Winter07/08) got me looking into the technology. I absolutely could not believe what my research uncovered.

UBCD

[0racle]

http://www.ubcd4win.com/ [ubcd4win.com]

There are several AV products that can be slipstreamed into it, and there are instructions on installing the Ultimate Boot CD onto a thumbdrive, which is handy for keeping AV signatures up to date.

Re:

[Anonymous Coward]

12 people in a row suggested ClamWINAV... I think /. will survive 2 UBCD recommendations...

One option might be...

[coerciblegerm]

You could try something like F-Prot or Panda Commandline scanner, and just update the definition files on your USB drive manually from time to time.

Re:

[Anonymous Coward]

Agree. F-Prot is cross platform. That means you might have success booting a Linux distro on flash with f-prot installed, updating its virus definitions, and then scanning the infected blob, oops, I mean Windows.

Another option for a standalone scanner is bart-pe. Pay attention to treatment of registry objects, though.

Re:

[Hatta]

That's exactly what I was going to say. F-Prot is good shit. Load it on a live USB image (unetbootin is your friend) and you're good to go.

Another thing worth mentioning... From what I've read, the write protect tabs on USB flash devices are implemented in software, not hardware. It would be entirely possible for a compromised PC to load a driver that ignores that flag. Perhaps a USB CDROM would be safer.

Your post doesn't make sense.

[GNUALMAFUERTE]

100% of the system is read only? I assume you are using a ramdrive or something like that for tmp files and the like? I don't know shit about windows, but I don't think it's going to run without any kind of writable space.

OTOH, if you want a simple solution to this issue, and the system is read-only, I think your simplest antivirus solution is called "reboot".

Of course, you should be looking into running GNU/Linux in this babies. It certainly runs better on Atom than windows ever will.

Re:

[Monkeedude1212]

His USB is read only, not the system. He wants to RUN an antivirus without installing it on the computer. Which is possible, the most common around are boot CD's (or live CD's), where you boot up an antivirus operating system instead of the windows on your hard drive, from a CD-Rom you insert. His problem was that the computers don't have CD Rom's, so he's looking for the equivalent with a USB stick, which there are still quite a few of.

The problem he'll likely run across is an out of date BIOS that doesn't

Re:

[ushering05401]

I use PXE for stuff like this, or a simple tftp server for embedded devices. As long as you don't get stuck needing to work with emdeb crush (arm) the custom roll is the hardest part and even that is dead simple these days.

Re:

[TheClassic]

100% of the system is read only? I assume you are using a ramdrive or something like that for tmp files and the like? I don't know shit about windows, but I don't think it's going to run without any kind of writable space.

OTOH, if you want a simple solution to this issue, and the system is read-only, I think your simplest antivirus solution is called "reboot".

Of course, you should be looking into running GNU/Linux in this babies. It certainly runs better on Atom than windows ever will.

The flash drive is a read only maintenance tool. The system is not read only. He wants something that he can run from the flash drive.

Re:

[Intron]

If the system were 100% read only, how would it have gotten infected?

Re:

[Fwipp]

TFS says that they come preinstalled with the variant colloquially known as Windows XP Home.

Use Windows Embdded, not XP Home

[MobyDisk]

I work in a similar environment, and although I can't recommend a virus program, I can suggest ways to prevent it. It sounds like the company is creating an embedded device, but is not using an embedded operating system. Microsoft Windows embedded forbids writes to the C: drive when you enable EWF or FBWF. EWF gives you a memory overlay so software *can* write to C:, but if you get infected, you just reboot the machine. Alternatively, a good Micro-ATX BIOS will support making the drives read-only.

Re:

[camperdave]

Microsoft Windows embedded forbids writes to the C: drive when you enable EWF or FBWF. EWF gives you a memory overlay so software *can* write to C:, but if you get infected, you just reboot the machine.

Any way I can put that tech on regular XP?

Re:

[crakbone]

google steadystate from microsoft

Seconded..

[way2trivial]

in some enviroments it's a godsend

Re:

[pionzypher]

Thirded. WSS is also great for locking down desktops for kiosk type use.

Re:Use Windows Embdded, not XP Home

[Ramze]

I've found the "Shared Computer Toolkit for Windows XP" can be very helpful at locking down exactly what can be changed on an XP build... including allowing changes, but wiping them after a reboot.
http://www.microsoft.com/presspass/newsroom/winxp/SharedToolkitFS.mspx [microsoft.com]
It's now called "Windows SteadyState 2.5"
http://www.microsoft.com/downloads/details.aspx?familyid=d077a52d-93e9-4b02-bd95-9d770ccdb431&displaylang=en [microsoft.com]

Re:

[saverio911]

I use EWF (which stands for Enhanced Write Filters) on my XP machine in my car. It works very well up to the point where the tempory space when the cached disk writes overrun the memory buffer. It has only happened once when I forgot to turn off EWF to install something. The directions I used are located on MP3Car.com. (http://www.mp3car.com/vbulletin/winnt-based/38484-new-ewf-minlogon-cf-instructions.html)

Re:

[Z34107]

Absolutely! But it'll take some hacking. I ran it on a first-gen Acer netbook with an 8 GB SSD that liked to hardlock the system on ever write.

There's a fair tutorial here [theacerguy.com]. The parts about Vista aren't really relevant, but the gist of it is

1. Download an evaluation copy of Microsoft Embedded here. [microsoft.com] You'll need to download the whole thing to get a copy of EWF.
2. Extract the EWF files to the appropriate places on your Windows install.
3. Make your disk effectively "read only" by setting the appropriate registry key

alot of that custom software does not like lock do

[Joe The Dragon]

alot of that custom software does not like lock down and some of them likes to store logs / other stuff that will get lost with that reset C: on reboot and no it's not easy to make it put that stuff on a other disk / some of it was coded for windows 9x and no they will not make it work for UAP / limited user.

Also turning off admin will not work for a lot of that software as well.

Portableapps.com

[Gleapsite]

you should definitely check out portableapps.com [portableapps.com] Lots of OSS that can be ran from a thumb drive.

So let me get this straight...

[Marx_Mrvelous]

Instead of protecting the device proactively by using some sort of AV, application whitelist, or other device control, you want to let them keep getting infected, over and over, so your users have to keep using the USB device to remove the malware infections over and over? Brilliant.

Re:

[Anonymous Coward]

There's a difference between Service Provider and Solution Provider

Re:

[BitZtream]

It is brilliant if your just a service tech thats paid to 'fix the machine' and can't actually do anything to 'fix the machine'

As an example: Windows XP used for photo printing boths are various 1 hour photo places. They Joe the plumber plugin a flash device and print his pictures.

They are made by SomeBigCompany, but the phamacy down the street has one and needs it repaid, so JohnTheRepairMan comes to fix it. Can't fix the fact that it loads the autorun on flash devices even though its not supposed to bec

Re:

[Grishnakh]

The customers are probably stupid. They're running Windows XP Home, after all. The guy could try to sell them AV software, but they'll probably whine that it costs too much or they don't want to spend the money. He's trying to be helpful by cleaning his customers' systems without requiring them to buy additional software licenses.

Don't ever underestimate the stupidity of customers.

Re:So let me get this straight...

[tinkerghost]

Don't ever underestimate the stupidity of customers.

Techs doing residential work live on it. Face it, nothing involved in doing a virus removal is rocket science. I had a customer who used to call me every other month to clean up their son's computer. Now the son's at college and it's someone else's goldmine.

Re:

[tunapez]

It may not be rocket science to you and me, but to average Joe it is. Also, it does take time to keep current on the latest threats/bugs, test new tools and then to do the actual removal process, which often isn't as cut & dry as you make it sound. Some occasionally turn into hunting expeditions in file systems 100+GB deep and the 4+ year old registry full of ghosts of installs past, present and future pro-generators.
Between Fecebook and Spider Solitaire nobody wants to make time to service their compu

Re:

[GameboyRMH]

For prevention, he might want to look into USB Guardian:

http://www.usb-guardian.com/ [usb-guardian.com]

Bitdefender is a darn good product

[jeffmeden]

How about using the BitDefender rescue disk, (available in ISO format, but portable to a USB key) and asking the customer to reboot the PC and allow it to boot entirely from the USB key?

Licensing may be a grey area on that one though, depending on how widely you are distributing it.

One problem with using a windows application is that it may be up against a virus that is entrenched and will simply stop the cleaning from taking place. If this is the case, you need something that will activate on boot, or better yet boot on it's own (like the Bitdefender.)

There is probably a more elegant solution though, since this is a highly controlled environment. Maybe more restrictive user level controls are in order, forcing the users to log in with minimal privileges?

Maybe this?

[Magycian]

I've recently switched my company over to Sunbelt Systems VIPRE.
One of the triggers for this was how well this worked...
http://vipre.malwarebytes.org/ [malwarebytes.org]

I've used Malwarebytes in many places but the standalone scanner from Vipre is pretty impressive.

You have lots of Options

[RedLeg]

We would rather not install/uninstall antivirus software even for one-time use, due to various licensing issues, nor do we want to connect to the internet to use web-based online scanners. Is there any stand-alone anti-virus/anti-malware software for Windows that can be run directly from the write-protected flash drive itself?"

There many anti-virus vendors that offer free downloadable rescue disks that you can boot from and scan your system. F-Secure, Panda, Avira, AVAST, Bitdefender come to mind. McAfee offers an executable called Stinger.exe and Microsoft’s installable Microsoft Security Essential is free.

Try any one of those programs from a reputable security software vendor, there are more than listed above.

I have used Kaspersky for this purpose

[Zarf_is_with_you]

http://www.kaspersky.com

They have a tool you can create from a working installation, it creates a boot-able CD (PE) that you can clean a system with, I found it works very well. I would imagine it could be installed on boot-able flash disk as well.

I have found it useful when you don't want to boot up a infected system.

Its is able to update virus/malware definitions if it has the necessary network driver available.

Stinger

[networkzombie]

Try McAfee's Stinger. http://vil.nai.com/vil/stinger/ [nai.com] Although it is limited, it is stand alone and another tool in your arsenal to remove the nasties. I haven't used it in a while, so YMMV.

AVG and SuperAntiSpyware

[at_slashdot]

AVG has a "rescue CD" http://free.avg.com/ww-en/kb.pnuid-1267095510 [avg.com] it can be written on a USB flashdrive. Also SuperAntiSpyware has a protable scanner: http://www.superantispyware.com/portablescanner.html [superantispyware.com]

Re:

[gravis777]

I was thinking of Avast Bart myself. MiniPE with updated virus definitions will also do the trick, although I have not tried putting MiniPE on a thumbdrive. Although with MiniPE, you could get into some licensing issues, really never checked into it.

SysClean from trendmicro

[EkriirkE]

I've had great success with SysClean from trendmicro [trendmicro.com]. It's free and may be a bit unintuitive how to get the files required, but it has worked greatly for me in the past for malware that disable AVs and requires no isntallation.

SUPERAntiSpyware Portable

[DodgeRules]

http://www.superantispyware.com/portablescanner.html [superantispyware.com] I have had good luck with this. Hope you do too.

Re:

[Pharmboy]

I see Antivirus 2010 on half the computers I come across, it must be a good product since everyone has it! ;)

Re:

[IndustrialComplex]

I see Antivirus 2010 on half the computers I come across, it must be a good product since everyone has it! ;)

Is that one of those fake anti-virus hostage programs like AV Security Suite? I've gone at least 5-8 years running Windows XP Pro and haven't had an issue with a virus during that time. In the last 3 days I've had issues with AV Security Suite getting onto my systems. How the hell isn't that company or whomever is running the scam websites not getting slapped down by the police?

I'm guessing that w

The police?

[way2trivial]

Which police department is exactly responsible?

have you completely missed every reference to the lawlessness of the net?

there is no central authority to do what you so glibly suggest is the problem of the "Police"

Re:

[IndustrialComplex]

Which police department is exactly responsible?

have you completely missed every reference to the lawlessness of the net?

there is no central authority to do what you so glibly suggest is the problem of the "Police"

When people like AV security suite have storefronts which collect and charge credit cards one would think that it's not that hard to track.

Am I being glib? It might be complicated, but this isn't exactly a difficult thing to track and given the ubiquity of Windows, isn't just harming people in a s

Re:

[pionzypher]

Storefronts located in eastern Europe/China? Else rotating through different payment processors as they are shut down? I tend to agree with you though. In theory it should be a simple thing to shut down a seemingly fixed target. The fact that they haven't been shut down yet implies that it's not as simple as it sounds.

Re:

[mcgrew]

I see Windows on almost all the computers I come across, it must be a GREAT product since everyone has it! ;)

Oh wait...

Re:

[Pharmboy]

I see Windows on almost all the computers I come across, it must be a GREAT product since everyone has it! ;)

It is. It even runs Linux! [cygwin.com]

Combofix

[Dega704]

I use Combofix. It has to be able to connect to the Internet to update, though. Unless you want to constantly download the newest version onto the drive.

UBCD4Win would probably be a good tool for you

[Yaddoshi]

From what I understand the article states:

a) these devices are owned by the customer and have a hard drive with moving parts running Windows XP Home

b) the company wants to offer one-shot cleanups that they can run from a usb drive

If this is true, you definitely want to check this out: http://www.ubcd4win.com/ [ubcd4win.com] - this tool is designed to create bootable optical disks and also bootable USB flash drives, both to run a BartPE based Windows XP-like environment. The tool includes several virus and malware

usb optical drive

[soundguy]

If the device has a USB port, you can just plug in a USB optical drive and use any old AV boot disk. there's no reason to restrict yourself to just thumb drives.

Yes! The old school SCAN.EXE and CLEAN.EXE

[Saint Stephen]

Back in the BBS days, from MacAffee, you could download SCAN.EXE and CLEAN.EXE and run them on DOS.

And - you still can!

Go to their website and find the command line scanner for win32. It claims to be a trial version, but with no install routine and being a command line program, that doesn't mean much. It uses the same .DAT files that you download for any other VirusScan program.

I get a huge chuckle when I run it, because it's exactly the same way it was in 1988 and that's the way it oughta be. all this other crap is fer lamos :-)

Typo!

[antdude]

McAfee [mcafee.com] (one f). :P

Re:

[antdude]

So? I am a basic spelling and grammar nazi! Do you have a problem? And good call on the "a" part.

Some To Look Into

[pgn674]

I don't have any write-protect drives on me right now, but I think these may have worked in the past: ComboFix, Dr.Web CureIt!, and... oh, that's it. In your search, try looking for 'portable' versions of your favorite virus scanners; that's what they usually call the kind that can run off flash drives, and some may work on write-protect ones. BTW, if you're worried about licensing, running from a locked flash drive may not clear you automatically. When you run the program, it kind of "installs" to RAM, and

Linux + clamAV

[tinkerghost]

I have a USB stick with Linux & TWM. It's some variant of Debian. I have it set up with clamAV and I run FreshClam before going out for a job. I made sure I have a CD that I can boot & chroot if the hardware won't boot off of a USB HD. By running the separate OS, I don't have to worry about a rootkit hiding itself from the Windows OS. I know several people who also have XP running from flash drives & run MBAM and other software from them.

Vipre Rescue Scanner

[TehZzYzX]

http://live.sunbeltsoftware.com/ [sunbeltsoftware.com] Extract it to the USB drive then run it on the offending PC. The only issue that might arise, is that two files are coped to the C: drive before the scan starts. One to C:\Windows\ the other to C:\windows\system32\ Both are necessary for the scanner to work properly.

F-Secure Rescue ISO

[darkain]

http://www.f-secure.com/en_EMEA/security/tools/rescue-cd/ [f-secure.com]

I've also had random luck getting this to work from a bootable USB drive that mounts the ISO as well.

Just a few notes

[meerling]

When dealing with malware, viruses, worms, backdoors, etc., there are many things they can do if they are live.

The way to shut them down for the moment is a clean boot of a clean verified uninfected source, something like a cd or usb if the hardware/bios permits, also, pull out the network plug, some malware will propagate to other machines over the network, even if you don't think you're accessing it.
Two things to look out for, some computers may seem to let you boot from those sources, but still load some

Bootable CD's FTW!

[newbie65536]

There are many anti-virus companies that offer versions of their anti-virus on bootable CD's that you can download and run for free (legally). It will take just a little bit of Google work but I know you can find ones for Avira, Bit Defender, and Kaspersky. There might be more out there but the one I use the most (I work as a PC tech cleaning out lots of viruses.) is the Avira CD. Happy virus killing!

Here you go..

[Paracelcus]

http://www.clamwin.com/content/view/18/46/ [clamwin.com]

And it's free!

Unlikely...

[frank_adrian314159]

Not if you want the system to actually be secure. In order to effectively scan, you'll need up to date virus definitions. If you don't want to be on the network for an online scan, you probably won't want to be on the network to download definitions. If wouldn't matter anyhow, as you can't put them on the USB drive because you want to maintain write-protect. As such, even if you put the AV product on your system, you'd shortly be stuck with out-of-date definitions, unless you have some other writable me

Booting from infected drives?

[nurb432]

That is a problem right there if you are wanting to boot from the infected drive THEN test.. If you can boot off the USB too, why not just boot off USB, then connect/share via SMB to a machine in your shop that has all the scanning stuff and do it from there?

Aren't you doing it wrong?

[rickb928]

Seriously, you're willing to let your customers use the device when it's riddled with malware or whatever, but you want a simple and easy way to to clean them when you get one for service?

Why bother? If you're not interested in preventing the problem, it will come back.

And as some have recommended, you should work with the suits to either get a more appropriate and robust version of Windows to do what you do, or move to an OS that can be secured. I know this is not just a technical decision, so good luck

Antvir

[Spikeles]

Antivir has a command line scanner: http://www.avira.com/en/support/support_downloads.html [avira.com]

Linux based, Insert-Inside Security Rescue Toolkit

[jlrowe]

Here is a Linux based CD, that can be installed on a thumb drive.
http://www.inside-security.de/insert_en.html [inside-security.de]

It can read/write NTFS and can run CLAM AV.

I even installed it on a thumb drive with two partitions. Used from Windows, it is a data drive. Boot from it and it goes into Insert Linux Rescue.

It is pretty spartan and very small so will fit on your older thumb drives that are too small for anything else.

Stinger

[jdimpson]

McAfee Stinger

http://vil.nai.com/vil/stinger/ [nai.com]

Re:

[AnonymousClown]

I once asked someone about different companies for a service - what service and why is beside the point.

Anyway, he then Googles and send me a list. I responded, "Yes, I've Googled myself, thank you. I asked you for your opinion because I trust you and not the thousands and thousands of random opinions - many of which are outright plagiarism of other websites and if one was BSing, then thousands were BSing too."

I would also like to point out, many many web pages are the postings by folks who are paid shills.

Re:

[drew_92123]

>

In short: Google does not offer trusted individual opinions and most of the reviews and opinions on the web are highly suspect.

Neither do half the jokers posting here...

It's like the old saying, if you want it done right you gotta do it yourself. That goes for researching/trying out products too... Besides IMO it's the only way for stupid people to become more self sufficient in the long run.

Re:

[HikingStick]

But by posting here, the author garners reviews and opinions from other users, and that information takes a lot more time to track down than simply pages noting that a specific tool can be run from a bootable device.

Besides, he also provides an opportunity for the rest of us to be entertained by folks like you, and the people like me who will take the bait.

Re:

[mike.rimov]

Actually, MalwareBytes cannot be run from a flash drive, nor is it free for Corporate use.

Mbam Forum [malwarebytes.org]

If you use MBam in a corporate setting, they wish for you to obtain a corporate licence by contacting them at:

Mbam Corporate Licensing [malwarebytes.org].

Nope, I'm not affiliated with them, just another satisfied fan.

Re:

[HikingStick]

I'm a big fan of MBAM, but I've encountered more and more nasties lately that kill MBAM, even if the executable is renamed and the program is installed in an alternate location. The bad guys know it has been an effective tool, so they are working extra hard to beat it.