Clean Malware from Windows PC with USB flash Drive

If you are taking your first steps in the delicate world of systems and you need tools that allow you to intervene on your computer with Windows operating system or on the computer of your friend or acquaintance, the ideal is to consider what are the applications portable.

It is a particular type of program that can be run regardless of the system configuration, since it is created (or re-packed) so as not to need to add registry keys, connect libraries and anything else.

The peculiarity of portable programs is that they can be run really everywhere (taking into account the system architecture) and the best known use is that via USB stick.

Our intention is to build a USB stick that allows you to perform malware cleaning operations on Windows operating systems taking up as little space as possible.

And we did it … in only 197 MB, excluding the definitions of antivirus and antimalware (after the download the space occupied is around 255 MB).

So if you have an old 256 MB USB flash drive that is now forgotten and doesn’t wait to be resurrected or you need to always have – perhaps even in a larger device – utilities for diagnostics, malware detection and virus detection saving more space possible … then this is the article for you and you just have to keep reading!

Before continuing we need to know that to limit the dimensions to a minimum:

  • The files downloaded as executable have been left as is;
  • the files downloaded as archive (zip or rar) have been extracted to the stick (possibly in a dedicated folder) and the original archive has been deleted;
  • the files downloaded as .paf (portable application format) were extracted through the automatic procedure on the key; the original .paf files have been deleted.

The portable programs to have on USB pendrive in less than 256 MB

Rkill (Active Malware, Active Viruses, Rootkits)

Rkill is not an antimalware but an excellent adjuvant to cure particularly infected systems: some malware, in fact, once activated can prevent the execution of any removal program (be it antispyware, antivirus and whatever). The purpose of Rkill is to disable precisely these malware processes, as well as other processes that could prevent a normal scan, in order to allow the user to run the necessary cleaning software. The program generates a summary log on the desktop.

DOWNLOAD | rkill

AdwCleaner (AdWare, Spyware)

One of the most famous, simple and powerful anti-adware programs: just run a scan and the program will be able to detect, cancel and eliminate all traces of most adware, spyware and anything else both from system processes and from registry, as well as from browsers and any other infected core programs.

DOWNLOAD | AdwCleaner

ClamWin Portable (Virus and Malware)

The portable version of the eponymous and efficient virus remover: it is possible to scan the entire system, processes and user-defined paths, possibly using the most recent definitions from the Internet  (which the program will attempt to download when opened). ClamWin is able to detect most of the existing viruses and malware.

DOWNLOAD | ClamWin Portable

ComboFix (detection of viruses, malware and suspicious components)

ComboFix is powerful, truly powerful, extremely powerful. Maybe too powerful.

It is an efficient weapon even for all those viruses and malware insinuated in the most hidden meanders of the system and is able to eliminate numerous threats and to guide the user, through a log file, to make even deeper changes in order to eliminate the most insidious threats.

Unfortunately this represents a double-edged sword: if the information generated in the report is used by inexperienced users or even worse by hasty users, irreparable damage to the system could be caused.

ComboFix creates a restore point and a backup of the registry before starting to work and, during the scan, it will close most of the active programs and disconnect the machine from the internet.


HijackThis ( System)

HijackThis is similar to ComboFix but much less invasive: just run it and wait for the scan to generate a log on processes, system files and registry keys so as to perform an analysis and understand what is wrong. 

Often the HijackThis log is required to receive assistance from forums and/or helpdesks. HijackThis also allows you to eliminate the registry keys detected by the scan, however this is an operation that must be performed with absolute caution as the reported keys are not always harmful and disabling them could result in the unusability of one or more software or hardware parts of the system.

It should be emphasized that HijackThis also contains advanced tools such as an uninstaller or a remover for files blocked by active system processes.

DOWNLOAD | HijackThis

WhatInStartup (System)

A small and practical tool to control and possibly disable all the processes that start together with the operating system, so as to avoid loading unnecessary applications and, why not, flush out some insidious malware. WhatInStartup also allows you to create new boot processes.

DOWNLOAD | WhatsInStartup (Portable)

Everything (System)

If you know the name of a file you are desperately looking for – regardless of whether it is a “good” or “bad” file – but don’t remember the path where it is saved, Everything is the program for you: once performed it will index the files on the disks and allow you to search by name for what interests you, giving almost instantaneous results.

A godsend.

DOWNLOAD | Everything Portable

Geek Uninstaller (System)

This small program can help you uninstall completely and without leaving any trace of any type of program installed on the system and allows you to force uninstallation even if the uninstaller is for some reason corrupt. With Geek Uninstaller it is also possible to browse through the registry keys added by the various programs as well as save the list of installed programs in a file.

DOWNLOAD | Geek Uninstaller Portable

QupZilla Portable (System)

Nothing more, nothing less than a very light and portable web browser written in Qt. Thus, in case of a corrupt browser, we can always use it to ask for help or to analyze suspicious files even on VirusTotal!

DOWNLOAD | Qupzilla Portable

IrfanView (System)

If you need to view some images or screenshots from the unconventional extension and you don’t find any viewers installed on the system, IrfanView is the one for you! It is a simple and very light image viewer compatible with most of the sui generis files!

DOWNLOAD | IrfanView Portable

HyperDesktop (System)

If IrfanView allows you to view images, HyperDesktop allows you to take screenshots and apply basic changes to them if you need to ask for help, showing your interlocutor what Windows shows you!

DOWNLOAD | HyperDesktop Portable

ProduKey (System)

In view of a reinstallation of the operating system, having the serial numbers of the Microsoft products installed is always convenient, especially if the original DVD cases have been lost and/or, for the operating system, it is a pre-installed copy in the computer and the serial number is not written anywhere. ProduKey will allow you to view and save everything.


Wireless Key View (System)

If you are forced to reinstall the operating system and are looking for an easy way to view and save all the passwords of the wireless networks associated with it, WirelessKeyView is the program for you: two clicks and you’re done!

DOWNLOAD | WirelessKeyView

WebBrowser Pass View (System)

WebBrowser Pass View, also by NirSoft, allows you to view and possibly keep on file (which the internal password managers do not allow) all the usernames and passwords with related websites saved in the most known and used browsers for Windows: Internet Explorer, Firefox, Google Chrome and Opera.

DOWNLOAD | WebBrowser Pass View

Password Security Scanner (System)

This is a particular scanner that will allow you to analyze all the passwords stored in the system, without however seeing them, in order to detect the security level of each one, specifying any associated user name, the number of lowercase, uppercase, numeric and alphanumeric characters. It is a very useful program if you suspect the theft of passwords belonging to third parties through brute force attack.

DOWNLOAD | Password Security Scanner

Wireless Network Watcher (System)

This is a particularly useful program if you suspect that someone has stolen your WiFi key: it allows you to analyze the network to which you are connected and to view numerous information on the connected devices including the identification, the MAC address and the operating time.

DOWNLOAD | Wireless Network Watcher

Speccy Portable (System)

In view of a reinstallation of the operating system, there is no more useful program: the Piriform utility can in fact display and save  all the hardware information related to your computer so as to allow you to perhaps download, at a later time, the appropriate drivers (even if in this case we suggest the use of a program such as IOBit DriverBooster). In addition, Speccy allows you to view and save the serial number as well as the state of the operating system, as well as the activity and temperature of the CPU, motherboard, graphics card and possibly RAM memory.

DOWNLOAD | Piriform Speccy Portable

CrystalDiskInfo (Diagnostics)

It allows you to check the health of the disk or disks installed on your computer, with the possibility of viewing numerous details. A godsend that will allow you to understand if the problem is to be found in disk wear in the event that, after a thorough and thorough cleaning of the system, blockages and slowdowns continue to occur.

DOWNLOAD | CrystalDiskInfo Portable