Windows 7 - Windows Defender Offline

   Information

The former Microsoft Standalone System Sweeper (MSSS) BETA has been rebranded and available as Windows Defender Offline now. Windows Defender Offline is a free standalone, bootable malware and virus remover from Microsoft that performs an offline scan of an infected PC to remove viruses, rootkits and other advanced malware.

This tutorial will show you how to update and use the Windows Defender Offline Tool to create a 32-bit or 64-bit Windows Defender Offline bootable CD/DVD, USB flash drive, or ISO file on any computer to help you start an infected 32-bit or 64-bit PC and perform an offline scan at boot to help identify and remove rootkits and other malicious malware. In addition, Windows Defender Offline can be used if you cannot install or start an antivirus program on your computer, or if the installed AV program can’t detect or remove malware on your computer.

The log files for Windows Defender Offline are stored in a MPLog-MM/DD/YYYY-HH/MM/SS .txt file in the folder below on the computer that was scanned at boot.

C:\Windows\Windows Defender Offline\Support

For Windows Defender Offline FAQ's, see: Windows Defender Offline: frequently asked questions

   Note

Minimum System Requirements:

• Operating system:
  • Windows XP (Service Pack 3)
  • Windows Vista (RTM, Service Pack 1, or Service Pack 2, or higher)
  • Windows 7 (RTM, Service Pack 1, or higher)
• Required processor:
  • Windows XP: 500 MHz or higher: 1.0 GHz or higher
  • Windows Vista and Windows 7: 1.0 GHz or higher
• Required memory:
  • Windows XP: 768 MB RAM or higher
  • Windows Vista and Windows 7: 1 GB RAM or higher
• Required video card: 800 × 600 or higher
• Available hard disk space: 500 MB
• A connection to the internet to be able to update the malware definitions on a created Windows Defender Offline bootable USB flash drive.
• A blank CD, DVD, or a USB flash drive with at least 512 MB of free space. No more than 4GB recommended for the USB flash drive.

The following additional requirements apply only to the computer infected by a virus or malware:

• The computer infected with a virus or malware that is being scanned at boot must have the same Windows operating system architecture as the bootable Windows Defender Offline Beta, either 32-bit or 64-bit.
• Internet connection: Only required to update the latest malware definitions for a Windows Defender Offline bootable USB flash drive.
• In addition, BitLocker must be disabled to use Windows Defender Offline Beta.

   Tip

If you get a Error Code 0x8004cc04, Error Code 0x8004cc05, or Error Code 0x8050800c while using Windows Defender Offline, then please see the same suggested solutions here for MSSS.

1. If you have not already, you will need to download the same 32-bit or 64-bit version of Windows Defender Offline Tool at the download link below for the same 32-bit or 64-bit Windows that is installed on the computer that you will be scanning at boot, and save the exe file to your desktop.

2. Run the downloaded mssstool64.exe (64-bit) or mssstool32.exe (32-bit) file, and click on Next. (see screenshot below)

3. Click on the I accept button. (see screenshot below)
NOTE: You will only be prompted for this the first time that you run the Windows Defender Offline Tool.

4. Do step 5, 6, or 7 below for what type of bootable "Windows Defender Offline" CD/DVD, USB, or ISO that you would like to create to scan with. (see screenshot below)

5. To Create a"Windows Defender Offline" Bootable CD or DVD

A) Insert a blank unformatted CD or DVD into the CD/DVD drive.
NOTE: If a AutoPlay window opens afterwards, close it.

B) Select (dot) Use a blank CD or a DVD, and click on Next. (see screenshot below step 4)

C) If you have more than one DC/DVD drive, then select the CD/DVD drive with the blank CD/DVD in it, and click on Next. (see screenshot below)

D) When it's finished, click on Finish. (see screenshot below)
NOTE: Be sure to label the CD/DVD as being able to only be used on a 32-bit or 64-bit Windows computer at boot.

E) Go to step 8.

6. To Create a "Windows Defender Offline" Bootable USB Flash Drive

   Note

If you run the Windows Defender Offline Tool again on the same USB flash drive, and if the following conditions below are met, the tool will only download new updated malware definitions (approx. 69.48 MB) and update the USB drive without reformatting it.

• The USB flash drive has Windows Defender Offline previously installed on it.
• The Windows Defender Offline Tool version that was used to create the bootable USB flash drive the first run is the same as the one being used for the second run.
• Files on the USB flash drive are not damaged or missing (the tool will verify that).

A) Connect a USB flash drive that is not password protected to your computer.
WARNING: This USB drive will be formated during this process, so be sure to backup anything that you do not want to lose to another location first.

B) Select (dot) On a USB flash drive that is not password protected, and click on Next. (see screenshot below step 4)

C) If you have more than one USB drives connected, then select the one that you want to use, and click on Next. (see screenshot below)

D) When it's finished, click on Finish. (see screenshot below)

E) Go to step 8.

7. To Create a "Windows Defender Offline" Bootable ISO File

A) Select (dot) Create Standalone System Sweeper on an ISO File, and click on Next. (see screenshot below step 4)

B) Select (browse) where you would like to save the ISO file to, and click on Next. (see screenshots below)

C) When it's finished, click on Finish. (see screenshot below)

D) You can now use the ISO file to boot with in a virtual machine (ex: Windows Virtual PC), or use the free Windows 7 USB/DVD Download Tool to burn the ISO to a DVD or USB flash drive.

E) Continue on to step 8.

8. You will now be able to boot from the 32-bit or 64-bit CD/DVD, USB, or ISO that you created to run Windows Defender Offline on the same 32-bit or 64-bit computer as in the STEP TWO section below when you like.

1. Insert or connect the same 32-bit or 64-bit Windows Defender Offline bootable CD/DVD or USB flash drive to the same type of 32-bit or 64-bit Windows computer that you want to scan at boot.
NOTE: For example, you can only use a created 32-bit USB on a 32-bit computer at boot, and you can only use a created 64-bit USB on a 64-bit computer at boot.

2. In the BIOS or Boot Menu of the computer that you want to scan, be sure that you have it set to boot from the CD/DVD or USB flash drive created in the STEP ONE section above, and boot from it.
NOTE: Please consult your computer's or motherboard's manual for exact details on how to do this.

3. This is what you will see while it's booting from the CD/DVD or USB flash drive.

4. When Windows Defender Offline has booted, you will be able to update the definitions and select what type of scan you would like to run on the computer. A Full Scan is recommended, and could take several hours to complete.
NOTE: You will only be able to update the definitions at boot if you are using a bootable USB flash drive with a internet connection, and not with a bootable CD/DVD.

5. When finished, close Windows Defender Offline to restart the computer back into Windows.