A kernel mode memory scanning driver for use in safely scanning loaded drivers in the memory of computer systems utilizing Windows.RTM. NT based operating systems, such as Windows.RTM. 2000, Windows.RTM. XP, and other operating systems utilizing the Windows.RTM. NT kernel base, for viruses. Prior to scanning the loaded drivers for viruses, the kernel mode memory scanning driver hooks a driver unload function of the operating system, and stalls any calls to the driver unload function to prevent the loaded drivers from being unloaded during scanning. After scanning is complete, any stalled calls to the driver unload function are released. In one embodiment, the kernel mode memory scanning driver is implemented as a Windows.RTM. NT 4.0 kernel mode memory scanning driver, and thus can be used on computer systems utilizing Windows.RTM. 2000 or Windows.RTM. NT without platform specific code.