Windows Defender Offline

Topic

New Reply

Awhile back I had a virus infection on my desktop which deleted a whole bunch of dll files on Windows 7, (my OS). I tried to go to my wife’s laptop and download and install WDO to see if it would fix the problem. I had problems creating a WDO bootable on my flash drive… anyway, long story short, I wound up taking my computer to a local shop where they proclaimed the best solution was to reload Windows (they saved all of my important data, so I was just out the money to pay them and a bunch of time to rebuild the computer and put back all of my preferences, etc…

The reason for this thread is this: I have now created a WDO flash drive for the next emergency (hopefully it won’t happen, but good to be prepared).

Should I run WDO on my computer to see what it will pick up, if anything? Is there any particular reason that I SHOULDN’T run it unless a problem is known or suspected? – – in other words, is there any likelihood that running WDO would have any kind of negative effect?

Another question: I tried to run WDO the other day, or at least see if I could, and something about my computer does not allow the WDO flash drive to boot ahead of Windows. I have tried to press F2, F8, F10 buttons while restarting, but none of them interrupts the Windows start up.
Can anyone tell me how to (if necessary) reconfigure my computer to, when restarted with the WDO flash drive inserted, it will boot?

I have a HP Compaq Presario desktop running Windows 7 (64 bit). I am currently running Malwarebytes Pro as an antivirus program.

Thanks for any help

Reply | Quote

Replies

You need to get into the BIOS to edit the boot order. Try the “Del” key, or F12 during boot. Once you get into the BIOS, set your boot order so that the hard drive is second or third (mine is set to boot CD/DVD first, USB second, and hard drive third.

I have WDO on a CD. It will go online automatically to update the virus definitions, and load them into a RAM drive, then run a Scan.

And no, you won’t cause any harm by running it whenever you feel like it.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

Terry,

No reason at all not to run it you never know! I don’t know about HP computers but on all my Dell computers I have to tap the F12 key when booting to get the advanced boot menu. This menu lets me choose what device to boot from, i.e. Hard drive, CD/DVD, or USB drive. Check your documentation for the appropriate key. HTH :cheers:

PS. Please note it’s a good idea to update the WDO disk/usb key every 2 weeks as you want new definitions if you ever need it. Also you have to create it on a computer of the same Bitness as your computer. If you try to run the 64 bit version on a 32 bit computer it won’t fly.

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

PS. Please note it’s a good idea to update the WDO disk/usb key every 2 weeks as you want new definitions if you ever need it. Also you have to create it on a computer of the same Bitness as your computer. If you try to run the 64 bit version on a 32 bit computer it won’t fly.

I run mine from a CD and it goes online to download the latest definitions before it starts a scan. It sets up a RAM drive and runs from there.

(Of course, if you’re machine is not connected, that wouldn’t work.)

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

The reason that I decided to set up WDO on a flash drive vs a CD is that the flash drive can update the definitions, the CD, being non-rewritable, cannot.

I am a little hesitant to tinker with my BIOS and alter its settings… would prefer to figure out a way to make my flash drive boot ahead of Windows. I have tried all of the function keys, and tried repeatedly pressing DEL as well. I have been able to interrupt the Window startup by pressing DEL repeatedly, but I do not get a DOS screen, the monitor stays black.

I’ll continue to try to figure it out… as they say, Google is your friend…

Reply | Quote

The reason that I decided to set up WDO on a flash drive vs a CD is that the flash drive can update the definitions, the CD, being non-rewritable, cannot.

Terry, you’re not reading my post. Even though WDO boots from a CD, Windows Defender Offline will go online to get the latest definitions. When you boot from the CD, WDO sets up a RAM drive, connects directly to Microsoft, downloads the latest definition file, and then presents the Scan dialog box. You can choose what type of scan you want to do, and it will be done using the latest definitions.

The definitions don’t get written to the CD, they get written to the RAM drive, and run from there. It runs from a RAM drive as an extra precaution to protect your system – Windows is not active while WDO runs from the RAM drive.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

You are right, I was skimming over that fact. But wouldn’t I be encountering the same problem making a CD with WDO on it boot as I am running into with the flash drive?

My BIOS is not preventing the launch of WDO, since I can put a movie DVD in my drive and the movie launches.

I would have thought that when I successfully created my WDO media, that it would have launched automatically, instead of having to interrupt Windows loading.

Reply | Quote

My BIOS is not preventing the launch of WDO, since I can put a movie DVD in my drive and the movie launches.

I would have thought that when I successfully created my WDO media, that it would have launched automatically, instead of having to interrupt Windows loading.

Terry, your BIOS is preventing the launch of WDO, as it doesn’t have USB ahead of the hard drive in the boot order. The movie plays from the DVD because Windows is playing it; you’re not booting into a movie.

The “Offline” part of the name, Windows Defender Offline, means that Windows is offline, not necessarily that the computer is offline. In other words, you are not booted into Windows, Windows is dead, and any nasties that might otherwise be able to hide from AV/AM are also dead, and their tricks don’t work.

The only way you can run WDO is to boot the WDO media. It won’t run with Windows running. You have to reboot with the WDO media in the correct position in the BIOS boot order in order for WDO to do its thing.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

Bruce,

I like to update the USB because when I get to the point of using WDO I usually disconnect the pc from the internet as a precaution. YMMV :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

Hi Bruce,

When booting WDO, Windows is dead. WDO builds a RAM drive system, and that is the only thing running. The only way that the hard drive(s) can be accessed is through the WDO RAM drive. WDO makes only a secure connection to the Microsoft server (ftp, most likely) for the definition update, and then closes that connection, and presents the Scan GUI.

I’ve run it twice; first just to make sure it would work if I needed it, and then again to watch what it was doing closely, as the first run caught me by surprise at the sophistication. All in all, it’s a pretty nifty piece of software.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

Bruce,

Thanks, I didn’t know about the inner workings of WDO only that it worked pretty well until I came up against the FBI virus on my cousins machine. It said it had killed it but must have missed something because it came right back. Only failure I’ve had with it. :cheers:

BTW: MS Updates the WDO engine and you have to refresh your media to get those updates to the best of my knowledge. I remember when I used to run it from a CD-R disk and it would complain about not being able to update so I switched to the USB version and darned, if I remember correctly, I got that same message another time after that…and yes I was connected to the internet when those happened just routing usage not any infections known. :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

Bruce,

Thanks, I didn’t know about the inner workings of WDO only that it worked pretty well until I came up against the FBI virus on my cousins machine. It said it had killed it but must have missed something because it came right back. Only failure I’ve had with it. :cheers:

BTW: MS Updates the WDO engine and you have to refresh your media to get those updates to the best of my knowledge. I remember when I used to run it from a CD-R disk and it would complain about not being able to update so I switched to the USB version and darned, if I remember correctly, I got that same message another time after that…and yes I was connected to the internet when those happened just routing usage not any infections known. :cheers:

Two things: The flashdrive will not be updated with new definitions as it cannot be written to at that point. It is best to recreate the bootable flashdrive or CD on a non-infected machine just before running it on an infected machine. When it is recreated the definitions will be updated and you don’t need to be online. The other thing (FBI virus), I booted from WDO and made a note of the files it said were part of the FBI virus. I then booted with UBUNTU live. Once there I went to the files identified earlier. I discovered them all in a nice little folder on the hardrive. I deleted the folder – bingo – virus gone. Actually since I had never done this before I just renamed the folder first and rebooted with Windows to see if that worked. It did, so then I deleted the FBI folder.

Reply | Quote

If you do not have the manual for your computer, just log in to the manufacturers web site and download it, or E-mail their support and ask how to get to the bios screen.

Reply | Quote

I have a HP Compaq Presario desktop running Windows 7 (64 bit). I am currently running Malwarebytes Pro as an antivirus program.

A quick Google suggests the BIOS can be invoked with F1 or F10 or perhaps CTRL-Alt_Esc – it all depends on the model. Let us know which Presario it is. Info at http://h10025.www1.hp.com/ewfrf/wc/document?cc=uk&lc=en&dlc=en&docname=bph07110#N244 suggests it might be F10, but hit repeatedly.

Reply | Quote

My Presario is CQ5210F PC.

I have tried all of the function keys with no success at getting a popup box that will allow me to resequence the BIOS.

BTW, is there an option to backup the BIOS before making any changes?

Reply | Quote

A Google search on “Presario CQ5210F” finds http://h10025.www1.hp.com/ewfrf/wc/document?cc=uk&lc=en&dlc=en&docname=c01859813 as the second hit, and following the Motherboard M2N68-LA link I find under ‘clearing the BIOS settings’ an item called ‘Clearing the BIOS password’, where it says to hold down the F10 key while booting, to get into the BIOS setup. That doesn’t seem to match anything else I read before I found it!

Hope that helps!

I don’t know of any way to back up the settings (unless the setup screen itself reveals one), but wouldn’t worry – if all else fails, resetting it to the initial defaults (clearing the CMOS memory – see further up the page on the last link above) should allow the fundamentals to work. You can’t really do any damage changing the boot priority, and noting down all the settings would be a chore. There is probably an HP instruction guide on BIOS settings on the web somewhere.

I just noticed that the link in my first reply contains some info, and sems to be fairly recent – you will have to establish your BIOS version (=7)

Reply | Quote

I have a Compaq Presario CQ60, and I have to keep tapping the F8 key as it starts up, before it goes into Windows, in order to access the Boot Menu Options, in order to change the Boot Sequence to USB Flash.
Hope this helps.

ied all of the function keys with no success at getting a popup box that will allow me to resequence the BIOS.

BTW, is there an option to backup the BIOS before making any changes?[/QUOTE]

Reply | Quote

I have a Compaq Presario CQ60, and I have to keep tapping the F8 key as it starts up, before it goes into Windows, in order to access the Boot Menu Options, in order to change the Boot Sequence to USB Flash.
Hope this helps.

Do you have to hold down the [fn] key (between the alt and ctrl keys) while hitting the F8 key? Or just hit the F8 key?

Reply | Quote

Evidently it’s either disbelief, or I’m just not getting my point across. They say a picture is worth a thousand words, so here’s a few thousand…

33902-100_0279

33903-100_0280

33904-100_0281

33905-100_0282

33906-100_0283

33907-100_0284

33908-100_0285

33909-100_0286

33910-100_0287

Please look at the images closely. Click on the image to enlarge it. Windows Defender Offline (meaning Windows is offline) can go online to get the latest definitions. A CD is just fine for WDO. All one needs to do is click the Update button.

I burned this CD 2/23/13.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

… and yet:

I’ve used Windows Defender Offline before, can I re-use the CD or DVD that I created?

If you created a CD or DVD you shouldn’t reuse it; it contains definitions to help it detect malware.

Definitions are updated frequently so the definition files on the CD or DVD will be out of date.

If you created a USB flash drive, you can reuse it. Windows Defender Offline will update the definitions when you rerun the wizard

Windows Defender Offline: frequently asked questions

Did they update the program but not the instructions?

Bruce

Reply | Quote

You do not change the BIOS. You only tell it which device to boot from. When you restart the computer, as soon as the screen goes blank start tapping the F12 key. The start up process only gives you a second or two to jump in and change the order for booting(this time only, you are not changing anything permanently).
I routinely run the WDO from a USB flash drive. The USB Flash drive must be blank, the install process formats the USB flash drive, I guess to make sure there is no malware on the USB flash drive. Weekly I run a Norton Anti-virus full scan and a Windows Malicious Software Removal Tool( I download it from Microsoft monthly instead of having it run with the Tuesday updates so I can run it whenever I want). Then the Windows Defender Offline from the USB flash drive. WDO has twice found infections the other scans missed. Both times I re-installed from the last Windows 7 Image backup I had made. Then ran the scans again, with a clean machine.

Reply | Quote

You do not change the BIOS. You only tell it which device to boot from. When you restart the computer, as soon as the screen goes blank start tapping the F12 key. The start up process only gives you a second or two to jump in and change the order for booting(this time only, you are not changing anything permanently).
I routinely run the WDO from a USB flash drive. The USB Flash drive must be blank, the install process formats the USB flash drive, I guess to make sure there is no malware on the USB flash drive. Weekly I run a Norton Anti-virus full scan and a Windows Malicious Software Removal Tool( I download it from Microsoft monthly instead of having it run with the Tuesday updates so I can run it whenever I want). Then the Windows Defender Offline from the USB flash drive. WDO has twice found infections the other scans missed. Both times I re-installed from the last Windows 7 Image backup I had made. Then ran the scans again, with a clean machine.

Sounds like you have a well thought protection strategy in place :).

Reply | Quote

… and yet:

I’ve used Windows Defender Offline before, can I re-use the CD or DVD that I created?

If you created a CD or DVD you shouldn’t reuse it; it contains definitions to help it detect malware.

Definitions are updated frequently so the definition files on the CD or DVD will be out of date.

If you created a USB flash drive, you can reuse it. Windows Defender Offline will update the definitions when you rerun the wizard

Windows Defender Offline: frequently asked questions

Did they update the program but not the instructions?

Bruce

I don’t have any idea what “they” did. What I do know is shown quite clearly in the photos I posted. I booted from a WDO CD I burned in February. Once Windows Defender Offline booted completely, I clicked the Update button, WDO downloaded the latest definitions (the date is plainly visible in the photo taken after the download was complete), and then I started a Quick Scan using the latest definitions.

There is no need to completely redo WDO every time one desires to run it. Just boot the existing copy, click the big red update button, and scan. It can’t really get much simpler, can it?

Might I suggest give it a try, and see for yourself?

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

Do I need to post a video???

I don’t have any idea what “they” did.

Might I suggest give it a try, and see for yourself?

I didn’t say I didn’t believe you. Only that Microsoft’s instructions read differently. (The they was them.)

Bruce

Reply | Quote

Sorry wrong info! I just tried it again. Have to keep tapping F10 key. Do NOT have to press Fn key. Tap F10 when screen goes black -before Windows starts. Go to: System Configuration / Boot Options / Boot Order. Hit Enter. Follow instructions on right. Use F5 and F6 keys to move usb option down or up. On mine I can also do the same thing tapping the F9 key – and then select “Enter Setup” under Boot Menu -and continue as in using F10 key above.

Reply | Quote

Thanks for the advice, Lee. I tried your suggestions, no luck…
I have tried all of the suggested keys to try to invoke the setup screen or system config screen, nothing seems to work. Some keys, (F9, F10, F1 & F2) if i repeatedly tap them, will keep Windows from loading, but I don’t get the desired boot config screen, the screen just stays black, and Windows does not load. I eventually have manually power down.
I have not tried ALL F keys yet (F5, F6 & F7). I have tried CTRL-ALT-DEL, DEL & ESC keys too.

Getting late, I’ll try it again tomorrow. There’s GOT to be a way to do this!

Reply | Quote

Thanks for the advice, Lee. I tried your suggestions, no luck…
I have tried all of the suggested keys to try to invoke the setup screen or system config screen, nothing seems to work. Some keys, (F9, F10, F1 & F2) if i repeatedly tap them, will keep Windows from loading, but I don’t get the desired boot config screen, the screen just stays black, and Windows does not load. I eventually have manually power down.
I have not tried ALL F keys yet (F5, F6 & F7). I have tried CTRL-ALT-DEL, DEL & ESC keys too.

Getting late, I’ll try it again tomorrow. There’s GOT to be a way to do this!

Ddid your computer come with a manual? How to get to the BIOS should be described in the manual.

Reply | Quote

Did your computer come with a manual? How to get to the BIOS should be described in the manual.

No, all I had was one of those fold-out instruction sheets… I probably had an onboard user guide originally, but the reformat and reloading the OS that I mentioned in my OP eliminated that…

I will look online for a pdf user’s guide, but from everything that I have seen so far, F10 seems to be the key that I should be able to use to invoke the boot window…

Reply | Quote

From eHow:

Instructions

1 Restart your HP computer if it is on. If it is off, simply turn it on.
2 Wait for the HP logo to appear during the start-up sequence right after your computer turns on.
3 Press the “F10” button as soon as you see the HP logo or while the screen is blank.
4 Change the desired settings in your BIOS menu and exit it to gain access to your normal computing functions.

The problem is, that since my re-format, the step#2 does not happen. When I turn off my computer and restart it, the monitor screen stays black until Windows’ startup blue screen appears. If I start tapping F10 immediately after powering back up, I can interrupt the Windows startup process, but the desired BIOS boot window does not appear – the screen stays black. I eventually have to power down and restart.

Is there a way to invoke the BIOS popup after Windows has started? Or would that do any good?

Reply | Quote

The problem is, that since my re-format, the step#2 does not happen. When I turn off my computer and restart it, the monitor screen stays black until Windows’ startup blue screen appears. If I start tapping F10 immediately after powering back up, I can interrupt the Windows startup process, but the desired BIOS boot window does not appear – the screen stays black. I eventually have to power down and restart.

On an older PC (non-UEFI), I don’t think you’ll ever see a computer manufacturer’s logo before startup of Windows 8.

Is there a way to invoke the BIOS popup after Windows has started? Or would that do any good?

Only with UEFI, but that would also provide booting to CD/DVD/USB from within Windows 8 too.

Bruce

Reply | Quote

You dont get the black “Compaq” start screen? Thats strange.
I dont know of any way to change the BIOS options after Windows has started. Maybe you need to re-install your OS – Win 7 or Win 8?
Check out this page: https://www.google.com/search?q=cant+access+compaq+presario+boot+options&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a#client=firefox-a&hs=keD&rls=org.mozilla:en-US%3Aofficial&sclient=psy-ab&q=cant+access+compaq+presario+bios+settings&oq=cant+access+compaq+presario+bios+settings&gs_l=serp.3…11159.15952.0.16917.13.13.0.0.0.0.204.2240.0j12j1.13.0…0.0…1c.1.12.psy-ab._N6Z81DCl9g&pbx=1&bav=on.2,or.r_cp.r_qf.&bvm=bv.46340616,d.dmQ&fp=72fcaa29cf00ce73&biw=1121&bih=436

I dunno which one applies to you.
good luck.

Reply | Quote

Assuming this is a desktop, open it up and replace the CMOS battery:
http://compaqtvcables.danielcadams.com/how-to-replace-a-compaq-presario-cmos-battery/

Jerry

Reply | Quote

Assuming this is a desktop, open it up and replace the CMOS battery:
http://compaqtvcables.danielcadams.com/how-to-replace-a-compaq-presario-cmos-battery/

Jerry

Jerry – from your link above:

The CMOS battery in your Compaq Presario computer helps your PC keep the correct date and time. If the battery fails, you may experience problems with your computer because many features rely on the system keeping time. When the battery is low, you should see an error message when you start your computer.

I have not been seeing any such error message, and my system clock (in the lower R/H corner) is keeping time. Are you saying that you think my problems might be related to a depleted CMOS battery?

Reply | Quote

I use WDO occasionally and bbearen’s description is how I do it, but a wired internet connection seems to be essential – I can’t update if the PC is using a wireless adapter.
The confusion arising from Microsofts web page appears to be because they are talking about the wizard that creates the CD or Flash drive, and updating the definitions at point of creation, in which case, if there isn’t an internet connection available then the virus info will rapidly become outdated.
They could have explained it better, but that’s MS!

Reply | Quote

When the battery gets low you might see flaky results from the BIOS even though you don’t see a low battery message. Since you don’t see the initial BIOS display and it doesn’t respond to F10 as it should, I think its worth a shot replacing the battery. They’re cheap. Pulling the battery for 30 seconds or so will also reset the BIOS which might help as well.

Jerry

Reply | Quote

When the battery gets low you might see flaky results from the BIOS even though you don’t see a low battery message. Since you don’t see the initial BIOS display and it doesn’t respond to F10 as it should, I think its worth a shot replacing the battery. They’re cheap. Pulling the battery for 30 seconds or so will also reset the BIOS which might help as well.

Jerry

Thanks, Jerry. I’ll give that a try!

Reply | Quote