Helping people with computers... one answer at a time.

It's hard to run an anti-virus scan if you can't boot from the hard drive. To run an anti-virus or other scan, you'll need to take some special steps to boot from something else.

Most of the self-help books that have been written about XP say the same thing: if you can't start XP in Safe Mode, you might have a virus so run an anti-virus program. Well, all of my anti-virus packages were downloaded, so I have no install disks. But even if I had an install disk, if I can't boot Windows, or I can't connect to the internet, a disk won't do me any good. So how do I run an anti-virus scan under these conditions? And if I reformat and reinstall XP, isn't there a possibility that a virus could attach itself to the new install if I haven't eliminated it before hand?

You're experiencing a definite chicken-and-egg situation. You need to run an anti-virus program to possibly fix Windows, but you need to be able to run Windows in order to run the anti-virus program.

Seems like a no-win situation.

There are approaches and they all begin with booting something else.

When things are this broken, I often suggest just reinstalling Windows. If you do reformat and reinstall, you'll be erasing everything - including any viruses - so you don't have to worry about them tagging along. If you rebuild the system in the correct order, you can stay safe from the beginning and be virus-free.

The problem, of course, is that this is a lot of work and erases everything, including all of your programs and data. If you've backed up properly, this shouldn't cause you too much grief; on the other hand, if you're like too many people, losing all of that data may be a real problem.

So, we'll look at a couple of options that don't involve a complete reformat.

Microsoft Standalone System Sweeper

Using another computer, download and burn to CD the Windows Defender Offline.

This relatively new tool is probably exactly what you need. It's a version of Microsoft's anti-malware software that runs directly from the CD when you boot it.

Make sure to download the latest version so that the most recent threats are covered.

Bootable anti-malware discs

Several anti-malware companies actually also provide recovery disc images that you can download for this purpose as well.

In fact, you'll note a common thread: "rescue" media of some sort. If you have a favorite anti-malware tool, it's worth searching for that "tool-name rescue CD" and you may find that they have one available.

Download that, burn it to CD, and boot your affected system from it to begin the cleanup process.

All-in-one Utility CDs

There are several popular free CD images available that contain collections of tools that can be used not only to recover from malware infections, but also to perform other maintenance and repair on otherwise compromised machines.

Each of these CDs are free downloads, and when burned to CD, they create bootable media that you can use to recover and repair your unbootable machine.

Live CDs

Many, if not most, distributions of Linux are free. Another approach is to use one of the Linux "Live CDs".

Live CDs are free, downloadable images that can be burned to CD. Boot from that CD and your machine is running a version of Linux without having to make any changes to your system or hard disk. You can then run anti-virus software or other tools against the Windows installation on your hard disk.

The most popular Linux Live CD is Knoppix.

Another promising Live CD is Ubuntu. Ubuntu's Live CD doubles as its install CD should you ever want to switch.

The great thing about all of these bootable CDs is that once you do boot, even if you can't perform the virus scan, you can still examine your Windows hard disk and possibly repair problems by hand, or at least recover files before taking more drastic action.

Because I tend to be a computer geek, I have copies of both Knoppix and Ubuntu lying around, and I am typically prepared to grab the latest Microsoft System Sweeper, should I need it.

Products listed are just examples for reference and no endorsement is implied.

(This is an update to an article originally published July 17, 2006.)

Article C2726 - October 1, 2011 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

39 Comments
Simon Scatt
July 17, 2006 10:40 PM

Many programms include spyware modules. Use anti-spyware for protect your privacy.
As for me, I like professional anti-spy software like PrivacyKeyboard by Raytown Corporation LLC.
You can download it here: http://download.softsecurity.com/1/14/prvkbd.zip (~4MB)


Anti-Spyware: Efficiency of the Means of Defense

Schnazola
July 18, 2006 6:10 AM

I used Knoppix to recover from an LSASS error (endpoint format is invalid). Since the error occurred before the Windows Desktop loaded and I couldn't even boot in SAFE mode, I booted from a Knoppix CD, navigated to my data, and saved them to a portable USB hard drive. Although I was totally unfamiliar with the user interface (I can barely SPELL Linux), it was intuitive enough for me to use easily. I then formatted and re-installed.

Mary
July 18, 2006 9:23 AM

Thanks, Shanzola for the encouragement. I have a hard time spelling SPELL if that gives you a clue about my computer expertise. You've given me the encouragement to give it a try. And thanks to you too, Leo for another informative article!

Andy Daranga
December 26, 2006 1:57 PM

If you can, please help me...
I have a boot virus that doesn't alow me to install windows (any type XP,2k) it creates an error at instalation and it restarts the PC after installation. I used Ultimate boot disk cd 3.4 and it doesn't recognises the virus, only the bios antivirus. If you can, please let me know what to do because I'm out of options. Thank you.

Leo Notenboom
December 26, 2006 10:24 PM

Try Live CD suggestions in the article: knoppix, for one example.

Peter Moreland
February 2, 2008 7:56 AM

If you have a second PC you can hang the (possibly) infected drive on the second PC as a slave drive and scan it that way.

Max Taylor
March 20, 2008 2:01 PM

Here's a question, once upon a time I remember Nortons antivirus disk being bootable with a Dos scan and virus removal utility in it. does anything like that still exsits? and if so what company still makes it it was fantastic if you thought you were infected and couldn't boot. scanned EVERTYHING , you'd load your dat files a floppy after you booted to the CD and run it from there.

chaleem
March 21, 2008 10:52 PM

Try to use Avast boot scan. It runs before Windows GUI is loaded. It is also free for non-commercial use. This is no advertisment :) I use it too in this situation. http://avast.com/

Leo A. Notenboom
March 23, 2008 4:37 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Another approach are to use the Linux "live" CDs like
Knoppix, or to build a Windows Boot CD yourself using a tool
like BartPE. Unfortunately a Windows boot CD cannot be
distributed (it's piracy of Windows), but you can make your
own using your own copy of Windows if you think to do so
before you have a problem.

Leo


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFH5unLCMEe9B/8oqERAvL9AJ9so++uWjKncsUdUYyY4EJ7tv3t/wCbBCQu
nIb894jJdsuliQ3nQhg5m8I=
=dUmk
-----END PGP SIGNATURE-----

gadya
December 11, 2008 10:24 AM

Very interesting but difficult for a non-expert: I tried to implement using.
1. BartPe. Created a cd but couldn't implement an antivirus plugin. The documentation doesn't seem to be up to date. Do you have a working example?

2. I have a Ubuntu live CD but it doesn't include an antivirus scanner. Can't download one as Ubuntu live won't store to the hard disk.

3. Chaleem suggested doing an Avast boot scan. I use the free Avast version but it doesn't include the boot scan.

4. re Max Taylor's note I have an old Norton Systemworks cd and it does a boot scan but only of the a drive!

jan
April 1, 2009 2:47 PM

my emachine winxp he just went to a black screen oneday that said boot failure insert system disk and press any key. i do not have a sys disk just the two disks that came with my pc. i tried different things that i saw on these forums and am now at NTDLR MISSING i can get into my boot menu and my bios setting but thats all i cant get into windows any help out there please. ty

Phillip
August 23, 2009 11:55 AM

My Grandparents computer is bogged down will not bring up Icons or windows bar at the bottom is trying to get them to purchase protection before they can user there computer afain could not find safe MODE ....ANY IDEAS??

Sounds bad. Without knowing more specifics, all I can recommend is this: How do I remove a virus? - though it sounds like a reformat/reinstall is in your future.
Leo
24-Aug-2009

Fred
September 21, 2009 7:41 AM

Hello.
New here, just signed up this morning.
Tried to go to the following:
"using Knoppix to perform a Virus Scan" http://go.ask-leo.com/060717a.
Get redirected to:
http://blog.makezine.com/archive/hacks/.
Nothing there I can use to do a virus scan.
Help.
Thanks,
Fred.

jeh_it
September 30, 2009 4:01 PM

Norton does still have bootable disks for system recovery. It comes free with yor NIS. If you don't know where to get yours, you can ask Norton Support and they will provide the download url. You will need your Norton Product Key to run the virus scan.

iggy
October 11, 2009 1:16 AM

I have the same problem as the others. XP operating system, with SP2, on a computer maybe 5+ years old. Plenty of anti-virus software. Computer started rebooting itself for no known reason last week. Tried Repairing it several times but it kept rebooting itself every time it got into Windows. The time spent in Windows got shorter and shorter until I couldn't even get into the OS. Just a black and white text screen, wouldn't even get past the boot menu - the computer froze every time.
I created a Knoppix (Linux) bootable CD as suggested. Put it into the CD drive... turned it on... CD booted up... got the splash screen... got a message that it was loading Linux... and then everything went black and the CD stopped spinning. Dead to the world.
And somehow when the bad computer rebooted itself, another computer which was plugged into the same router also rebooted itself over and over and over and over and over...
Two computers dead. How can it pass through a router?
Any and all suggestions to help fix these electronic paperweights would be GREATLY appreciated.

Sierra
October 17, 2009 6:40 PM

My computer did the exact same thing as Iggy's. I have a router is my iPod that runs on the same network in any danger?

Jorgen Hoyer
December 28, 2009 10:11 AM

I downloaded and started puppy linux. Downloaded avast for linux (debian & rpm), then tried to 'install / run' the avast from the usb flash-disk where I had unzipped it. Being only a windows user I did not succeed. Is there a 'step by step' for this task ?

Joe
April 5, 2010 3:11 PM

same problem as others. My virus loaded into bios and transfers into boot sector. I disconnected HD and flashed bios, connected HD and ran Seagate low level format, then wiped HD (many times). The ba---- bug is still there. This is a new HD, the old one stopped working because of this problem.
I CANNOT FIND A DOS ANTI-VIRUS PROGHRAM TO PUT ON A BOOTABLE DEVICE. IS THERE SUCH A THING?

Joe

swamy
June 30, 2010 5:54 AM

I removed the hard disk, loaded it into a hard
disk case, connected it to USB drive of another
machine and ran
AVG Antivirus and Malwarebytes to
scan the disk and followed it with Spyware Search
and Destroy.
The disk was clean for reinstallation into the
first machine.

Pieter
August 24, 2010 5:38 PM

First of all: Thanks for the great advice Leo! :-)

I had a very agressive rogue virus called "Antimalware Doctor" on my computer. I was able to remove the virus with Rkill, Malwarebytes and a few other anti-virus programs, but after that it went downhill with my computer.

First my internet connection was completely gone, then I couln't boot Windows XP in normal mode anymore and after that I wasn't even able to start it in safe mode anymore. So the only thing that interested me at this point was to recover some files I didn't have a backup of. (I could do a clean install of Windows after that.)

I have first tried Knoppix, but for me it was really a struggle to make it work. I had to do complicated things just to download it and eventualy it didn't work on my computer. After that I have tried Ubuntu. And it was so amazingly more easy! You just download it from their very clear website, burn it on a cd without worrying too much about anything, put it in your computer, restart your computer et voila! It just boots properly and you are able to use a very nice operation system that is very fast too! I was able to see my hard drive with my non-backupped files on and I just plugged in an external hard drive to copy these files to. An idiot can do it. :-)

Giuliano Salas
March 6, 2011 5:07 AM

I don't have any problem doing the reformat and reinstall solution, but the issue is that I don't know how to do it now that my computer won't access Windows. It only shows me a black screen with the mouse pointer. Help please!

Surendra Kumar
May 24, 2011 10:29 AM

Dear Friends,
In one of my process computers, I m facing problem with internet connection. The system boots in normal mode but internet (neither IE nor Opera) is not working. My computer is not booting in Safe Mode (it simply restarts). At the same time, System Restore shows Switched Off by Group Policiesand is not resetting even through editing the registry. And though I have backed up the data, I cannot Format the HDD. The reason is that I have installed Siemens Softwares, namely WinCC and Simatic Step-7 into my HDD. These softwares need their keys to be installed on HDD which already exist. Now if I format the HDD, the keys will be lost. And I do not have the tool for key trasfer from HDD to some other device (the key transfer tools for the two softwares were in two different floppy disks which, due to some electromagnetic interference got damaged.

Can you please tell me of some good virus cleaner effective for Windows-XP virus that can be started from an USB/CD where USB/CD can be made bootable using some Linux based or other (which?) system?

Firuz
September 25, 2011 4:39 AM

I have that problem. My computer gets the virus. I don't understand at once. My computer normally works approximately 30 second, but then my computer hanged. I couldn’t work afterward. At first time I thought that my computer had the hardware problem. In order to work I forced the reboot my computer 5 or 6 times. . I don’t understand why my computer did it. But then I understood that my computer got the virus from Internet. After that I forced re-install Windows XP SP2. Such I have one question: How can I clean my computer from that virus, if I will get such situation, without re-install Windows XP SP2?

Mark J
September 25, 2011 4:49 AM

@Firuz
The surest way to get rid of a virus is to reformat and reinstall Windows, but in most cases it's possible to remove a virus without such an extreme measure.
http://ask-leo.com/microsoft_standalone_system_sweeper_clean_malware_from_your_machine.html
http://ask-leo.com/my_computers_infected_with_a_virus_how_do_i_clean_it_up.html

Steve
October 1, 2011 6:46 PM

I take the hard drive out and slave it in another computer. I can then scan it with the anti-virus program loaded on that machine. There is a slight danger of infecting the machine it is slaved in but most virus only run on windows startup.

AG Wright
October 1, 2011 6:54 PM

For those that have systems that will not boot and have boot sector viruses, first you have my sympathy, second you will need to use one of the boot disks that Leo suggests to at least start the cleaning.
After that you may need a Windows XP installation disk for your computer. If you do not have one, so many people don't because they have a system restore partition that can also get infected, see if you can find one to borrow.
Run it and when it stops at the XP installation screen choose repair on that screen. It will ask you for the Administrator password. If you don't know what it is you can try just hitting enter. It works more often than not.
Now you are at a DOS prompt and you need to type in "fixboot" without the quotes. It will ask do you wish to rewrite the boot sector. Type y and then enter.
If you are lucky it will fix the boot sector virus. You should be able to boot to Windows now. If not you will need to reinstall Windows.

Bob
October 3, 2011 3:33 AM

I've been here before.
I had a lot of difficulty getting any of the CD / DVD things to work - the virus disabled booting from these devices. I did, however, manage to make a USB-bootable version of Microsoft Standalone System Sweeper, and clean/repair the pc enough to get some anti-virus software on and running.

It's rare that a virus can actually prevent booting from CD/DVD. If it does you should simply be able to go back into yoru BIOS and re-select the CD/DVD drive as a valid boot device, and place it in order prior to the hard disk.
Leo
04-Oct-2011

Jack
October 4, 2011 9:43 AM

Even if you are able to remove the virus with the rescue disk, the virus will often mess with your files and registry. So even after removing the virus you will often have a system that's not really running properly. So I still prefer to back up peoples files after cleaning the virus off of their system. Then I just go ahead and reformat and then restore their files. No matter how good you are at cleaning one up, nothing runs quite as good as a freshly formatted computer. Plus when they reinfect their computer they can't deny it and say I didn't really get it clean. Most people who get viruses tend to be habitual offenders. At least that's been my personal observation. I can run a computer with no antivirus, just Windows firewall without getting infected. I don't see how so many people manege to get these things so often. Some people will just click anything I guess.

denny
October 4, 2011 9:50 AM

Here's another bootable program worth mentioning.. Bit Defender Rescue CD... its a "Live CD"... its free and it also has network abilities so it goes out and downloads the latest virus definitions automatically each time it boots up.. After running the scan & cleaning the computer another option on the "Live CD Desktop" is "Firefox" ... here's the instructional link for making the Bit Defender Rescue CD..
http://www.bitdefender.com/support/How-to-create-a-BitDefender-Rescue-CD-627.html

GB
October 4, 2011 10:01 AM

I used a computer of a friend. I did a search on what I thought was an innocuous subject (speech). I got malware. We could not get the malware off. It froze the computer. It would not reboot. We tried to reinstall Windows but the malware changed the BIOS so it would not boot from a CD. Nothing would work. How would one be able to reinstall an OS on something like this?

If it truly changed the BIOS you'd have to start by re-flashing the BIOS or resetting it. (Check with the computer's manufacturer for instructions.) More likely you simply need to change the boot order in the BIOS to boot from CD first.
Leo
04-Oct-2011

Craig Parker
October 4, 2011 10:21 AM

Anyone heard about the new deal MS is cooking up with hardware manufacturers? Booting to any kind of livecd might be getting more difficult in the near future:
Read this article about SecureBoot to see what I mean. Still possible I guess, just a pain.

Andy
October 4, 2011 11:00 AM

Before you pick up such a virus that prevents a boot, make a boot CD that is virus-free. Actually, I have tried to do this, but without success so far. I will keep trying.

Jarvis Edwards
October 20, 2011 3:57 PM

Another good solution to running antivirus without using a rescue disk is to remove the hard drive, and place it into a USB enclosure. Then, attach it to an uninfected computer, and scan the drive with several programs (separately).

That's a viable solution, however there is a risk that if the virus setup autoplay/autorun on that hard disk - even though it was your system disk - and the target computer has autoplay/autorun enabled then simply attaching that infected drive to another Windows computer could cause that computer to become infected. Personally I find the reboot from CD approach to be much preferable.

Leo
22-Oct-2011
statusphere
December 19, 2011 11:38 AM

@Craig Parker

Not the end of livecd's - Just disable secure-boot in bios. Luckily no manufacture would be dumb enough to produce motherboards that only support windows 8.

April
December 29, 2011 7:44 PM

My son was trying to fix an issue with my keyboard and installed a new one but it didn't correct the issue with keys not working in certain sector of keyboard, found issue listed on several forums that it might be an issue with malware/virus, but also had an issue with it starting to list "no bootable device detect" so he also took the laptop apart to check all connections and removed hard drive and then re-installed, now the computer won't boot at all. It had also started doing a ticking sound part time then it would stop.A system restore was done but didn't correct the keyboard issue & the computer did boot up at least once after that but now the computer won't boot at all. Could a virus/malware do this or is it a dead hard drive? It won't safe boot either. He tried booting ubuntu from a flash drive but said he didn't get that to work either. Should I just go ahead and try to run the Malware suggestions or the Microsoft standalone system sweeper? If it is a dead hard drive is there any way to get my pictures and files from it, yes I know I should have done more backups on the system but my husband usually uses it for more internet surfing then files and I just plain forgot common sense maintenance with it. Thanks for any other suggestions. ( Windows Vista OS- 3 yrs old laptop)

Michael
March 1, 2012 11:19 AM

I used the Microsoft Standalone System Sweeper to boot and scan my computer. It did a great job of getting a Trojan virus I had on my computer. I had also downloaded the Ubuntu Live CD. After I had removed the virus, my system still would not boot up. Well, I would see the Windows logo, then my computer went into setup mode. It said that setup is being restarted... Then it said: "Please insert CD labeled "Windows XP Professional Service Pack 3 CD" into your CD-ROM drive D: and then click OK. You can click OK if you want files to be copied from an alternate location, such as a floppy disk!" I inserted my Windows XP Pro disk that came with my Dell computer when I bought it. It was the service pack 2, however, as I bought my machine in 2005. I had gotten to SP3 through the download center at Microsoft.com. When I inserted my CD that came with the computer, I got a Fatal Error Message. It said "One of the components that Windows needs to continue setup could not be installed. The operation was cancelled by the user. Then I got an Error message under that which read: "The signature for Windows XP Professional Upgrade is invalid. The error code is 80060100. No signature was present in the subject."
Like I said, I had also downloaded the Ubuntu Live CD. When I put it in the CD drive, I could try the CD before using it, but I could not install Ubuntu. When I tried it, I could see all of my programs on my computer, but I could not use any of them. Then I used my Windows XP Pro SP2 CD to run chkdsk /r/f at the recovery option of installing Windows XP again. It removed all of the bad files, and stated that the disk had been repaired. However, when I tried to boot into Windows, I got the same error messages as before. So I tried the Ubuntu disk again. This time I was able to load Ubuntu onto my computer. It partitioned a external hard drive I have, and loaded itself unto it. However, my programs are still not working. I can view all of my pictures, but I cannot access any of my music or videos. These are the ones I had backed up on the external drive. I have tried to access some of the programs on my internal hard drive. but I have no success loading any of them. What am I doing wrong. I saw a Microsoft Product called Diagnostics and Recovery Tool. There is a Version (5) for XP. Do you think this application would solve my problem? Thanks for your patience and guidance!!

jim
March 31, 2012 6:59 PM

i have reinstalled windows becasue of security check virus blocking me from booting, however i still cant boot after restart is it possible the virus has stayed somehow? how do i fix this?

George
July 10, 2012 11:11 AM

How do I run a bootable virus scan such as Microsoft Standalone System Sweeper when my machine doesn't see the CD driver until Windows boots up?

Well ... you can't. I'd make sure, though. It's very rare for a CD not to be recognized by the BIOS. What's more common is simply that the CD is not checked for bootable media before the hard disk, so booting from the hard disk happens before the CD is even looked at. Check the boot order in your BIOS.
Leo
10-Jul-2012
Felix Manzelli
April 14, 2013 3:27 PM

I got hit with the FBI white screen greentag virus on my Dell mimi with no cd drive.
Cannot reboot system locks up with the white screen. How can I remove this from my dell mini 10, no cd drive. Sytem will not boot from flash drive eighter? How to I check BIOS?
winxp ie8 sent from main system.
thank you
Felix

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.