How to perform a full virus scan while in safe mode with command prompt
| Article:TECH106310 | | | Created: 2008-01-20 | | | Updated: 2013-05-02 | | | Article URL http://www.symantec.com/docs/TECH106310 |
Problem
How do I start a Windows XP or Windows Server 2003 machine into Safe Mode with Command Prompt so that I may perform a full virus scan?
How do I start a Windows 7or Windows Server 2008 machine into Safe Mode with Command Prompt so that I may perform a full virus scan?
Symptoms
Virus scans in Normal and regular "Safe" mode have not been able to remove a detected threat from a machine.
Environment
Windows7, Symantec Endpoint Protection 11.x and earlier.
Cause
Some infectious threats tie themselves to critical system processes (E.G., Explorer.exe), thus becoming resident in a system's memory. Because of this, virus scans may be ineffective at removing the threat while a machine is started in either normal or regular "safe" mode.
Solution
Starting a machine into the mode Safe Mode with Command Prompt may prove to be more successful when removing an infectious threat since the explorer.exe process does not run in this mode.
For Symantec Endpoint Protection:
- Isolate (disconnect) all affected machines from the network
- Restart these machines into Safe Mode with Command Prompt. Immediately press F8 prior to the operating system load screen. This will display a startup menu with an option for Safe Mode with Command Prompt. Select this option.
- After the computer has loaded into this mode, close the Command Prompt window that appears
- Press CTRL+ALT+DEL to bring up task manager
- Click File > New Task (Run...)
- Browse to the install directory for Symantec Endpoint Protection. By default, this is C:\program files\symantec\symantec endpoint protection\
- Select SymCorpUI.EXE and click Open
- In the Create New Task window, click OK to run the application. This will open Symantec Endpoint Protection
- On the left-hand side, click Scan For Threats.
- Click Run Full Scan. This will start the scanning process immediately.
- Note: Upon running SymCorpUI.EXE, a window may appear with the following message: "It appears that the Symantec Management Client service is not running. You will not be able to manage network protection settings through the main user interface until it is running. Do you want to start the service now?" Click No to this message
For Symantec AntiVirus:
- Isolate (disconnect) all affected machines from the network
- Restart these machines into Safe Mode with Command Prompt. Immediately press F8 prior to the operating system load screen. This will display a startup menu with an option for Safe Mode with Command Prompt. Select this option.
- After the computer has loaded into this mode, close the Command Prompt window that appears
- Press CTRL+ALT+DEL to bring up task manager
- Click File > New Task (Run...)
- Browse to the install directory for Symantec AntiVirus (C:\Program Files\Symantec AntiVirus by default)
- Select VPC32.exe and click Open
- In the Create New Task window, click OK to run the application. This will open Symantec AntiVirus
- Click the Scan menu and select Full Scan
- Click Scan at the bottom-right corner.
If there are problems running either Symantec Endpoint Protection or Symantec AntiVirus in this startup mode, or if the suspected threat is not being found, please contact Customer Support for further assistance.
References
The 5 Steps of Virus Troubleshooting
|
|
Legacy ID
2008102011220248
Article URL http://www.symantec.com/docs/TECH106310
Terms of use for this information are found in Legal Notices
Thank you.