NoBot is a portable malware scanner for Windows

Martin Brinkmann
Jan 5, 2018

NoBot is a portable spyware and malware scanner for the Windows operating system that focuses on detecting bots, spyware, and other types of malware.

I like portable security applications as I run them regularly on Windows machines as second opinion scanners. Fact is, no antivirus solution is perfect, and some may even introduce issues of their own on user systems.

A second opinion scanner may find threats that the resident security solution did not detect. It may, on the other hand, introduce issues of its own.

You may find the following reviews useful as well:


NoBot is a portable software program that you can run from any location. The security program is offered as a free and a premium version. The free version is somewhat limited in regards to scan options and some other functions.

It supports the following features that the free version does not support:

  • Full scan and custom scan are not supported.
  • Scan for module injection.
  • Scan System Startup tasks.
  • Scan Windows Directories.
  • Check Windows Security settings.

The interface is identical in both versions. The interface is tab-driven, and it is here that you select the various available options.

Scan is probably the most important one as it allows you run scans for threats on the system. The program supports three different scan types:

  • Threat Scan to search common directories like the User folder for viruses, malware, and spyware.
  • Custom Scan to scan user-selected locations.
  • Full Scan to run a scan of all directories and files of the system.

Free users can run threat scans only; the two other scan options are reserved for premium customers. This limits the usefulness of the free version somewhat, but it is still okay if you use the program as a second opinion scanner.

The program does not reveal the folders that are included in the threat scan. It does scan the Registry, the User folder, and the program files folder at the very least (since it displayed hits in the scan results). NoBot scans (some?) files on VirusTotal which may explain why scans take longer than regular antivirus quick scans.

The threat scan takes a couple of minutes to complete which is not overly impressive considering that NoBot scans a low number of Registry keys and files only. The scan took 5:16 minutes on a fast SSD-powered system and scanned a total of 170 files and 67 Registry keys.

The program lists hits as they happen in the interface. You may need to change the size of the program window to display full Registry or file paths without scrolling on the screen.

NoBot does not act on its own after the scan which is good. It is up to you to go through the list of potential threats one by one for verification.

Buttons to clean the selected items or to run another scan are provided. A right-click reveals additional options as you can use the context menu that opens to add items to the list of exceptions and to open the file location on the local system. The latter works only for files and not Registry keys despite the fact that it is displayed for Registry key right-clicks as well. It would be nice if the developers would add an option to jump directly to the Registry key as well.

The type column provides the only indication why a file or Registry key is listed as a threat by NoBot. These reveal little to the user, however.

You can make some modifications on the Settings tab. Two of those handle the submission to VirusTotal. You can disable the submission entirely or disable the automatic submission only. Other options let you disable the scanning of the Registry, and the detecting of suspicious file paths.

The two remaining tabs, Quarantine and Exceptions, give you options to manage the quarantine and list of ignored files or keys.

Closing Words

NoBot needs a bit of work. The developers need to add information to the company website that explains the program's functionality in detail. It would also be useful if they'd mark the premium-only scan options as such and provide more explanation about discovered threats.

The developers note that their program uses heuristics to detect threats. While that may improve the chance of detecting unknown threats, it usually does increase the number of false positives as well.

Now You: Do you use second-opinion scanners?

software image
Author Rating
4.5 based on 11 votes
Software Name
Operating System
Software Category
Landing Page

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Justin said on October 17, 2019 at 10:28 pm

    ran a threat scan works as fine
    will definitely keep it in mind

  2. Alec said on October 4, 2018 at 8:47 pm

    just downloaded and ran a quick scan (I like that there is no install). scan was kinda slow with virus total anlysis enabled but I’m assuming that’s because it has to upload the files? with virus total anlysis checked off the scan runs much quicker. overall nice utility I can see using it from time to time.

  3. Carl said on January 14, 2018 at 10:13 pm

    Ran a threat scan. Didn’t find anything. Nice program and I like that I can just throw it on my USB and use it on the go. Thanks for the share

  4. FALSE POSITIVE said on January 13, 2018 at 8:32 pm

    @ A. the FP have been lowered to 3.

  5. FALSE POSITIVE said on January 13, 2018 at 8:30 pm

    FALSE POSITIVES is a political wing that undermines the enemy with Ad-Hoc misleading accusations.

    By FALSELY POSITIVELY tagging someone’s code, AV enterprises do a double hurt to the IT Community:

    a) They use their authority to warn the customers about non-existent threats.

    b) They do a favour to malware creators, enabling the FALSE POSITIVE Charade.

  6. A. said on January 11, 2018 at 7:57 pm
    1. Martin Brinkmann said on January 11, 2018 at 8:00 pm
  7. sneezing__panda said on January 6, 2018 at 2:41 am

    NoBot first started out on HF as an easy way to remove common RAT’s and Keyloggers. It just now started getting some more updates. If something is marked wrong it’s likely a false positive.

    1. sneezing__panda said on January 6, 2018 at 2:51 am
  8. mxb said on January 6, 2018 at 2:41 am

    Their website seems to be blocked on my AV.

    “Bitdefender has blocked this page
    This website was blocked to prevent a malware from reaching your device. Malware can cause your device to slow down or it can steal your private information.”

    Bitdefender is usually not one to flag competitive sites, so I’m definitely staying away until this has been resolved.

  9. Sergey said on January 5, 2018 at 4:49 pm

    Is it possible that meminfo really has a trojan miner in its exe?
    Does anybody have any info on this?

    1. Martin Brinkmann said on January 5, 2018 at 5:06 pm

      I doubt it. Did you check it on Virustotal as well?

      1. Sergey said on January 5, 2018 at 5:22 pm

        According to Virustotal meminfo.exe is clean.
        But I’m still curious why NoBot marks it as a trojan miner.

      2. Robert said on January 5, 2018 at 11:48 pm

        False positive. That is why I haven’t used Virus scanners in years other than Microsoft’s built in one. Most of them will block you from using software like “Nirlauncher” and “GPG4Win”. “NoBot” is likely another false positive.

      3. pHROZEN gHOST said on January 5, 2018 at 8:06 pm

        It also flags my clock.exe … a program which I wrote :-o

      4. Sergey said on January 5, 2018 at 10:06 pm

        Does it flag your clock.exe as a trojan miner or as something else?

  10. TelV said on January 5, 2018 at 3:33 pm

    Malwarebytes didn’t flag Nobot as a harmful site, but I’m surprised they don’t have an SSL-enabled site. Also, I couldn’t find any links on the home page to indicate who they are so I’ll give that one a miss I think.

    I’ve used Microsoft’s portable scanner from time to time, but that’s about all.

  11. XenoSilvano said on January 5, 2018 at 3:17 pm

    I use the portable offerings of IObit whenever I am away from the main computer that I use

  12. Anonymous said on January 5, 2018 at 1:13 pm

    Bitdefender blocks hhtp:// as Harmful Website

  13. Janice said on January 5, 2018 at 12:15 pm

    F-Secure blocks as Harmful Website…

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.