Discussion on:

Five portable antivirus and antimalware tools to carry with you at all times

A must-have. One of the best things MS produces, and they give it away free! Boots to its own limited version of Win7, from CD or USB stick. Be sure to get both 32-bit and 64-bit versions. Only problem is keeping it updated - tedious on flash drives, impossible on CD's.

There's absolutely no mention of a standalone version of Security Essentials on Microsoft's site. Do you have a direct link?

It doesn't exist, if it did we would have heard about it by now

Although probably by another name. Look for Windows Defender Offline or mssstool32.exe and mssstool64.exe. With this you get an offline tool that resembles Security Essentials.

Windows Defender is not the same as Security Essentials.
Yes, I'm sure it's better than nothing, but the original poster claimed he was using Security Essentials portable edition.

the Microsoft Windows Malicious Software Removal Tool (KB 890830) available in both 32 and 64 bit versions and there is also the Microsoft Safety Scanner, an online tool. I realize they are not the same, as pickleman has noted as a standalone version of MS Essentials but FWIW.
BTW, I posted this information the same day the article came out complete with links to each of these download sites. Although the links are completely legit, apparently the posting did not get the approval needed to appear here. I waited 24 hours and repeated the posting but it also has not appeared. Here's hoping this posting today is not blocked/censored/whatever.
Regards,
Steve

The problem is the Link itself.

The Scripts used by TR block a lot of Legit Sites including Microsoft. I no longer expect any Link including a Tiny URL to be accepted so I break the link with a space between the Domain Name and the .whatever. This gets accepted without issue and I post a note to remove the space like this

http://www.techrepublic .com/forum/discussions/102-395496?messageId=3708778
remember for a working link remove the space from between techrepublic and the .com

Col

all in one fun.

AVG offers a Rescue program as an ISO or a USB program from RAR or ZIP. The bootable program brings its own OS. It does require access to the internet to update its definitions but it sets up its own access with limited user participation. It has worked for me.

For non-bootable PCs, Kaspersky Rescue disk is my go-to resource. It is excellent at removing boot sector rootkits and other malware. The MS Defender offline scanner is good but not comparable to the Kaspersky Rescue Disk.

In my opinion, most of the software Jack recommends is rather ineffective. I do a lot of malware removal and use RogueKiller, MBAM , and TDSSKiller as the prime tools for most systems. Combofix is the next option if MBAM is not effective. Of course all those require a bootable PC.

So, out of curiosity I dl'ed from the SOPHOS link provided. It did not install a "portable version" rather installed on my PC. I could get a "start in directory" on a flash drive but the interplay between the two was not clear and I didn't have time to check it out. Not happy about the installation technique! Could be user error, granted, but I have lots of success with PortableApps type software and this didn't give me options. Is a portable version truly available?

If serious about malware management. then you'll want formal tools, i.e. those that work without runnig any code from the infected installation.

The two best platforms for such tools (in my experience) are Bart PE Builder and Sardu. There are others like Sardu, but I haven't tried them yet!

Bart PE Builder is based on the old XP or Server 2003 code base, which makes it a best fit for those and older OSs. Like those OSs in thier native form, it needs AHCI to be disabled for it to boot, else you'll get a STOP error. Remember to resore the original mode before booting the hard drve, else that is also likely to STOP.

Bart can read the hard drive installation's registry hives as if in effect, via the RunScanner plugin, if the OS is Windows 2000,XP or Server 2003. That alone can make Bart a very useful maintenance OS for these older Windows versions.

In contrast, Sardu simply straps together a number of bootable "rescue CDs" so they can be launched from a single boot optical disc or USB drive. I'm using it with AVG, Avira, Kaspersky, VirusBloka, Panda, Bit Defender and PC Tools AOSS.

Thanks 4 Information.

With YUMI i have on my 18Gb Bootable usb stick a lot of tools:
2 Anti-virus scan: (Kapersky rescue disk 10, Acronis Antimalware cd), 4 Systems Tools (System Rescue CD, Gparted, Utimate Boot CD,...), 1 Linux Distrubution (Fedora 17 Live) and 1 Windows Installer (Windows 2008 Enterprise).
With YUMI I can add/remove Others Virus-scan..
It's very easy to use.

I use Combofix which has cleaned many a tough virus out of badly infected machines get it from combofix dot org

Nice set of apps, one I had not heard of, but really, ALL THE TIME? Should we make up USB keys and hang them in the bathrooms? A little overstated, but good to know about.

Just went to test the Sophos Anti Rootkit Portable app linked to by the article. The tool is called Sophos Virus Removal Tool and is NOT portable. I started to test in on a Win 7 x64 machine, but when it began an installation process, I canceled it.

Honey, I've been around so long that spybot has gone from 10,000 to 820,000 items it searches for. I am glad to see it here.

Like jrbwalk, I've seen Spybot go from nothing to what it is now. I remember when all we had to work with was Ad-Aware and Spybot.... In that length of time, I have not come across a program as consistent and efficient as Combofix by BleepingComputer.com It's a shame it didn't make it onto this list.

Firstly, another vote for Combofix; it's free, it works in Safe Mode with Networking (I specify this option as it will check online for updates plus it will install the MS Recovery Console if the infected machine doesn't already have it), it can be run from a flash drive and it eradicates not only viruses and malware, but rootkits and bots as well. With that said, my 2 cents would be HD USB Enclosures. They range from about $3 to $20 on Amazon and can support almost any drive type and size. The process is simple: remove the infected HD from the shell, insert it into the enclosure and attach it to a healthy computer running Windows (preferably a clean test machine). From there, scan the drive with your best AV app, rinse and repeat if necessary and when complete, insert it back into the shell and reboot.

I am of the opinion that if you get an infection, the only safe course of action would be to wipe the drive and do a clean reinstall. You are never sure that you got everything because you may find the obvious culprit, but never know if some baddies are lurking in the background. Ensure that all your data is backed up and then nuke the drive and start over.

I make use of Immunet antivirus and satisfied with the performance. It offers real time protection and all round support has been of great importance.

But I agree with cummingsc you can't be sure unless you wipe the drive. I used to just nuke and pave the system but after my years of pushing for taking all users out the local admin group on the PC mush of this problem has gone away. Now if someone gets a virus I simply copy there local files, scold them for not using their personal network drive, delete their account on the PC, delete their user folders, log back in as them and move their files back.

Unless of course my boss in all of his wisdom and experience has given the use the local admin uname and password. Then I let him deal with it.

I normally keep something like the Hirens Bootdisk nearby and run the Sophos Command Line scanner in that MiniXP environment. It can be set to run from flash or a CD. Works pretty effective and most of the time allows me to boot into Windows after the scan to clean up with tools like Malwarebytes, Spybot and Super Anti Spyware.

I would suggest to download free antivirus which is available online and it can be downloaded with Internet On, http://antivirus.comodo.com/ is a free antivirus which I have plugged in to my Laptop.

I probably know enough to get around and do some damage, but can't back my way out all the time. What is recommended for those of us who regularly use our laptops, etc. to keep a shield between us and the bad bugs? Is there a routine of sorts?

Hmmm... if you're running Vipre as your main antivirus, and your system has gotten so infected that it cannot run, I'm wondering how running a standalone version of Vipre will catch something the full version did not?

I guess a case could be made for an end user overriding warnings because they REALLY wanted to see that Ultimate Harlem Shake video with the porn stars!

USE SAFEMODE!!! I use ComboFix, Malwarebytes Pro, HitManPro36, HiJackThis, RogueKiller, Sophos VRT, AVG and occassionally Kaspersky as well as others but remember Kaspersky interferes with Windows updater! Always check for latest versions and updated signature databases daily. Monitor open ports and know your processes, make use of pinging and TraceRT and examine incomming and outgoing traffic, It seems as no one company can stay on top of this mushrooming problem any more, so use them all, I've found the shotgun technique to be the best defense sometimes. I often wonder what the actual average latency is between discovery and solution, let alone what the average latency for malware deployment to discovery is? Just can't seem to find those figures anywhere! The very fact that just about every AV software company seems to have a free version of their software these days is tantamount to an open admission, is it not? The problem seems to evolve faster and faster all the time. There always seems to be a new crop of Skids to do the bad guys' dirty work if you know what I mean. If you're feeling over worked you probably are and this job is definately not getting easier. If your are not scanning and monitoring you're falling behind, but I refuse to lock it down, it just goes contrary to being human. Looking for that ultimate solution let me know if you find it! Hope this helps.