One of the most common questions I get is how to scan a computer for viruses and spyware if there isn’t an up-to-date antivirus package installed. As most of you know by now an out of date antivirus program is all but useless.
Almost exclusively, I use McAfee’s SuperDAT scanner to clean up systems that I suspect are infected. This handy little package is updated extremely frequently and as such is really useful on a computer where there’s no updated security package running.
First you will obviously need to download the SuperDAT package. Click the link above, agree to their terms of service, and then download the SuperDAT package. It’ll be called something like sdat5195.exe (that’s what it is as of the time of this writing). Save the file to somewhere that you’ll be able to locate it. I would suggest c:\temp as we need to expand the file you just downloaded; it’s an auto-extractor.
Once the file is downloaded click Start->Run and browse for the file. Before you click OK to run the file, you need to put -e on the end of the command line. This instructs the package to extract itself into the directory the file is currently in, as opposed to trying to update some installed McAfee software suite.
The command line should look like this:
Now it’s time to scan your computer. First, to ensure that we have minimal interference, boot into Safe Mode. Once fully booted there, click Start->Run once again and type CMD. This will open the command prompt and is where all of the action will take place. You didn’t expect it to be easy since it’s free, did you? :)
Assuming that you saved it to C:\Temp as I suggested, here is exactly what you’ll need to type to run this:
Scan /adl /unzip /clean /rpterr /report c:\temp\error.txt
Here is an example of what it’ll look like running from the command line:
Here’s a breakdown of what all the switches mean:
/ADL = All Drives Local: The scanner will go through all of your physical drives, skipping the removable ones (CD-ROMS, Floppies, Flash drives, etc)
/UNZIP = Extract all archives: If a file is in a compressable format that the scanner recognizes, then it will scan within that archive. This way viruses that may be hiding in a compressed file are found.
/RPTERR = Report all errors: Any errors that are encountered will be included in the file you designate under the /REPORT flag.
/REPORT = Generate a report that will list all viruses found and save it to the path specified. In this case it was C:\Temp\Error.txt.
If you want to look through the other flags that you can use, then type Scan /? . It’ll bring up a list of the other possible options that you can use.
If you run into a few files that don’t allow themselves to be cleaned even while booted to Safe Mode then you may want to try using Barts PE to scan your machine. It boots independently of your computer’s OS and as such no files on your hard drive are in use, which will allow you to clean up pretty much anything. You can use McAfee’s SuperDAT in conjunction with Barts.