Emsisoft Emergency Kit FREE Anti Malware Scanner
- The malware Emergency Kit for infected PC´s
- Award-winning dual-scanner to clean infections
- 100% portable – Ideal for USB flash drives
How it works:
The Emsisoft Emergency Kit contains a collection of programs that can be used without software installation to scan for malware and clean infected computers: Emsisoft Emergency Kit Scanner and Emsisoft Commandline Scanner.
Emsisoft Emergency Kit Scanner
The Emsisoft Emergency Kit Scanner includes the powerful Emsisoft Scanner complete with graphical user interface. Scan the infected PC for Viruses, Trojans, Spyware, Adware, Worms, Dialers, Keyloggers and other malicious programs.
This scanner contains the same functionality as the Emergency Kit Scanner but without a graphical user interface. The commandline tool is made for professional users and is perfect for batch jobs.
To run the Emsisoft Commandline Scanner, perform the following actions:
– Open a command prompt window (Run: cmd.exe)
– Switch to the drive of the USB Stick (e.g.: f:), then to the folder of the executable files (e.g.: cd run)
– Run the scanner by typing: a2cmd.exe
Next you will see a help page describing all available parameters.
The following parameter is an example of scanning drive c: with Memory, Traces (Registry) scan enabled, and archive support active. Detected Malware is moved to quarantine.
a2cmd.exe /f=”c:” /m /t /a /q=”c:quarantine”
Available parameters For Command Line Scanner
Scan parameters (can be combined):
Scans specified disks, folders or files for malware infections. Folder paths must be enclosed in quotation marks. Multiple paths need to be delimited by commas.
Example: a2cmd /f=”c:windows”,”c:program files”
Abbreviation for running a quick system check. Scans all active programs, malware traces (registry, files) and Tracking Cookies.
Abbreviation for running a scan of the most important system areas. Scans the Windows and program files folders in addition to everything scanned by the quick scan.
Abbreviation for running a complete system scan. Scans all files on all hard disks thoroughly.
Scans for active rootkits.
Scans all active programs.
Scans the registry and the file/folder structures on a hard disk for malware traces.
Scans all cookies for Tracking Cookies. Supported browsers: MS Internet Explorer, Mozilla Firefox.
Scan a file by handle. Requires the ID of the process that keeps the handle.
/b=[pointer] /bs=[size] /pid=[PID]
Scan a data buffer in memory. Requires the buffer size and the ID of the process that keeps the buffer.
Scan options parameters (for precise adjustment of the scan parameters):
Also detects Potentially Unwanted Programs (programs that are not specifically malicious but are often installed without user consent)
Scans also within archive files such as ZIP, RAR, CAB, and self-extracting archives.
Scans also hidden data flows in NTFS disks.
Uses the advanced caching to avoid unnecessary re-scans.
Scans with direct disk access mode which is slower. Not required when the rootkit scan is enabled.
Saves a scan log to the specified file. The text-based log is saved in Unicode format.
Example: a2cmd /deep /log=”c:scansscan.log”
Same as the /l bzw /log parameter, but the log is saved in ANSI Format.
Scans only files with the specified extensions.
Example: a2cmd /f=”c:windows” /x=”exe, com, scr, bat”
Scans all files except those with the specified extensions.
Example: a2cmd /deep /xe=”avi, bmp, mp3″
Uses the specified whitelist file for excluding certain files, folders or malware names in the scan. Whitelist files must be text files where each line is one of the items to be excluded.
Example: a2cmd /f=”c:” /wl=”c:whitelist.txt”
Deletes all detected malware objects at once during the scan. Also deletes references to the detected file, e.g. autorun entries in the registry.
Deletes all detected malware objects at once during the scan. Only the detected file itself is deleted. Quicker than /d or /delete.
Immediately place detected malware in quarantine during the scan. The quarantine folder can be specified. Detected objects are saved and encrypted there so that they cannot cause further damage.
Defines if the Anti-Malware service is to be used for scanning.
Background: When running many short scans, loading the scan engine afresh at each start of a2cmd is inefficient. Using the /s or /service parameter makes the Anti-Malware service load the engine and keep it loaded for later scans. If the service is not yet started or installed it is installed and started when the service parameter is run for the first time. This command is not available in Emsisoft Emergency Kit because the service component is not included.
Quarantine treatment parameters (to be used alone):
Lists all objects that are under quarantine. The consecutive number at the beginning of each line can be used for deleting or restoring (zero-based index).
Restores an object under quarantine with the specified index number. If no number is specified, all objects are restored.
Example: a2cmd /qr=0
Deletes an object under quarantine with the specified index number.
Update parameters (to be used alone):
Must be used alone. Runs an online update of all program components and signatures. If a2cmd is used as a part of Emsisoft Anti-Malware, this command triggers an update of the whole Emsisoft Anti-Malware package.
Downloads the latest beta updates instead of stable updates.
Sets a proxy host and port number to be used for connections to the update server.
Sets a proxy username if the proxy requires authentication.
Sets a proxy password if the proxy requires authentication.
General parameters (to be used alone):
On server operating systems, a2cmd requires a valid license key to operate. Key activation is only required once and can be done offline, but the first online update will also verify the license.
Example: a2cmd.exe /key=XXX-XXX-XXX-XXX
Shows an overview of all available parameters.
0 – No infections were found
1 – Infections were found