Professional Documents
Culture Documents
_m=knowledgebase&_a=viewarticle&kbarticleid=34
Author:
Competent Solutions
Created On: 11 Sep 2009 09:16 AM
Corporate KnowledgeBase
Performing a command-line scan in Windows Vista, XP, 2003 or 2000
Environment
McAfee SuperDAT
McAfee DATs/Beta DATs
Page 1/6
Powered By Kayako SupportSuite
http://hd.competentsolutions.net/helpdesk/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=34
Step 1 - Create a temporary scan folder on the root drive and assign a Read-Only attribute:
1.Create a folder named SCAN on the root of the system drive (typically C:).
2.Assign a Read-Only attribute on the SCAN folder. Right-click the C:SCAN folder and select
Properties.
3.Select Read-only and click OK.
NOTE: McAfee recommends deleting all temporary files from your system prior to running any
scan. This includes files in the temp folder, temporary Internet files as well as Internet usage history
and cookies.
Step 2 - Download the latest sdat####/exe (where #### is the version number) to the SCAN folder:
1.Start your web browser and access the McAfee Security Updates page:
http://www.mcafee.com/apps/downloads/security_updates/superdat.asp?region=us&segment=enter
prise
For restarting in Safe Mode in other operating systems, refer to the Related Information section in
this article.
1.Press F8 immediately after the Power On Self-Test diagnostics and memory count.
2.Select: Safe Mode with command prompt.
3.Type the following command, then press ENTER:
Page 2/6
Powered By Kayako SupportSuite
http://hd.competentsolutions.net/helpdesk/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=34
IMPORTANT: You may see an error stating that an application is attempting to directly access the
hard disk. Click IGNORE to continue scanning.
01/22/2007 17:00:05
Options:
/CLEAN /WINMEM /ALL /ADL /PROGRAM /UNZIP /REPORT REPORT.TXT
Scanning C: []
Scanning C:*.*
C:Program FilesJavlayernpf.sys ... Found the NTRootKit-R.gen trojan !!!
The file or process has been deleted.
C:WINDOWSDownloaded Program FilesUDC6_0001_D19M1908NetInstaller.exe ... Found
potentially unwanted program DriveCleaner.
The file or process has been deleted.
C:WINDOWSsystem32drivershttnpfs.sys ... Found the NTRootKit-R.gen trojan !!!
The file or process has been deleted.
Non-critical Error(s):2
Master Boot Record(s): ......2
Possibly Infected: ....0
Boot Sector(s): ...............1
Possibly Infected: ....0
Related Information
Page 3/6
Powered By Kayako SupportSuite
http://hd.competentsolutions.net/helpdesk/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=34
Related articles:
•KB55986 - Daily DAT files explained
•KB53094 - Troubleshooting procedure for finding possible infected files (when virus not
detected)
Refer to the following relevant Microsoft Operating System article to start in Safe Mode:
Microsoft documentation
F8 Method
Windows Vista
http://windowshelp.microsoft.com/Windows/en-US/Help/323ef48f-7b93-4079-a48a-5c58eec904a110
33.mspx
Windows XP
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.ms
px?mfr=true
Windows 2003
http://technet2.microsoft.com/windowsserver/en/library/e14bf84d-d2f7-42c3-9fae-2af3db3f806c1033
.mspx?mfr=true
Windows 2000
http://www.microsoft.com/windows/windows2000/en/advanced/help/boot_failsafe.htm
Windows XP http://support.microsoft.com/kb/310560/
Page 4/6
Powered By Kayako SupportSuite
http://hd.competentsolutions.net/helpdesk/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=34
SwitchDescription
/?Display the help screen.
/ADScan all drives (not removable media).
/ADLScan all local drives (not removable media).
/ADNScan all network drives.
/AFC=Set the Size of the Internal Cache Used When Decompressing Archive Files.
/ALLScan all files regardless of filename extension.
/ALLOLETreat all files as compound/OLE regardless of extension.
/ANALYZETurn on heuristic analysis for programs and macros.
/APPENDAppend to report file rather than overwriting.
/BOOTScan boot sector and master boot record only.
/CHECKLIST Scan list of files contained in .
/CLEANClean viruses from infected files and system areas.
/CONTACTFILE Display contents of when a virus is found.
/DAMRemove all macros from infected MS-Office files.
/DELDelete infected files.
/DOHSMScan migrated files (hierarchical storage management).
/EXCLUDE Do not scan files listed in .
/EXTLISTList file extensions scanned by default.
/EXTRA Scan using an extra DAT file.
/FAMFind all macros - not just infected macros. Used with /DAM will remove all macros.
/FREQUENCY Do not scan after the previous scan.
/HELPDisplay the help screen.
/HTML Create an HTML report file.
/LOAD Load options from .
/MAILBOXScan inside plain text mailboxes.
/MANALYZETurn on macro heuristics.
/MANYScan many floppy diskettes.
/MIMEScan inside MIME, UUE, XXE and BinHex files.
/MOVE Move infected files into directory, preserving path.
/NOBACKUPDo not prompt for a backup diskette during a sector repair.
/NOBOOTDo not scan boot sectors.
/NOBREAKDisable Ctrl-C / Ctrl-Break during scanning.
/NOCOMPDo not scan self extracting executables by default.
/NODDon't switch into /ALL mode when repairing.
/NODDANo direct disk access.
/NODOCDo not scan MS Office files.
/NOEXPIREDisable data files expiration date notice.
/NOMEMDo not scan memory for viruses.
/NODECRYPTDon't scan password-protected MS Office documents.
/NOJOKESDo not alert on joke files.
/NORENAMEDo not rename infected files that cannot be cleaned.
/PANALYZETurn on program heuristics.
/PAUSEPause at end of each screen page.
Page 5/6
Powered By Kayako SupportSuite
http://hd.competentsolutions.net/helpdesk/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=34
Previous Document ID
613469
Inquira Information Center Copyright ©2009, Inquira Inc., All Rights Reserved Release 8.1.2.1
Page 6/6
Powered By Kayako SupportSuite