If a Windows system is badly infected with malware, running an antivirus from inside Windows often won’t help. You can more easily find and purge malware by scanning from outside Windows.
Malware can hide itself on an infected system, avoiding detection. Other malware may attempt to battle the antivirus software, preventing it from properly installing or scanning. This is why it’s important to catch malware before it infects you.
Boot Into Safe Mode
Safe Mode isn’t completely outside of Windows, so it may not help you if a malware has deeply infected your system files. In Safe Mode, Windows won’t load third-party startup programs or hardware drivers. If malware is running when you boot into Windows normally, it shouldn’t automatically run when you boot into Safe Mode.
From this minimal environment, you can install an antivirus program, scan for malware, and remove it. If you already have an antivirus program installed and it’s failing to remove malware — or the malware is returning after it’s removed — you may have to boot into Safe Mode to remove the malware properly.
To enter Safe Mode on Windows 7 or earlier, restart your computer and repeatedly tap F8 at the start of the boot-up process. Select Safe Mode or Safe Mode with Networking in the menu that appears. Normal Safe Mode offers no Internet access so you’ll have to install an antivirus from a USB drive or other removable media, while Safe Mode with Networking offers Internet access so you can download and update an antivirus from within Safe Mode. Log into your computer, download and install the antivirus software, and run it.
On Windows 8 or later, press Windows Key + I to open the Settings charm pane. Press and hold the Shift key as you click the Restart option under the power button. Your computer will restart into a special boot options menu. Click Troubleshoot > Advanced Options > Startup Settings > Restart. On the Startup Settings screen, press F4 or 4 to enter Safe Mode or press F5 or 5 to enter Safe Mode with Networking.
Restart your computer when you’re done to leave Safe Mode.
Use an Antivirus Boot Disc
Antivirus companies often create boot discs you can use to scan and repair your computer. These tools can be burned to a CD or DVD or installed onto a USB drive. You can then restart your computer and boot from the removable media. A special antivirus environment will load where your computer can be scanned and repaired.
This is all happening outside of Windows — some of these discs are even based on Linux — so the malware won’t be running while this happens. This allows the antivirus to detect rootkits and other normally hidden types of malware, as well as remove malware that would normally try to defend itself.
Scan With a Linux Live CD
You can also scan your Windows PC from a Linux live CD or USB drive. For example, if you have a Ubuntu Linux installer disc or USB drive lying around, you can restart your computer with the bootable media inserted and boot into Ubuntu. Click the Try Ubuntu link and you’ll get a full Linux desktop environment you can use.
From here, you can install antivirus software like the open-source ClamAV and its graphical interface ClamTk, or install the Linux version of a commercial antivirus like AVG for Linux or BitDefender for Unices. You can then scan your Windows drive for malware and clean it up from inside Linux. This option is a bit less convenient and will require some knowledge of Linux or Googling if you’re not familiar with using Linux as a troubleshooting toolkit, so most people will prefer a dedicated antivirus boot disc instead.
Remove the Hard Drive and Connect it to Another PC
If you’re dealing with a desktop PC or another computer that allows you to easily remove the hard drive, you don’t have to leave it inside your computer. Open the computer, remove the drive, and connect it to another PC. You’ll then have access to all the files on the hard drive — assuming it wasn’t encrypted, of course.
Whatever the operating system on your other computer — Windows, Linux, or even Mac OS X — you can install antivirus software and use it to scan the secondary drive for malware. This malware can be found and removed from the other operating system, so the malware won’t be running and can’t fight back as you remove it.
All these methods allow you to gain the upper hand over malware running on your PC. Rather than fighting the malware on its own terms, this method allows you to freeze everything happening on your main operating system and carefully clean it up from the outside.
Of course, if your computer does become infected with malware, there’s no way to be completely sure the all malware is gone. For this reason, it’s often a good idea to reinstall Windows — or use the Refresh or Reset features on Windows 8 — after a computer becomes badly infected. You’ll get a clean system with no malware so you’ll know for sure your computer is safe. You also won’t have to waste any time attempting to find and remove malware. If you have backups of your important files, this process often won’t take too long.