Make a scan with Windows Defender Offline and clean nasty viruses from Windows

There are times when your computers and devices may be infected by malware that is difficult to remove with traditional antivirus. On other occasions, the malware blocks the installation of any antivirus, and you cannot remove it manually. In such delicate situations, you need to boot an antivirus in a safe recovery environment, so that it can run before the operating system is loaded. This is the only way to disinfect that kind of malware. For such situations, Microsoft has created Windows Defender Offline - a free tool that does a good job. Here is how to use Windows Defender Offline to scan and remove viruses from Windows computers and devices:

Before moving forward:

This guide covers the following situations:

  • You use Windows 10, you can log in and use it, but you suspect that it may be infected with malware. Therefore you want to perform an in-depth scan to confirm your suspicions and remove the malware if found. If this is your situation, follow the instructions in the next section of this guide.
  • You use Windows 10, but you cannot log in because of a malware infection. In this situation, skip the next section of this guide, and go to the one after it.
  • You use Windows 7, and Windows 8.1, and you want to use Windows Defender Offline to scan for malware and remove it if any it is found. In this situation, skip the next section of this guide, and go to the one after it.

In all situations, you need a working internet connection, and to log into Windows with a user account that has administrator permissions.

How to use a Windows Defender Offline scan to clean nasty viruses in Windows 10

If you have Windows 10 April 2018 Update, open Windows Defender Security Center. If you have Windows 10 October 2018, open Windows Security. They are the same app, with a different name and a few different features. If you do not know what version of Windows 10 you have, read this tutorial: What version, edition, and type of Windows 10 do I have installed?.

You can find Windows Security (Windows Defender Security Center) in the Start Menu, in the list of apps that start with the letter W.

The Windows Security shortcut from the Start Menu

An alternative is to search for the word security and click or tap the Windows Security (Windows Defender Security Center) search result.

Searching for apps that include the word security

The Windows Security (Windows Defender Security Center) app looks similar to the screenshot below. In older versions of Windows 10, it has fewer options and settings, while in Windows 10 October 2018 update or newer, looks exactly like in the screenshot below.

The Windows Security app in Windows 10

In the Windows Security (Windows Defender Security Center) app, choose "Virus & threat protection" in the column on the left, and then click or tap the "Scan options" link, found in the Current threats section.

Windows Security - Scanning options

You see a list with all the scanning options that are offered by Windows Defender. Choose "Windows Defender Offline scan" and press Scan now.

Starting a Windows Defender Offline scan

You are asked to save your work because Windows Defender Offline scan will restart your device to scan your Windows 10 computer or device. If you have any opened documents and apps, save them and close them first. Then, click or tap Scan to continue.

Windows Defender Offline asks you to save your work

After that you may see a UAC prompt, asking for your confirmation. Press Yes to continue.

A UAC (User Account Control) prompt

Next, you get a notification that "You're about to be signed out" and that your PC "will shut down in less than a minute." Close the notification and wait for your PC or device to restart.

Windows informs you that it will shut down

After that, Windows 10 boots in a recovery environment and starts Windows Defender Offline. This process may take a few minutes, so be patient.

Windows Defender Offline is loading

Then, Windows Defender Offline automatically scans your computer and, if malware is found, you are asked about the action that you want to take.

If nothing wrong is found, your PC or device restarts and loads Windows 10 again, like it usually does.

The Windows Defender Offline scan

How to use Windows Defender Offline to clean malware in Windows 7, Windows 8.1, or Windows 10 (when it is not booting)

The first thing you have to do is download the correct Windows Defender Offline version for your PC or device. Go to this web page: Help protect my PC with Windows Defender Offline. Scroll to the bottom and download the 32-bit or the 64-bit version of Windows Defender Offline, depending on the type of Windows that you have. If you don't know which version you have, read this tutorial: What version of Windows do I have installed? (5 methods).

You can also use the download links we provide, but we cannot guarantee that Microsoft will never change them:

You download a file named mssstool32.exe or mssstool64.exe.

The mssstool32.exe and mssstool64.exe files

The next step is to burn Windows Defender Offline to a CD or DVD, copy it to a USB flash drive or save it using a ".iso" disc image that can be used on the PC that is infected with malware. Keep in mind that you should have about 250-300 MB of storage space available. The Windows Defender Offline wizard says that you only have to have 250 MB of storage space, but we have found this not to be true. We tested this tool several times and it always required at least 300 MB of space.

Run mssstool32.exe or mssstool64.exe, press Yes when you see a UAC prompt and use the wizard to install Windows Defender Offline on the media you want to use. The wizard starts by informing you about the things you need. Read the information displayed and then click Next.

The wizard to for installing Windows Defender Offline

Read the license terms of the Windows Defender Offline, and press "I accept."

The license terms used by Windows Defender Offline

You are asked to select where you want to install Windows Defender Offline: on a blank CD or DVD, a USB flash drive or a ".iso" file on the disk. The steps you perform next are similar for all these options. Since flash drives are popular nowadays, we chose "On a USB flash drive that is not password protected."

Choosing where to install Windows Defender Offline

If you have more than one flash drive plugged in, select the flash drive you want to use and press Next. Then, you are informed that Windows Defender Offline needs to reformat the flash drive before the installation can continue. Make sure that you do not have any critical data on it and then press Next to continue.

Windows Defender Offline needs to reformat your USB flash drive

Windows Defender Offline downloads all the files it needs, it formats the USB flash drive and copies its files to it. This process takes a while, and it downloads around 275 - 300 MB of files.

Windows Defender Offline is creating the startup USB flash drive

When the process has finished, you are informed. Press Finish and you can start using Windows Defender Offline to disinfect other computers and devices.

Windows Defender Offline was installed successfully

Now it is time to use Windows Defender Offline. Plug your USB flash drive or CD/DVD into the infected computer and configure it to boot from the drive/disc. During the boot procedure, a mini-Windows kernel is loaded which, in turn, loads Windows Defender Offline.

Booting into Windows Defender Offline

The process takes a while so be patient. When loaded, Windows Defender Offline automatically starts to scan your device. If malware is found, you can remove it at the end of the scan.

Windows Defender Offline is scanning your computer

One thing that you should keep in mind is that Windows Defender Offline uses the malware definitions that were available at the time you installed it on your disc (CD/DVD), flash drive or ISO image. If you use it a couple of days later, its definitions are dated, and it might not be of too much help. That's why you should cancel its automatic scan and update it before scanning the system again. Another solution is to install it again, on another disc, or drive so that you have the latest malware definitions available.

Did you clean Windows from viruses with Windows Defender Offline?

We used Windows Defender Offline on a couple of occasions to disinfect systems that had nasty problems with malware, and it worked great. The tool is easy to use and familiar to most users, so you should not have any issues with it. If you have used it as well, tell us more about your experience. Did it manage to identify and remove viruses from your Windows computers and devices? Were you satisfied? Comment below and let's share our stories.