This guide starts of with a video, the additional written notes with the weblinks which compliment the video are given below…
Video
The video below is displayed in two formats, natively on WordPress and also on YouTube. Ensure to select HD to the top right or watch on YouTube with the maximum video quality for best results:
Player 1: YouTube
Player 2: WordPress
Download Links
The Windows Defender Offline utility can be downloaded here:
http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
It is recommended to download and prepare Windows Defender Media on an non-compromised system.
Select the version 32/64 Bit depending on your Windows version. Scroll down to the download links and select the 32 Bit or 64 Bit version depending on the OS you wish to diagnose:
Save the msstoolxx.exe
Creating a Bootable USB
Insert a 2 GB or superior USB flash drive.
Ensure nothing is important on the USB flash drive as it will be formatted.
Double click the downloaded Windows Offline Defender bootable media creation utility:
Select next:
Select on a USB flash drive:
The tool will warn you about formatting the USB flash drive. In my case it will use F:
The tool will then begin to initialise:
It will then download the latest security definitions:
After the download the files will be processed (extracted):
The utility will then format the USB flash drive:
Then copy Windows Defender Offline and prepare the bootable USB flash drive:
It will inform you when its complete:
The USB flash drive can be examined in computer:
The USB is designed to be bootable and has to be ran by booting via BIOS and not by launching the .exe within Windows. The .exe on the drive is the latest definition. In this case mpam-fx64:
Booting from the USB
To run the F12 Pre-Boot diagnostics, power down your computer. Wait 10 seconds, power it back up and press F12 at the Dell BIOs screen (pictured).
Select boot from USB.
Press any key when prompted such as “h” when it says Press any Key to boot from USB.
You will get a black screen that says “Windows is Starting Files” then one that says “Windows is Loading Files.” These should disappear pretty quickly. Next one that says Starting Windows.
Windows Defender Offline will then begin to load:
Windows Defender Offline will then automatically begin a quick scan:
If anything malicious is detected you'll get a warning stating: "Preliminary scan results show that malicious or potentially unwanted software might exist on your system. You can review detected items when the scan has completed"
After the scan the "PC Status" green ribbon will become red and you'll be notified that Windows Defender Offline has found something; you can select show details or clean your PC directly.
After the scan you'll be given the options to clean your PC directly or to show details. I'll select show details:
You can then find out what the detected item is and you will be given more information if you select show details again:
You can remove the item from the recommended action and then select apply actions:
You'll be informed the action is successful and then you can click close:
Its then recommended to change the scan type to full; the quick scan only checks the critical Windows files and the common user files. The full scan will search everywhere:
If anything malicious is detected you'll get a warning stating: "Preliminary scan results show that malicious or potentially unwanted software might exist on your system. You can review detected items when the scan has completed"
After the "PC Status" green ribbon will become red and you'll be notified that Windows Defender Offline has found something; you can select show details or clean your PC directly.
After the scan you'll be given the options to clean your PC or to show details. I'll select show details:
You can then find out what the detected item is and you will be given more information if you select show details again:
This time the same infection is detected but in the AppData folder. Its common for malicious software to hide away in such hidden folders as a backup or as a temporary file.
You can remove the item from the recommended action and then select apply actions:
You'll be informed the action is successful and then you can click close:
I then recommend running another full scan just to be sure:
Once the Full Scan ends with no infections found, you may exit Windows Defender Offline.
Select yes and your computer will restart.
You should then load into Windows as normal. Its recommended you install or update your antivirus software to prevent reinfection.