How do I run an anti-virus scan if I can't boot?

Helping people with computers... one answer at a time.

It's hard to run an anti-virus scan if you can't boot from the hard drive. To run an anti-virus or other scan, you'll need to take some special steps to boot from something else.

Most of the self-help books that have been written about XP say the same thing: if you can't start XP in Safe Mode, you might have a virus so run an anti-virus program. Well, all of my anti-virus packages were downloaded, so I have no install disks. But even if I had an install disk, if I can't boot Windows, or I can't connect to the internet, a disk won't do me any good. So how do I run an anti-virus scan under these conditions? And if I reformat and reinstall XP, isn't there a possibility that a virus could attach itself to the new install if I haven't eliminated it before hand?

•

You're experiencing a definite chicken-and-egg situation. You need to run an anti-virus program to possibly fix Windows, but you need to be able to run Windows in order to run the anti-virus program.

Seems like a no-win situation.

There are approaches and they all begin with booting something else.

•

When things are this broken, I often suggest just reinstalling Windows. If you do reformat and reinstall, you'll be erasing everything - including any viruses - so you don't have to worry about them tagging along. If you rebuild the system in the correct order, you can stay safe from the beginning and be virus-free.

The problem, of course, is that this is a lot of work and erases everything, including all of your programs and data. If you've backed up properly, this shouldn't cause you too much grief; on the other hand, if you're like too many people, losing all of that data may be a real problem.

So, we'll look at a couple of options that don't involve a complete reformat.

Microsoft Standalone System Sweeper

Using another computer, download and burn to CD the Microsoft Standalone System Sweeper.

This relatively new tool is probably exactly what you need. It's a version of Microsoft's anti-malware software that runs directly from the CD when you boot it.

Make sure to download the latest version so that the most recent threats are covered.

Bootable anti-malware discs

Several anti-malware companies actually also provide recovery disc images that you can download for this purpose as well.†

In fact, you'll note a common thread: "rescue" media of some sort. If you have a favorite anti-malware tool, it's worth searching for that "tool-name rescue CD" and you may find that they have one available.

Download that, burn it to CD, and boot your affected system from it to begin the cleanup process.

All-in-one Utility CDs

There are several popular free CD images available that contain collections of tools that can be used not only to recover from malware infections, but also to perform other maintenance and repair on otherwise compromised machines.†

Each of these CDs are free downloads, and when burned to CD, they create bootable media that you can use to recover and repair your unbootable machine.

Live CDs

Many, if not most, distributions of Linux are free. Another approach is to use one of the Linux "Live CDs".

Live CDs are free, downloadable images that can be burned to CD. Boot from that CD and your machine is running a version of Linux without having to make any changes to your system or hard disk. You can then run anti-virus software or other tools against the Windows installation on your hard disk.

The most popular Linux Live CD is Knoppix.

Another promising Live CD is Ubuntu. Ubuntu's Live CD doubles as its install CD should you ever want to switch.

The great thing about all of these bootable CDs is that once you do boot, even if you can't perform the virus scan, you can still examine your Windows hard disk and possibly repair problems by hand, or at least recover files before taking more drastic action.

Because I tend to be a computer geek, I have copies of both Knoppix and Ubuntu lying around, and I am typically prepared to grab the latest Microsoft System Sweeper, should I need it.

•

† Products listed are just examples for reference and no endorsement is implied.

(This is an update to an article originally published July 17, 2006.)

Article C2726 - October 1, 2011

Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

You may also be interested in:

How do I remove a virus if it prevents me from download or installing anything? Some malware go through great lengths to prevent you from downloading, running or trying to apply a fix. I'll look at what you can try.
Microsoft Standalone System Sweeper - Clean malware from your machine The Microsoft Standalone System Sweeper is a standalone, bootable tool from Microsoft that allows you to scan for and remove malware in difficult situations.
What's the difference between a recovery disk and an installation disk? Computers with pre-installed operating systems often include a recovery disk. Unfortunately, you might find out too late that's not what you need.

Recent Comments

35 Comments

Anyone heard about the new deal MS is cooking up with hardware manufacturers? Booting to any kind of livecd might be getting more difficult in the near future:
Read this article about SecureBoot to see what I mean. Still possible I guess, just a pain.

Posted by: Craig Parker at October 4, 2011 10:21 AM

Before you pick up such a virus that prevents a boot, make a boot CD that is virus-free. Actually, I have tried to do this, but without success so far. I will keep trying.

Posted by: Andy at October 4, 2011 11:00 AM

Another good solution to running antivirus without using a rescue disk is to remove the hard drive, and place it into a USB enclosure. Then, attach it to an uninfected computer, and scan the drive with several programs (separately).

That's a viable solution, however there is a risk that if the virus setup autoplay/autorun on that hard disk - even though it was your system disk - and the target computer has autoplay/autorun enabled then simply attaching that infected drive to another Windows computer could cause that computer to become infected. Personally I find the reboot from CD approach to be much preferable.

22-Oct-2011

Posted by: Jarvis Edwards at October 20, 2011 3:57 PM

@Craig Parker

Not the end of livecd's - Just disable secure-boot in bios. Luckily no manufacture would be dumb enough to produce motherboards that only support windows 8.

Posted by: statusphere at December 19, 2011 11:38 AM

My son was trying to fix an issue with my keyboard and installed a new one but it didn't correct the issue with keys not working in certain sector of keyboard, found issue listed on several forums that it might be an issue with malware/virus, but also had an issue with it starting to list "no bootable device detect" so he also took the laptop apart to check all connections and removed hard drive and then re-installed, now the computer won't boot at all. It had also started doing a ticking sound part time then it would stop.A system restore was done but didn't correct the keyboard issue & the computer did boot up at least once after that but now the computer won't boot at all. Could a virus/malware do this or is it a dead hard drive? It won't safe boot either. He tried booting ubuntu from a flash drive but said he didn't get that to work either. Should I just go ahead and try to run the Malware suggestions or the Microsoft standalone system sweeper? If it is a dead hard drive is there any way to get my pictures and files from it, yes I know I should have done more backups on the system but my husband usually uses it for more internet surfing then files and I just plain forgot common sense maintenance with it. Thanks for any other suggestions. ( Windows Vista OS- 3 yrs old laptop)

Posted by: April at December 29, 2011 7:44 PM

See all 35 comments...

Post a comment on "How do I run an anti-virus scan if I can't boot?":

Name: (Required - will be included when your comment is published.)

Email Address: (Required - will not be published.)

Remember Me? YesNo

Comments: (You may use HTML tags for style)

Before commenting, please...

READ THE ARTICLE. A comment that shows you didn't will be deleted and ignored.
Comment only on the article. Use the search box at the top of the page if you have a question about something else.
NO PERSONAL INFORMATION in the comment. No email addresses. No phone numbers. No physical addresses.

Anything that looks the least bit like spam will be deleted. Links to unrelated sites or links that appear to be primarily promotional will be deleted, or the comment will be deleted.
Don't ask me to recover lost passwords or hacked accounts. I can't. Those comments will be deleted.
I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Read Why didn't you answer my question? for hints on getting an answer.
By posting a comment you agree to the Terms of Service. Don't agree? Don't post.
READ THE ARTICLE. A comment that shows you didn't will be deleted and ignored. Yes, I'm saying this twice; you'd be amazed.

Please wait. Your comment is being processed ...

Question? Ask Leo!
The Tip Jar: Buy Leo a Latte!

Categories | Full Archive
By Date | Business Card | About

Advertisements do not imply my endorsement of any product or service.

Copyright © 2003-2012 Puget Sound Software, LLC and Leo A. Notenboom
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC
Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure

http://ask-leo.com/how_do_i_run_an_antivirus_scan_if_i_cant_boot.html