How to ensure PC is clear from virus infection by using script to check?

MichaelBalack
MichaelBalack used Ask the Experts™
on
This is a planning in writing a vbscript to find out PC OS, service pack, missing patches, computer name, antivirus software installed, personal firewall, and so on. This vbscript was evaluated and works without problem. The "last piece" of the check that we are thinking to put in is the checking of PC for any possible infection of virus. How do we ensure that the pc is really virus-free? Can we write a script to check for some "run", "runonce", and other registry key and values? the objective is this seems to be a "preliminary" check for the virus infection, malware, spyware, and so on. MS Windows clients from windows 7 to windows 10.

If so, any sample for the script on this virus checking?

Thanks in advance.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2014
Commented:
You're not going to find any such script.  The closest you could come in my opinion is a virus-scan from whichever anti-malware software, the results of which would only be as good as the anti-malware and it's definitions (really just referring to old-style anti-malware, vs. behavioral scanning).  If the software has a CLI that you can initiate a scan from, and get results back in a usable format then you can add that to your script.

How do you ensure a PC is really virus-free?  That somewhat depends on your standard.  There's a reasonable standard of trust that your new hardware doesn't have anything malicious embedded into it, but how far would you go to prove that?  If the NSA (or whomever) modified hardware or firmware for whatever purpose, what would it take to find out?  Much more than a virus scan, and likely not worth it for the majority of users/companies, thus the standard of trust.  Same standard is applied to makers of software.  Download all the software (OS, applications, drivers) from trusted sources and check their hashes before installing.  Once connected to the internet, you keep trusting that all is good, unless given reason to suspect otherwise.  So, what's your level of trust?

Commented:
It is not possible to assure you are virus free even if you ran every virus software there is.

But to assure with a reasonable confidence that a system is virus free is to create a new system from a newly formatted drive, install fron new packages the software you want to use, and clone that each time you want a clean system. The master system should never be run on a system except for updates, and on a trusted computer. I would include a good virus protection on the master system as well just to help it stay clean.

The script would be to clone that drive to a newly formatted drive.

From that point on, if the clone is used on any system with a network connection or the ability to plug in a usb device, there is no way to assure that it will stay virus free.

You should look at all the protection software and include one or two good packages to help protect the system. Do not allow users to install any software, plugins, or extensions.  If it must stay clean, access to the internet should be disabled, and adding usb device prohibited. Quite difficult if the user requires internet access.

That is about as sure as you will get. And even then, zero day exploits might still get through. That is always a problem.
MichaelBalackSenior System Engineer

Author

Commented:
Thanks both experts in giving the advises.  At the end, we decided to use Kaspersky Virus Removal Tool (kvrt.exe) to scan the PC. although the scan can't quarantee 100%, however, it is helpful.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial