Boot-time scan is an effective way of detecting and removing malware, because the scan takes place before Windows starts up and therefore rootkits and other system modifiers have little chance of hiding themselves.
avast! Rescue Disk (bootable USB drive or CD/DVD) can do offline scanning and cleaning if some rootkits run even before avast! boot-time scan starts.
However, there are two important caveats:
- inexperienced users can easily make Windows unbootable if they allow avast! boot-time scan to delete or move system files,
- boot-time scanning takes a long time - up to several hours.
For these reasons, you should always use RKill first to stop malware processes and services and then run a full anti-virus scan and a full anti-malware scan. This is a much safer and often a quicker way to remove rootkits and other nasty hard-to-detect malware.
If avast! Free Antivirus 2014 displays the following dialog after scanning or cleaning, it is strongly recommended to leave the message open, run RKill and then perform a full Malwarebytes scan (links in previous paragraph). Only then it is safe to answer Yes to "Do you want to schedule the boot-time scan and restart the computer now?".
Scheduling or unscheduling avast! Free Antivirus 2014 boot-time scan
Open avast! 2014 main window by clicking its yellow circular icon in Taskbar Notification area (aka System Tray). It is also recommended to save all open documents and close all running programs and apps.
Open Scan tab from the left side of the window. Open the list of scans near Start button and click Boot-time scan.
"Boot-time scan" is now listed. Click Settings.
Boot-time scan parameters window opens. Select either All harddisks or System drive from Areas to scan. The second one cuts down scanning time if you have separate hard drives or partitions with many files.
Tick the Scan for potentially unwanted programs (PUPs) and Unpack archive files check boxes.
From the When a threat is found, apply the following action combo box, select Move to Chest. This will move infected items to a special protected folder, but it will still ask you in case infected system files (important files that are required for Windows to work properly) are detected. You should never choose Delete or Repair here - first one might irrecoverably erase important system files; second one will leave most of malware in tact (there is nothing to repair!), stating "Error 42060 (The file was not repaired)".
Click OK to close the scan parameters window.
Now, back in the Scan tab, click Start button to run the scan right away.
avast! Free Antivirus 2014 will confirm your decision, click Yes to restart your computer now.
To discard the boot-time scan, click Unschedule instead.
Boot-time scanning with avast! Free Antivirus 2014
You can stop the boot-time scan at any time by pressing Esc key on your keyboard. Windows will start up as usual after this. But I do not recommend doing this unless you really need to - your computer might still be infected and you must reschedule the scan.
This is how the boot-time scan looks like. All infected files that are not required by Windows will be moved to Chest.
In case avast! detects an infected system file that is critical for running Windows or in Windows folder, it stops and waits for an action to perform. In such case, always press number 3 on keyboard to skip moving the file.
Do not use the Yes or Yes all options for system files - your computer might become unstable or unbootable! You should use Rkill and Malwarebytes Anti-Malware for repairing such infections after the scan has finished and Windows starts. ComboFix is also available for Windows XP, Vista and 7 users as a last resort.
As said before, the scanning might take up to several hours. After the long process is complete, an overview of the results is displayed for a few seconds and Windows will load.
If you want to see the full log of boot-time scan just performed, read about avast! Free Antivirus logs here.
Troubleshooting if Windows does not work properly after avast! 2014 boot-time scan
In case you experience problems with starting or running Windows after a boot-time scan, you can follow these steps to get your PC running properly again:
- If Desktop is empty and no Taskbar appears - this means that Windows/File Explorer did not start properly. Use keyboard shortcut Ctrl+Shift+Esc to launch Task Manager, open File menu and click New Task (Run). Type explorer and click OK. Desktop icons and Taskbar should appear now. If not, continue to next steps.
- Start Windows in Safe Mode, then open Command Prompt and run sfc /scannow. This will restore essential system files.
- If launching Windows in Safe Mode is not possible, Windows XP users can run Non-destructive reinstall from Windows installation CD.
Windows Vista, 7 and 8/8.1 users can boot from installation DVD and click Repair your computer (see the Repair your computer in Windows Vista or 7 and Repair your computer in Windows 8 and 8.1 articles for more detailed instructions). Windows 7 users can also use System Repair Disc for booting; Windows 8/8.1 users can use Recovery Drive for the same task.
Try Startup Repair/Automatic Repair first. If this is of no help, use System Restore - but keep in mind that this might also restore the malware; you must run a full virus scan again to remove it.
- If repair options are not helping, restore Windows from the latest backup (you do have one?). Windows 7 and 8 users can see the Restore a System Image article for instructions.
No backups? Use Puppy Linux for rescuing your personal files and reinstall Windows.