如果您认为自己感染了恶意软件(think you’ve been infected with malware),最好的办法是避免恐慌。在许多情况下,您可以使用 Windows 自己的Microsoft Defender工具或使用(Microsoft Defender)Avast等第三方防病毒软件扫描并删除感染来恢复您的 PC 并删除感染。
即使是顽固的恶意软件感染也可以使用这些工具删除,但您可能需要使用(stubborn malware infections)USB驱动器上的便携式软件运行启动级扫描,尤其是在Windows无法安全运行恶意软件的情况下。若要使用Microsoft Defender(Microsoft Defender)或第三方防病毒解决方案运行脱机病毒扫描,你需要执行以下步骤。
在 Windows 10 上使用 Microsoft Defender 运行脱机病毒扫描(Running an Offline Virus Scan Using Microsoft Defender on Windows 10)
如果Windows仍在运行并且恶意软件感染没有那么严重,您可以使用Microsoft Defender运行可启动的防病毒扫描,而无需使用便携式(和较旧的)Windows Defender 脱机(Defender Offline)工具。
但是,仅当Windows仍然能够运行并且与网络上的其他 PC 保持隔离时,才建议使用此选项。
例如,如果您打算使用此方法,请确保您的 PC 已与本地网络断开连接。这将防止任何恶意软件在您清除感染之前潜在地传播到其他 PC。在继续之前, 您可能希望以安全模式重新启动 Windows 。
- 首先,右键单击“开始(Start)”菜单并选择“设置”(Settings)。
- 在窗口设置(Window Settings )菜单中,选择更新和安全(Update & Security )> Windows 安全(Windows Security )>病毒和威胁防护(Virus & threat protection)。
- 在病毒和威胁防护(Virus & threat protection )菜单中,选择扫描选项(Scan options)。
- 从提供的列表中选择Microsoft Defender 脱机扫描(Microsoft Defender Offline scan),然后选择立即扫描(Scan now)以安排扫描。
- Windows 将确认您的 PC 需要重新启动。此时关闭(Close)所有未保存的应用程序,然后选择扫描(Scan )以重新启动您的 PC 并使用Microsoft Defender开始可启动的防病毒扫描。
- 片刻之后,Windows将重新启动并启动到Microsoft Defender启动扫描菜单。Microsoft Defender将自动开始扫描您的 PC 以查找恶意软件 - 允许此过程全面扫描您的 PC。如果它检测到任何恶意软件,请按照屏幕上的任何其他说明确认您希望如何修复、删除或隔离任何受感染的文件。
脱机病毒扫描完成后,您的 PC 将重新启动进入Windows。根据您的上述操作,任何恶意软件都将被删除或隔离。(Any)此时,恶意软件感染应该得到解决,但您可能需要执行其他步骤来修复或恢复您的 Windows 安装(repair or restore your Windows installation)(取决于损坏情况)。
使用旧版 Windows Defender 脱机工具扫描恶意软件(旧版 Windows)(Using the Older Windows Defender Offline Tool to Scan for Malware (Older Versions of Windows))
虽然Windows 10允许您使用(Windows 10)Microsoft Defender执行脱机病毒扫描,而无需任何其他工具或硬件,但您也可以在便携式USB驱动器或DVD上使用旧版(DVD)Windows Defender 脱机工具在(Windows Defender Offline)Windows无法执行启动级别扫描时执行(或不应该)启动。
虽然此便携式版本的Defender最初是为Windows 7和 8.1 制作的,但它仍可用于扫描某些(some) Windows 10 PC 上的恶意软件,具体取决于版本。但是,该工具本身已经过时(尽管病毒定义是最新的)并且无法与较新版本的Windows一起使用。
出于这个原因,该工具只能在运行旧版Windows 10(或旧版Windows)的旧 PC 上使用。如果它不起作用,您可能需要使用第三方防病毒软件作为替代方案,或者使用上述步骤在安全模式下安排(Safe Mode)Microsoft Defender 脱机(Microsoft Defender Offline)扫描。
创建 Windows Defender 脱机工具 USB 或 DVD 媒体(Creating the Windows Defender Offline Tool USB or DVD Media)
- 如果您想尝试此方法,您需要从未受感染的Windows PC上从Microsoft网站(Microsoft)下载 64 位版本的 Windows Defender Offline 。(download the 64-bit version of Windows Defender Offline)下载文件后,运行该工具并选择Next。
- 在下一阶段,通过选择我接受(I accept )按钮确认您接受许可协议。
- 您需要选择要安装Windows Defender Offline的位置。选择适当的选项(例如在不受密码保护的 USB 闪存驱动器上(On a USB flash drive that is not password protected)),然后选择下一步(Next)进行确认。
- 如果您使用USB闪存驱动器方法并且连接了多个USB设备,请使用下拉菜单根据分配的驱动器号选择要使用的设备,然后选择“下一步”(Next)选项。
- 该工具将格式化并重新刷新您选择的USB驱动器。(USB)确保首先备份之前保存到设备的所有文件,然后选择下一步(Next)继续。
- Windows Defender 脱机(Windows Defender Offline)创建工具将下载必要的文件以刷新您的USB驱动器或DVD(包括最新的病毒定义)。该过程完成后,您需要重新启动 PC。
使用 Windows Defender 脱机 USB 或 DVD 媒体扫描您的 PC(Scanning Your PC Using the Windows Defender Offline USB or DVD Media)
- 重新启动 PC 时,您需要将BIOS或UEFI引导加载程序配置为首先从USB驱动器启动,而不是从Windows系统驱动器启动。您通常需要选择一个键盘键,例如F1、F12或DEL才能启动到此菜单并更改这些设置——有关如何执行此操作的更多信息,请参阅您 PC 的用户手册,因为步骤会有所不同,具体取决于制造商.
- 更改启动顺序后,将启动运行Windows Defender的最小且隔离的(Windows Defender)Windows环境。如果您的Windows 10版本支持此工具,则您可以使用扫描选项。否则会出现0x8004cc01错误,您需要尝试其他方法。
- 但是,如果Windows Defender工具可以在您的Windows 10版本上运行,请按照屏幕上的说明扫描您的 PC 并处理任何受感染的文件。该过程完成后,您的 PC 将重新启动,并且应删除恶意软件。确保此时移除USB驱动器或DVD ,并在(DVD)BIOS或UEFI设置中恢复正确的启动顺序,以确保Windows之后能够正确启动。
使用第三方防病毒软件运行脱机病毒扫描(Running an Offline Virus Scan Using Third-Party Antivirus Software)
虽然Microsoft Defender是适用于(Microsoft Defender)Windows 10用户的内置防病毒软件,但您也可以使用第三方防病毒工具对您的 PC 执行脱机病毒扫描。所有主要的防病毒提供商都支持此功能,包括免费使用的Avast Antivirus,尽管Avast 的替代品(alternatives to Avast)可用并且非常合适。
- 首先,您需要在未受感染的 PC 上下载并安装Avast(或者,如果这不可能,如果您的 PC 仍可启动,则在受感染的 PC 上)。安装后,通过选择任务栏上的Avast图标打开Avast UI 。从Avast菜单中,选择保护(Protection )>病毒扫描(Virus Scans)。
- 在Virus Scans菜单中,选择Rescue Disk选项。
- 如果您希望使用 CD 或DVD创建应急磁盘,请选择创建 CD(Create CD)。否则,请连接便携式USB闪存驱动器并选择创建 USB(Create USB)。
- Avast需要使用正确的文件格式化和重新刷新您的驱动器。首先备份(Back)您希望从驱动器中保存的所有文件,然后选择是,覆盖(Yes, Overwrite)按钮继续。
- 留出一些时间让该过程完成。Avast(Once Avast)创建救援磁盘后,将其从您正在使用的 PC 中安全移除,并将其连接到受感染的 PC。如果您使用受感染的 PC 创建Avast救援磁盘,请在此时重新启动您的 PC。
- 在启动到Avast救援磁盘之前,您需要通过选择F1、F12、DEL或类似键(取决于您的硬件)来更改(F1, F12, DEL)BIOS或UEFI设置中的启动顺序以启动到此菜单。确保(Make)优先考虑您创建 的DVD或USB闪存驱动器,然后重新启动您的 PC。(USB)
- 重新启动后,选择键盘上的任意键以启动到Avast应急磁盘。使用鼠标选择AvastPE Antivirus。
- 在接下来出现的Avast Antivirus选项菜单中,您可以选择扫描所有连接的驱动器或仅扫描某些文件夹/文件。选择您的首选选项,然后选择Next。
- Avast将开始扫描您的驱动器以搜索恶意软件。按照(Follow)屏幕上的任何其他说明确认您希望如何处理受感染的文件,例如修复、隔离或删除它们。
该过程完成后,退出Avast应急磁盘软件,重新启动您的 PC,然后取出应急磁盘以启动Windows。但是,您可能需要重复上述步骤以在BIOS或UEFI设置菜单中恢复原始引导顺序,然后才能执行此操作。
让 Windows 10 远离恶意软件(Keeping Windows 10 Free From Malware)
无论您使用的是Microsoft Defender还是(Microsoft Defender)Avast等第三方防病毒软件,您都应该能够使用这些工具使您的 PC 免受破坏性恶意软件感染。但是,如果您仍然遇到问题,您可能需要考虑擦除硬盘驱动器并重新安装 Windows(reinstalling Windows)以在没有受感染文件的情况下重新启动。
虽然我们已经演示了如何使用Avast删除恶意软件,但它并不是唯一可用的第三方选项。您可以在 Windows 上轻松卸载 Avast,(uninstall Avast on Windows)然后尝试使用其他解决方案,例如Webroot。但是,如果所有其他方法都失败了,请不要忘记使用Microsoft Defender从您的 Windows PC中快速删除恶意软件。(quickly remove malware)
How to Perform an Offline Virus Scan to Fix an Infected PC
If you think you’ve been infected with malware, the best thing to do is to avoid panicking. In many cases, you can recover your PC and remove the infection by using Windows’ own Microsoft Defender tool or by using third-party antivirus software like Avast to scan for and remove the infection.
Even stubborn malware infections can be removed using these tools, but you may need to run a boot-level scan using portable software on a USB drive, especially if Windows isn’t safe to run with malware. To run an offline virus scan using Microsoft Defender or a third-party antivirus solution, you’ll need to follow these steps.
Running an Offline Virus Scan Using Microsoft Defender on Windows 10
If Windows is still running and the malware infection isn’t as serious, you may be able to use Microsoft Defender to run a bootable antivirus scan without using the portable (and older) Windows Defender Offline tool.
This option is only recommended, however, if Windows is still able to run and remains isolated from other PCs on your network.
For instance, if you intend to use this method, make sure that your PC is disconnected from your local network. This will prevent any malware from potentially spreading to other PCs before you can clear the infection. You may wish to restart Windows in Safe Mode before you proceed.
- To begin, right-click the Start menu and select Settings.
- In the Window Settings menu, select Update & Security > Windows Security > Virus & threat protection.
- In the Virus & threat protection menu, select Scan options.
- Select Microsoft Defender Offline scan from the list provided, then select Scan now to schedule the scan.
- Windows will confirm that your PC will need to restart. Close any unsaved applications at this point, then select Scan to restart your PC and begin the bootable antivirus scan using Microsoft Defender.
- After a few moments, Windows will restart and boot into the Microsoft Defender boot scan menu. Microsoft Defender will automatically begin scanning your PC for malware—allow this process to fully scan your PC. If it detects any malware, follow any additional on-screen instructions to confirm how you wish to fix, remove, or quarantine any infected files.
Once the offline virus scan is complete, your PC will reboot back into Windows. Any malware will be removed or quarantined based on your actions above. At this point, the malware infection should be resolved, but you may need to follow additional steps to repair or restore your Windows installation (depending on the damage).
Using the Older Windows Defender Offline Tool to Scan for Malware (Older Versions of Windows)
While Windows 10 allows you to conduct an offline virus scan using Microsoft Defender without any additional tools or hardware, you can also use the older Windows Defender Offline tool on a portable USB drive or DVD to conduct a boot-level scan when Windows can’t (or shouldn’t) boot.
While this portable version of Defender was originally made for Windows 7 and 8.1, it can still be used to scan for malware on some Windows 10 PCs, depending on the version. However, the tool itself is outdated (although the virus definitions are up-to-date) and won’t work with newer versions of Windows.
For this reason, this tool should only be used on older PCs running an older version of Windows 10 (or an earlier version of Windows). If it doesn’t work, you may need to use a third-party antivirus as an alternative, or schedule a Microsoft Defender Offline scan in Safe Mode using the steps above instead.
Creating the Windows Defender Offline Tool USB or DVD Media
- If you want to try this method, you’ll need to download the 64-bit version of Windows Defender Offline from the Microsoft website from a non-infected Windows PC. Once the file is downloaded, run the tool and select Next.
- At the next stage, confirm you accept the license agreement by selecting the I accept button.
- You’ll need to select where you want to install Windows Defender Offline. Select the appropriate option (such as On a USB flash drive that is not password protected) then select Next to confirm.
- If you’re using the USB flash drive method and you have more than one USB device connected, select the device you wish to use based on the assigned drive letter using the drop-down menu, then select the Next option.
- The tool will format and reflash the USB drive you’ve selected. Make sure to back up any files previously saved to the device first, then select Next to continue.
- The Windows Defender Offline creator tool will download the necessary files to flash your USB drive or DVD (including up-to-date virus definitions). Once the process is complete, you’ll need to restart your PC.
Scanning Your PC Using the Windows Defender Offline USB or DVD Media
- When you restart your PC, you’ll need to configure your BIOS or UEFI bootloader to boot from your USB drive first, rather than from your Windows system drive. You’ll usually need to select a keyboard key such as F1, F12, or DEL to boot into this menu and change these settings—consult your PC’s user manual for additional information on how to do this, as the steps vary, depending on manufacturer.
- Once you’ve changed your boot order, a minimal and isolated Windows environment running Windows Defender will boot. If your version of Windows 10 supports this tool, the scan options will become available to you. Otherwise, an 0x8004cc01 error will appear, and you’ll need to try an alternative method.
- If Windows Defender tool can run on your version of Windows 10, however, follow the on-screen instructions to scan your PC and deal with any infected files. Once the process is finished, your PC will reboot and the malware should be removed. Make sure to remove your USB drive or DVD at this point and restore the correct boot order in your BIOS or UEFI settings to ensure that Windows will correctly boot up afterwards.
Running an Offline Virus Scan Using Third-Party Antivirus Software
While Microsoft Defender is a suitable built-in antivirus for Windows 10 users, you can also use third-party antivirus tools to perform an offline virus scan of your PC. All major antivirus providers support this feature, including the free-to-use Avast Antivirus, although alternatives to Avast are available and are perfectly suitable.
- To start, you’ll need to download and install Avast on a non-infected PC (or, if that isn’t possible, on your infected PC if your PC still boots). Once installed, open the Avast UI by selecting the Avast icon on the taskbar. From the Avast menu, select Protection > Virus Scans.
- In the Virus Scans menu, select the Rescue Disk option.
- If you’d prefer to create a rescue disk using a CD or DVD, select the Create CD. Otherwise, connect a portable USB flash drive and select Create USB instead.
- Avast will need to format and reflash your drive with the correct files. Back up any files you wish to save from the drive first, then select the Yes, Overwrite button to proceed.
- Allow some time for the process to complete. Once Avast has created your rescue disk, safely remove it from the PC you’re using and connect it to your infected PC. If you used your infected PC to create the Avast rescue disk, reboot your PC at this point.
- Before you boot into the Avast rescue disk, you’ll need to change the boot order in your BIOS or UEFI settings by selecting F1, F12, DEL, or similar key (depending on your hardware) to boot into this menu. Make sure to prioritize the DVD or USB flash drive that you’ve created, then restart your PC.
- Once you restart, select any key on your keyboard to boot into the Avast rescue disk. Using your mouse, select AvastPE Antivirus.
- In the Avast Antivirus options menu that appears next, you can choose to scan all connected drives or only scan certain folders/files. Select your preferred option, then select Next.
- Avast will begin to scan your drives to search for malware. Follow any additional on-screen instructions to confirm how you wish to handle infected files, such as fixing, quarantining, or removing them.
Once the process is complete, exit the Avast rescue disk software, restart your PC, and remove the rescue disk to boot into Windows. You may need to repeat the steps above to restore the original boot order in your BIOS or UEFI settings menu before you can do this, however.
Keeping Windows 10 Free From Malware
Whether you’re using Microsoft Defender or a third-party antivirus like Avast, you should be able to use these tools to free your PC from a damaging malware infection. If you’re still having issues, however, you may need to think about wiping your hard drive and reinstalling Windows to start again with no infected files.
While we’ve demonstrated how to use Avast to remove malware, it isn’t the only third-party option available. You can easily uninstall Avast on Windows and try another solution like Webroot instead. If all else fails, however, don’t forget to use Microsoft Defender to quickly remove malware from your Windows PC.