How to scan for viruses in DOS
Step 1 - Download and Extract the current SuperDAT Files
- Click on the following link or type the URL into an Internet browser address bar:
http://www.mcafee.com/apps/downloads/security_updates/superdat.asp?region=us&segment=enterprise - Click the I Agree button (if needed) to verify you have a current support agreement with McAfee.
- English users, please click the link named sdatxxxx.exe (where 'xxxx' replaces the current SDAT version number) and save the file to your C:\ Drive.
- All others please select the appropriate localized language from the drop-down list, click the link named sdatxxxx.exe (where 'xxxx' replaces the current SDAT version number) and save it to your C:\ Drive.
- From the Taskbar, select Start and then Run.
- In the Open field, type command and click OK. A DOS command window will open.
- Type CD\ and press Enter. You should now be at a C:\ prompt.
- Type SDATXXXX.EXE /E C:\SDAT and press Enter. (Note: The 'x's should be replaced with the appropriate numbers of the file that was downloaded above.) This will create an SDAT folder on the C:\ drive, and extract the SDAT files to this folder.
Note: Windows XP Users with Service Pack 2 installed will be presented with a security warning when attempting to extract the file. Please click Run to continue the extraction process.
- Once the C:\ prompt is displayed again, please type exit and press Enter.
Step 2 - Disable Windows System Restore
Windows XP utilize a restore utility that backs up and protects selected files automatically to the C:\_Restore folder. This means that an infected file could be stored there as a backup and VirusScan would be unable to delete these files. The System Restore utility must be disabled to remove any infected files from the C:\_Restore folder.
Windows XP
- Right-click the My Computer icon on the Desktop and click Properties.
- Click on the System Restore tab.
- Put a check mark in the box next to Turn off System Restore.
- Click the OK button.
- You may be prompted to restart the computer. Click Yes to restart.
Note: To re-enable the System Restore utility, repeat the steps above and in step 3 remove the check mark from the box next to Turn off System Restore.
Step 3 - Boot the Computer to DOS
- If the computer is on: From the Taskbar, click Start, then Shutdown and choose Restart.
- If the computer is off, turn the computer on.
- When the opening splash screen appears, begin tapping the F8 key every second.
Note: On some computers, if you press F8 too soon you will get a keyboard error. If this happens, press the F1 key to continue. - The Windows 2000 (or XP) Advanced Options Menu will appear. Use the arrow keys to choose Safe Mode with Command Prompt.
- Login to your computer (if necessary).
- When the computer is finished booting, the c:\> prompt will appear on the screen.
Note: If there is anything typed after c:\>, type cd\ and press Enter. - Continue with the scan instructions below.
Step 4 - Scan the Computer
- At the c:\> prompt, type cd sdat and press Enter.
-
Type scan.exe /adl /clean /all /sub /program /unzip /analyze /rptall /report report.txt and press Enter.
This will perform a virus scan, which will clean and delete any viruses you may have on your computer.
Explanation of DOS scan switches:
- /all - Scans all files
- /adl - Scans all local drives
- /sub - Scans within subdirectories
- /program - Enables Potentially Unwanted Program scanning
- /unzip - Enables archive scanning
- /analyze - Enables heuristics
- /clean - Sets the automatic action for the scanner to Clean anything detected
- /rptall - Enables verbose logging
- /report=C:\scan.txt - Saves the verbose logging as a text file in the root of C: called scan.txt
Multiple Infections
After the scan has run, a summary report of the scan will be created in the sdat folder on the C:\ drive. If this summary reports that your computer had multiple infections, it is recommended that you run the scan again to make sure the computer has been completely cleaned.
To determine if an additional scan is needed, please complete the following steps:
Step 5 - Review the Scan Report
- Restart the computer into Normal Mode.
- Double-click the My Computer icon.
- Double-click the C:\ drive.
- Double click the sdat folder.
- Locate the file named report.txt and double-click to open.
- The report contains several lines that look similar to this:
If the top line named Possibly Infected has a number greater that 5, it is recommended that you run the scan in DOS again. - If you need to run the scan again, repeat the above instructions for Boot the Computer to DOS and Scan the Computer.
No comments:
Post a Comment