You wait for Microsoft to produce a security product and lo, two come along almost at once. Not long after the appearance of Microsoft Security Essentials, we now have Microsoft Standalone System Sweeper Beta 1.0:
“…a recovery tool that can help you start an infected PC and perform an offline scan to help identify and remove rootkits and other advanced malware. In addition, Microsoft Standalone System Sweeper Beta can be used if you cannot install or start an antivirus solution on your PC, or if the installed solution can’t detect or remove malware on your PC…”
Malware and rootkits are difficult to remove while the system is running, their nature is to hide within the operating system so even if you know they are there, you can’t see them. The only reliable way to remove a rootkit is by scanning the hard disk while the system is offline and comparing known good system files to those on the hard disk. Microsoft has now brought it’s own software tool to bear on the problem.
This new tool has been posted on a sub-page of Microsoft’s support site as a public beta product. To be clear, the company insists: “Microsoft Standalone System Sweeper Beta is not a replacement for a full anti-virus solution providing ongoing protection; it is meant to be used in situations where you cannot start your PC due to a virus or other malware infection.”
Following this is a puff for Microsoft Security Essentials.
There are two versions available for free download, for 32-bit or 64-bit target machines, to match the Windows version with the suspected infection, so you need to know whether the target computer is running a 32-bit version or 64-bit architecture of the Windows operating system. You need to create the bootable media (CD, DVD or USB stick) on a second, uninfected machine, but it doesn’t matter what Windows version or architecture this second machine is running.
You have to download the stub installer program from the System Sweeper page, and have a blank CD, DVD, or USB drive with at least 250 Mb capacity on which to install it. An internet connection is mandatory.
It will work on Windows XP Service Pack 3; Windows Vista (RTM, Service Pack 1, or Service Pack 2, or higher); Windows 7 (RTM, Service Pack 1, or higher) in both 32-bit and 64-bit editions.
I created a bootable System Sweeper USB stick for 32-bit windows but downloading and running the stub installer; this downloads the disk image and installs it on the flash drive.
MS System Sweeper boots into a single-tasking session containing one window for System Sweeper itself. It will prompt to carry out a scan. On the Windows 7 machine I ran it on, it took 2hours 10 minutes to conduct a full scan. Fortunately it found no malware. In the evetn of finding something, the main window will come up with an event log and a recommended series of actions to remove it. System Sweeper will offer to remove malware in it’s database automatically.
Bear in mind this is a public Beta release and the license agreement absolves Microsoft of practically all liability. Back up any volatile data on the target machine before you allow System Sweeper to act against any malware it finds – data files, not programs; you don’t want to restore any infected files from backups after System Sweeper finishes.
It is early days in the life of System Sweeper so I’ve seen no feedback as to its efficacy in malware removal and I’m not about to go find some for a test on the two working machines currently here! AJS