Sometimes you just want a second opinion on the health of a windows machine, particularly after McAfee detects malware on a machine and claims to have "handled" it or, even worse when it admits it didn't handle it and you attempt a modicum of manual remediation. Too often, a malware infection can occur that [insert AV program name] can't detect for various reasons, or is a multi-tentacled threat of which VSE only detects some of the tentacles. This isn't a dig on VSE specifically because all AV products suffer this same inherent issue of "you can't detect everything." As such, there are these times when a machine you're investigating could really use a second opinion and a clean VSE scan isn't enough to convince you of its health.
Q: what's a good (preferably free) command-line or low installation overhead second-opinion malware scanner for spot technician use?
Ideally, I'd like to avoid installing anything additional on every workstation we deal with, but rather often, there are situations where I'm worried about a box, and know enough about the limitations of antivirus technology to yearn for another scan engine/defs (i.e. something other than Mcafee VSE) to be run over the machine.
Surely I can't be the only person who's had this thought... so I'm curious what else is out there for such a task? Is there a command line scanner offered by a competitor that's licenseable in this way for one off command line technician use?
What I've looked into without great success yet--opinions welcome:
- Malwarebytes has always been nice to use in a personal use environment... but I'll be darned if I have succeeded in getting a quote from them for a handful of technician licenses for such a duty.
- There's also something out there named multi_av.exe which used to be a KIX batch bundling of 4 vendors' command line scanners. I don't know if it still exists, and I'm not sure I ever really trusted it, and I'm not sure whether the licenses for the individual components were ever kosher with respect to corporate use.
- Buy a handful of licenses of a competitor's corporate product, put them on a dedicated diagnosis machine, and mount administrative shares to the target pc and scan from there?
- ClamAV on a Linux box, and perhaps moutn an administrative share on the target box and scan?
Thanks for any shared experience on this front!
Message was edited by: Regis to modify first paragraph to explain the use case a little more fully. on 10/7/10 7:46:05 AM CDT
Message was edited by: Regis typo on 10/13/10 7:42:53 AM CDT