best virus scanning/removal tool for use in PE

Hi

Just wanted  comments/opinions on best virus scanning/removal tool to use in PE

Used MBAM in past, but can't get it working in PE now, and never worked that well anyway

What do others use?

Well, on PE
I was (and still am) Dr. Web fan 
also I had found Kaspersky Virus RemovalTool very nice in the past, probably still it is.
And I know JonF like Sophos very much from his plugin,

but personally,
 I do not have troubles with Viruses (since I discovered ghost7)
  and do not need an AV clean task for a long while, not used above 3 for years now...
    natural " & nice" result of not being pc-tech , I am only responsible to maintain 3 pc , and use only 1 pc 

Just an additional info, nod32 is quite popular around here on running windows.... 

thanks Lancelot

Will look into scripts for some of these and give them a go

Unfortunately I am a pc-tech and look after 100's of customer PC's so spend more time than I like having to remove viruses

Trend Micro Sysclean is compatible with all PEs. It works without unnecessary GUI so doesn't require full windows but it require decent amount of RAM.

http://about-threats.trendmicro.com/us/archive/vulnerability.aspx?name=how%20to%20use%20sysclean%20package

Some malwares hide inside other files and only activates after booting Windows. That is the reason PE AV is missing some Viruses. After scanning from PE do a thorough scanning from infected OS to remove remaining hidden viruses and cleaning registry etc.

For removing Rootkits and fake AVs i recommend "Hitman Pro". http://www.surfright.nl/en



 

After scanning from PE do a through scanning from infected OS to remove remaining hidden viruses and cleaning registry etc.

I fully agree 

In addition, maybe safemode or without network connection on first OS boot  would help 

On PE part, after scanning on PE, changing infected OS settings to "Disable network" or getting "first boot with safemode" may help to avoid mistakes (currently I do not know, but one or both of them should be easly possible),

besides not critically necessary 

thanks for the reply - is there a script for win7pe for trend micro sysclean?

Yes I know the process to remove them, have been doing it as a business for years and years now - just really trying to get advice on what scripts etc others use within PE for this job - I tend to manually clean from registry etc within PE then boot in to safe mode and run malwarebytes which tends to remove most things

Also have used hitman pro recently which worked well too

Just follow the first link
https://www.google.com.tr/search?q=Trend+Micro+Sysclean&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=fflb

Himm, my memory says Trend Micro ended updates in very history, It seems They decide to continue updates after a loooong while....

I do not use or advice any AV plugin, since you will always need "The Latest" AV Removal tool ;),
1) the one on the cd will be useless and/or
2) plugin would lack download routine when company changes the routine....

Instead, Create Subfolders under \AntiVirus\  (on your ufd) ex: \AntiVirus\Trend Micro System Cleaner (SysClean)\
so you can update them when you need them.....

1 Exception is, JonF AV plugin(s), since he look after them carelfully, Sophos & HijackThis! plugins selfupdates and maintained by him carelfully... (avoiding 2nd and partially 1st) ,
 I can get TrendMicro plugin back alive following JonF way besides no need rush  , it is very easy to download/update/use TrendMicro 

Spybot v2 works fine in PE. Update at build time doesn't work, but I think update in PE works (given a network connection). I could publish my script as a work in progress...

There's also an Avira command-line scanner. I'll have to see how my plugin for that is working. Like all Avira products it has a one-year license.

Spybot v2 works fine in PE. Update at build time doesn't work, but I think update in PE works (given a network connection). I could publish my script as a work in progress...

There's also an Avira command-line scanner. I'll have to see how my plugin for that is working. Like all Avira products it has a one-year license.

Hi JonF - we have spoken in the past on the "other" forum - hope you are well

I would appreciate seeing the spybot script if possible

For removing Rootkits and fake AVs i recommend "Hitman Pro". http://www.surfright.nl/en

yes very impressed with hitman pro - especially the new kickstart tool - had one today with the usual ransonware with police logos etc - could not boot into normal mode/safe mode or safe mode with command prompt - so couldn't easily remove manually like I would normally - but booted with usb stick with hitman kickstart on and all sorted - use to always rely on malwarebytes but this would have been no use in this case

Yeah, I've seen a lot of versions of the FBI Warning screen ransomware. Most are trivial to remove, a few are really, really tough.

Here's the Spybot script, updated today

Yeah, I've seen a lot of versions of the FBI Warning screen ransomware. Most are trivial to remove, a few are really, really tough.

Here's the Spybot script, updated today

Thanks, will give it a try

I made some mini researchs on net, sum of current topic so far seems to me:

Bitdefender Rootkit Remover
DrWeb
HitManPro --> Rootkits and fake AVs
Kaspersky Virus Removal Tool
Malware Bytes --> To use after safeboot
Sophos --> JonF --> [Usable On PE]
Sophos2 --> JonF --> [Usable On PE]
Sophos Virus Removal Tool
Trend Micro System Cleaner (SysClean) --> [Usable On PE]
VirusTotal --> To check files via website or utility


Well, this is only list following your inputs,  [Usable On PE]  part is not full ;)
I am following your (pc-techs) further inputs 

*
Thanks for the plugin JonF,
 
just a reminder, when you comment out a line ending with Begin
also change Begin ;)
ex:

Code: [Select]

...... Begin

-->

Code: [Select]

//.....Begi-n

Avira scanner isn't working right now...

You are right JonF,

here is my trial:

Avira scanner alone:

Code: [Select]

ERROR: [A required library is missing] Initialization

ps: why not say download virus definations 

after adding virus definations (ivdf) it seems start working,
check post 2 here for ivdf link (links is working now)
http://forum.avira.com/wbb/index.php?page=Thread&threadID=127277

after adding ivdf files,

Code: [Select]

ERROR: [No license found] Initialization

!!!! Free scanner requiring license !!!! 
or maybe I am missing something 

Yup, free scanner requires hbdev.key, which you get with any Avira installation. This is documented in the readme.

I've downloaded and added the fusebundle.zip contents. Doesn't work for me. Dependency Walker thinks it wants msjava.dll.

Thanks for pointing JonF 
Shame on me 

After reading this line

The command line scanner will not work as a full version with the free classic license.

"Avira Command Line Scanner" is off my "free" list 


I had thought, av companies that provides free scanner tool,
 also decided to provide free scanners but $ for active protection,
  which looks good for sales.....
I was mistaken, and Avira is not one of them   

I guess Sophos is about it for command line scanners in PE.

Good for Sophos, Good for all 

Added "McAfee Stinger" to the list,

not tested yet, but I guess other than "Malware Bytes" ,
rest is [Usable On PE]

here is my current Free-AV-List

Bitdefender Rootkit Remover
DrWeb
HitManPro --> Rootkits and fake AVs
Kaspersky Virus Removal Tool
Malware Bytes --> To use after safeboot
McAfee Stinger
Sophos --> JonF --> [Usable On PE]
Sophos2 --> JonF --> [Usable On PE]
Sophos Virus Removal Tool
Trend Micro System Cleaner (SysClean) --> [Usable On PE]
VirusTotal --> To check files via website or utility

I have a few spyware and AV programs working that i use in my Antivir PEs.

AVZ
EzPcFix
HijackThis!
Mcafee Stinger
Malware Bytes
SpyBHORemover
Spybot - Search & Destroy
Avira Free Antivirus 2013
Eset SysRescue 6.0.306.0_1
Norton Bootable Recovery Tool
Viper