CBC Computer Services

Call or Text Us Anytime at: 845-592-4019 or at 315-240-3966

Use PowerShell to remove Malicious Software | Viruses.

By admin | September 14, 2024

PowerShell can be a powerful tool for removing malicious software, but it is not typically used as a standalone antivirus solution. Instead, you can combine PowerShell with Windows Defender (the built-in antivirus on Windows) to scan for and remove viruses. Below is a PowerShell script that uses Windows Defender to perform a full system scan and remove detected threats.

Step 1: Run Windows Defender Scan Using PowerShell

You can use the following PowerShell script to run a quick, full, or custom scan and remove detected threats.

1. Quick Scan:

Start-MpScan -ScanType QuickScan

2. Full Scan:

Start-MpScan -ScanType FullScan

3. Custom Scan (Specify Directory):

If you want to scan a specific directory (e.g., C:\Users\YourUser\Documents):

Start-MpScan -ScanType CustomScan -ScanPath "C:\Users\YourUser\Documents"

Step 2: Remove Detected Threats

Once the scan is complete, you can remove any detected malware with this command:

Start-MpWDOScan

This command triggers a Windows Defender Offline Scan, which is useful for removing more persistent threats. It reboots the machine and scans for malware that might be difficult to remove while Windows is running.

Step 3: View Detected Threats and Quarantine Items

You can view any threats that have been detected and quarantined:

Get-MpThreat

If you want to remove items from quarantine, you can use:

Remove-MpThreat

Step 4: Enable Real-Time Protection (Ensure Ongoing Protection)

If real-time protection is not enabled (which continuously monitors for malware), you can turn it on with:

Set-MpPreference -DisableRealtimeMonitoring $false

Step 5: Use PowerShell to Update Windows Defender

Before running a scan, make sure Windows Defender’s virus definitions are up to date. You can do this with:

Update-MpSignature

This will update the virus definitions to ensure the latest known threats are detected.

Full Script to Scan and Remove Viruses:

You can create a PowerShell script to automate the process of scanning and removing malware:

# Update Windows Defender's definitions
Update-MpSignature

# Perform a full system scan
Start-MpScan -ScanType FullScan

# Automatically remove detected threats
Remove-MpThreat

# Trigger a Windows Defender Offline Scan for stubborn threats
Start-MpWDOScan

How to Use This Script:

  1. Open Notepad and paste the script above.
  2. Save the file as RemoveViruses.ps1.
  3. Run the script by opening PowerShell as Administrator and executing:
   .\RemoveViruses.ps1

Notes:

  • Windows Defender is a solid built-in antivirus solution, but for more complex threats, you may want to use third-party antivirus tools in conjunction.
  • Windows Defender Offline Scan (triggered by Start-MpWDOScan) is particularly useful against malware that embeds deeply into the system, as it scans outside of the normal Windows environment.

This method provides a safe and effective way to use PowerShell for scanning and removing malware using Windows Defender.

Posted in Blog Home, PowerShell Scripts