back to article Windows Defender Offline: For PCs too hosed to go online

Microsoft has released a beta version of its Windows Defender antivirus tool that works even when computers are so badly infected that they are unable to fully access the internet. The program allows users to boot their sick machines from a CD, DVD or USB flash drive and use the most up-to-date definitions to fight the …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    When a PC gets that bad the best option is to start again with a clean install, having first booted from a USB stick to get important data off, or what's left of it.

    1. Anonymous Coward
      Anonymous Coward

      clean install

      of Linux

      1. Fatman

        clean install

        I once saw this badly infected XP box with a BSOD, and the words 'Nuke Me!" scrolling on the screen.

        I felt sorry for that PC, so I inserted an Ubuntu Live CD, and dis-infected it.

        As I booted it from the hard disk for the first time, I saw "I am one with the Penguin" appear on the screen just before Ubuntu loaded. Infection cured.


        1. melt

          You write like Cory Doctorow.

    2. Anonymous Coward
      Anonymous Coward

      "When a PC gets that bad the best option is to start again with a clean install"

      When a PC gets that badly infected its time to install a copy of Linux and move on.

      1. Grease Monkey Silver badge

        "When a PC gets that badly infected its time to install a copy of Linux and move on."


      2. Wize

        "When a PC gets that badly infected its time to install a copy of Linux and move on."

        When average Joe User installs Linux on their own machine, it will be the day the internet will be flooded with Linux viruses.

        Remember, the average user won't have locked down the machine as tight as the experienced Linux user and will probably click on all those fancy popups and 'install me' links.

        1. Vic

          > the average user won't have locked down the machine as tight

          Yes he will.

          It's the default condition.


        2. Anonymous Coward
          Anonymous Coward

          @ Wize

          "Remember, the average user won't have locked down the machine as tight as the experienced Linux user and will probably click on all those fancy popups and 'install me' links."

          No, that WILL NOT WORK. You may (unlikely) hose the user account but the system files will not be replaced by malware laden fakes.

          Why don't you people understand? NOTHING IS EXECUTABLE UNLESS YOU MARK IT AS SUCH.

          Just having a file extension of .exe does not mean a damn thing on Linux or UNIX. Try to get your head around that.

          1. Wize


            First of all, remember that not everyone uses Linux, so shouting and complaining that people cannot get their heads round something that they have probably not come across before is quite redundant.

            Anyone who has helped relatives clean the spyware and viruses off a PC has seen countless programs downloaded and installed. It used to be fake copies of programs like bejeweled containing trojans but now there are 'boost your crops in farmvile' type nonsense around.

            Having to click a few buttons extra to install won't stop your 'average' user with a set of instructions in big friendly letters beside the download link. Giving it rights to run as root will be part of it. Some will just do it. Others will with a bit of technobabble thrown at them.

            A question to the people who think Linux is 100% idiot proof.

            With key presses/mouse clicks from the person who installed the operating system, is it possible to run a downloaded program with full root access?

      3. Bugs R Us
        Thumb Up

        Agree, clean rebuild even if it means... loss because people are too lazy to have backups.

        I too get called when friends and family PCs get infected. However, even when I think I can recover the PC I tell them it means a rebuild and if they don't know what data to backup then tough luck, I just format and re-install. The beauty of this hardline approach is that now my friends and family take far more care when it comes to downloading files and clicking on links they are unsure about. No pain, no gain.

    3. Si 1

      Yeah starting again is usually the best option, especially if it's your own computer, but I recently had a problem like this with my aunt's PC. It had one of those anti-virus viruses that blocks all internet access except access to their site to buy their fake anti-virus product.

      While I could have suggested a full re-install, she hasn't got a clue what files need backing up or where she keeps them on her computer and so I would inevitably get the blame for not backing up everything properly. Plus there's the onerous chore of waiting for her wheezing P4 to reinstall everything (assuming she can find the discs).

      If MS can release something that will clean a system up to the point that I can get back on the internet and download other clean-up tools I think it will be my preferred route... because I'm lazy like that. ;)

    4. Anonymous Coward
      Anonymous Coward

      I agree, but...

      I agree with you, but there are many people for whom that is simply not an option because they don't have the requisite skills. Often these are the people who have machines that are totally borked. It's a nice option in the cannon of tools to fight the bad guys.

    5. Scorchio!!
      Thumb Up

      Certainly it's not a good idea to mend what is broken. I keep images on a LAN drive, I keep them on backup drives that are not connected, and I have a number of Swiss knives in the form of bootable CDs and USBs. I tried the Acronis (Linux) confection, putting it on a USB which can live update. As has been mentioned elsewhere - possibly here also - it's good to rehearse strategies, but the only real test is a genuine emergency with a genuine infection.

    6. TeeCee Gold badge

      Maybe, but I just *hate* to accept that some scrote's got the better of me and admit defeat.

      In some cases I've dealt with it might actually have been quicker to reinstall, but nowhere near as satisfying.

  2. b166er

    I hope this is a WinPE variant and we can therefore use GMER, TDSSKiller, ComboFix, MBAM, Rkill etc.

    If it is, we can also take an image with ImageX.

    AC #1 The only time I give up, is if there's a persistent rootkit that the above tools won't remove.

    You could flash the BIOS, replace the MBR and start again, but I usually say nuke the fucker from orbit at that point.

    Lately, it's been a great excuse to get some customers who desperately need it, to buy new PC's :D

    1. Anonymous Coward
      Anonymous Coward

      If you will nuke it

      If you've got users that are that much of a liability with the Internet, I think it's high time they were given a Mint pendrive and told it is a new version of Windows. It's not like they will know any better and it's going to save you/them an awful lot of heartache cleaning up after them by the sounds of it.

  3. Eddy Ito


    It will probably boot into DOS.

    1. Pete Spicer

      If it's old enough to have DOS on it, it's likely old enough that these tools won't help that much anyway, being probably too old to support USB properly.

    2. Charles 9 Silver badge

      Probably not DOS... DOS isn't equipped to handle NTFS filesystems, but the modern Windows STILL has a console mode, and seeing it boot into that wouldn't be beyond the realm of possibility. Indeed, it may be encouraged in case the damage extends to graphics drivers.

    3. J. Cook Silver badge

      @Eddit Ito: boot into DOS...

      I don't care if it boots into OS/2- if it'll clear off the bugs that are infecting the system and restore at least minimal functionality, or let me copy the files off the system onto a temp drive for later restoration, then it really doesn't matter what OS the offline boot runs.

  4. jake Silver badge

    Gawd/ess. The mind boggles.

    Even Apple's OSX can go into single-user from the console to fix shit.

    Earth to Dave Cutler, are you paying attention? I still run TOPS-10 and -20 on vaxen for a few clients ... but personally, I'll stick with Slackware & BSD (occasionally ecomstation) for the duration :-)

    1. robj

      TOPS-10/20 on VAX?

      Curious how you do that, unless you use emulation.

      1. jake Silver badge


        I was at SAIL, and a DEC intern. We did weird stuff ;-)

        Yes, today it's under emulation (Linux based, both on Celeron powered headless laptops with 256Megs of memory). One system runs about fifteen acres of greenhouses. The other runs a largish machine shop. The code I wrote over thirty years ago still works, and we see no reason to update it.

  5. koolholio

    Jokes that aint funny!!!

    You're joking, Microsoft would never think of a wise way of removing rootkits that they arent able to prevent in the first place! and definately never as technical as GMER, ComboFix, TDSS/TDL removal tools or even as simple as a portable edition of SFC with a cache folder

    As for the EEPROM on the BIOS, or the MBR, well thats just asking for trouble if Microsoft were to incorporate that, no one would ever put their head on a chopping block.

    Booting from removable media, provided you dont accidently boot into the OS and during its boot process it infects or corrupts the only removable media copy you have access to.

    One word that I predict, I think the picture says it all...

    1. Vic

      > during its boot process it infects or corrupts the only removable media copy you have

      This is why I always boot from CD, rather than USB drive, when I'm suspicious of the machine.

      Go ahead, try to write to my CD :-)


      1. Darryl

        I just make sure that the USB drive I'm using for this purpose has a little switch on the side. Slide the switch to the picture of a locked padlock and then plug-er in

  6. Anonymous Coward
    Anonymous Coward

    Been around for a while...

    ... Microsoft Standalone System Sweeper Beta renamed? Why Windows Defender Offline and not Microsoft Security Essentials offline?

  7. R 16

    wasted time

    It doesnt matter. Viruses disable antivirus. So what is the point of having one that would work when you cant get online?? Windows Defender wouldnt even work if the virus was strong enough to take the pc offline.

    I would say you have a 1 in 100 chance of a computer actually being able to open Windows Defender if the virus was sophisticated enough to disable the internet. It would have already taken out Windows Defender.

    1. TeeCee Gold badge

      Except of course that this thing boots standalone. Thus your postulated virus that takes out Windows Defender isn't running at the time.

  8. GremlinUK

    "Windows Defender Offline Beta walks users through the steps required to set up the boot disk."

    ... when you've downloaded it where? On your machine that's too sick to talk to t'internet?

    1. Steven Roper


      Go and have a look at your local public library sometime. I know it's probably been at least a decade or two since you last visited it, and you might be surprised at some of the changes that have taken place since you were last there back in 1992...

      There's also these shops called "Internet cafes" that now exist in most cities and towns, you might want to look one up near you and check out what they actually sell besides shitty coffee! ;)

      1. The Original Ash

        Trust a public computer, eh?

        I've put an SD card into a photo kiosk before, and it came out with an MMO-credential stealing trojan. I wouldn't put anything into a public computer and bring it back home without it first being sheep-dipped, and if you have a computer to sheep dip your removable media, you can use that to disinfect the hard disk of your other machine.

    2. TeeCee Gold badge

      You'd have to be a bit thick to generate the boot disk on the machine that's infected anyway.

      Then again, you'd have to be a bit thick to have thumped the "yes please" button when that message came up offering to install a FREE!!111!!! Secuitry Scanrer......

  9. Anonymous Coward
    Thumb Up

    Good info. Thanks Register!

  10. Anonymous Coward
    Anonymous Coward

    A better solution

    A better solution might be to improve the security in the first place!

  11. jason 7
    Thumb Up

    I tried nine linux based AV rescue disks about 6 months ago.

    Most of them were useless so another alternative is welcomed.

  12. ZenCoder
    Thumb Up

    Might save me some effort.

    The best option isn't a clean install, its restoring from a recent full system partition backup, followed by extracting and disinfecting the user's files from a backup of the infected made prior to the restoration. Better yet the user has an external hard drive and software which syncs their personal files on a regular basis.

    Unfortunately what I normally see is someone with no backup, who has critical software installed which cannot be reinstalled because they can't find the discs, and needs their PC up and running in about an hour because even though its been unusable for a week they waited until the day before their work assignment/homework/whatever is due to take care of it.

    I normally try to boot into safe mode with networking with a fresh download of malware bytes on a usb stick. If that doesn't work I pop the drive into an eSATA dock and clean it up with from my PC.

    Hopefully this will work in situations where booting from safe mode isn't an option or where I don't have access to a 2nd computer and the right adapter to connect a drive to it.

  13. Anonymous Coward

    Cool Beans

  14. John Tserkezis

    I can't believe they offered this as an "option".

    Perhaps it's just me, but if you're going to disinfect a box (or at least try), the *FIRST* thing you do is take it offline.

    Bitdefender? Really? Your box is hosed to the point it can't connect and Bitdefender is going to save you? Good luck with that, as the saying goes.

  15. Gerhard den Hollander
    Thumb Up

    About! Fscking! Time!

    I've been doing this for the last decade orso using a linux bootable USB stick, and the latest clamav, but that cannot always clean out all the windows crap.

    If (and that's a big if) this does what it sais on the tin, it's a great, huge leap forward.

  16. Anonymous Coward


    Microsoft finally distributing Knoppix, huh?

    OK, I'll duck and run...

  17. JDX Gold badge

    re: clean install

    1. Some nasties can survive this

    2. Some of your documents or needed files can get infected

  18. Doug Glass


    I was asked to help a friend with a computer so badly eaten up with malware it was essentially a non functioning boat anchor.

    Booted using an Ubuntu LiveCD, copied off his data files, wiped his C: drive with GPartEd, zero-filled the drive with the maker's software and reinstalled his OS. Took maybe an hour.

    It's just a waste of time to try and repair some computers.

  19. Anonymous Coward
    Anonymous Coward

    There's also various self updating ISOs available from big AV manufacturers. I usually remove the disk and dump it into a fully updated PC, scan it and recover data that way.

  20. Refugee from Windows

    Catching up?

    Don't they already know that most of these problems are fixed by booting up with a *nix bootable USB? Maybe because they are trying make this more difficult with the next version of their OS.

  21. Tezfair


    doesn't Microsoft Standalone System Sweeper Beta do the same thing?

  22. Anonymous Coward
    Anonymous Coward

    Astounding ...

    It amazes me that people (especially those who call themselves IT experts) even accept or tolerate this sort of nonsense in the first place. No OS should be so defective by design as to even need this constant attention and mollycodling all the time, far less so *constantly* demand it. And Windows fans actually just shrug and regard this a a minor, quirky feature of their chosen OS -- and utterly fail to understand why this is -- babbling on instead about "market share" or "Windows has these problems because its so 'popular'"!

    Microsoft needs to get acquainted with the idea of a *nix-style file system, users, groups, permissions and the true meaningful definition of the word "executable" in proper context -- then do some actual software engineering instead of popping out these useless, palliative measures which just annoy the user in the end and in the long run never even attempt to cure the underlying malady. It might "break" backward compatibility (actually I don't believe that) but would instantly cure a lot of the recurring problems associated with Windows. I speak as someone who has and still does write software for Windows and have done so since 1993 so it isn't even as if my opinion here is entirely baseless. This isn't MS bashing. I'm simply stating a fact.

    If it were any other product other than software they wouldn't be allowed to sell it. It would be classed as dangerous.

    Why so many people still go on just blindly and unquestioningly accepting that this product behavior is even remotely *normal* in software -- and then spend so much unproductive time patching and re-installing their crippled OS is utterly beyond reason. Its simply nucking futs!

    Einstein, I think, said anyone who keeps doing the same thing over and over again, expecting a different outcome is insane. Gosh, it must be true.

    1. Snapper

      Could not agree more!

      Windows users have been guilty of accepting Microsoft's marketing that 'every' computer system has viruses and that they should pay again and again for keeping their machines secure.

      If Microsoft hadn't thrown in the towel security-wise decades ago, the whole computer security landscape would be utterly different, and people would gasp in amazement at the thought of a new virus, just like they still do when some security company tries to insist that there might be an Apple virus 'real soon now'!

    2. Al fazed

      Seriously !

      Yes, seriously grateful that this is the case, most off the shelf OSes are crap, or otherwise I would have to do some other kind of work.


    3. Boris the Cockroach Silver badge

      Most of the trouble

      has been caused by 2 m$ decisions

      1. no seperation of user space and root space

      2. embedding the browser in the system so deeply that any flaw in the browser becomes a way to infect and destroy the os.

      I'd still like to know what the design justification for having the browser be able to run OS parts such as SVChost to read data attatched to a web page that runs a virus capable of accessing all files on the PC, not just the ones belonging to the current user.

      That little 'improvement' to my system cost £60 to have fixed as well as 3 days downtime.

      Thank gawd for the linux partion I could use to scrape all my non-infected files off the doomed windows partion.

  23. Paul Taylor 1

    Missed the boat ?.

    MS a bit slow off the mark as usual.....

    AVG Rescue CD has been around for years. Its free and it works in my experiance.

  24. Ian Ringrose

    I have often in the past be asked to sort out friends and family PCs when they don’t have the OS disks – people just can’t see to understand that the “un-interesting” disks that come with a PC are of value!

    They also often believe that there life depends on some fee game that they have downloaded from the internet, but don’t know where it come from – very likely some of these got them into the problem in the first place.

    So a reinstall is often not an option!

    I am starting to like closed systems (e.g. the IPad) a lot more!

    1. graeme leggett

      And these days...

      Where are the install disks?

      Either its on a partition on the already defunct computer or the user was supposed to make a DVD after setting it up for the first time.

      Most people, ie the ones that need the help in the first place:

      don't make regular backups of their data

      don't know where their software install disks if they ever had any

      don't know where their licence keys are (probably in an email on their computer)

      can't actually remember all the programs they had installed.

      have lots of websites with "remember me" ticked and haven't written down their logons (though they probably all use the same password)

      have a desktop setup that is like an old friend to them.

      In which case getting the ailing PC back into operation sufficiently that these things can be located and backed up before doing a reinstall is worth an attempt if the user/customer is happy with the time it will take.

  25. Grease Monkey Silver badge

    What puzzles me about most of the discussion above is that most people don't seem to have noticed that MS are far from the first company to launch such a tool.

  26. Robert Jenkins

    Microsoft years behind as usual.

    As others have said, there are already some very good, free tools for cleaning badly infected machines offline.

    My favorite is the DrWeb live CD - that's assisted in repairing several machines people have brought me that would otherwise have needed a re-format.

    I wonder if the Microsoft one will actually disinfect executable files, or just delete them & finish wrecking the OS itself, as so many typical antivirus programs do...

    (Another reason to like the DrWeb one).

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021