Microsoft Standalone System Sweeper (Beta) By Bruce Preston Suppose for a moment that your computer has been hit by some sort of malware such that it won’t even boot. This can happen, even if you have a full-time anti-virus product running, as there is zero-day exposure – the interval between a malware item being released “into the wild” and it being identified and the signature being distributed to anti-virus applications. If you call your computer manufacturer’s support line, in more cases than not, the advice will be the knee-jerk reaction: “Reinstall Windows from you recovery CD” which often results in the machine being reset to factory configuration – with the subsequent loss of products installed after purchase, software updates, and in the worst case scenario – loss of data. You did create the recovery CD(s) immediately after you bought the computer, didn’t you? Having the image on a partition of the hard drive does you no good if the drive fails. And while I’m asking, do you have a complete, current backup of your data? Let’s assume that you didn’t. What now? A few years ago Microsoft released a series of free security applications, first as “Windows Defender” – an anti-spyware application, and now a suite of applications including anti-virus under the “Security Essentials” umbrella. The newest component is Microsoft Standalone System Sweeper, which is available as a beta release. It can find and remove root kits, malware and virus infections. This is most definitely not a replacement for anti-spyware and anti-virus packages, instead is it a tool to be used to clean a computer that has already been compromised. The word Standalone refers to the fact that it must be run from either a bootable CD/DVD or from a bootable USB flash drive. The product is a free download, and comes in either a 32-bit or 64-bit version. When you run the installation program, it asks you for either a bare USB flash drive or blank recordable CD or DVD media. The machine I used for testing does not support boot from USB, and CD media costs a lot less than dedicating a USB flash drive. I don’t have a machine that won’t boot, but decided to do a test run to see how the product works. It is a good idea to be familiar with a recovery tool rather than learn its use when under duress. I used a Windows XP SP3 machine that has been kept up to date as far as critical updates. I downloaded the 32-bit version from Upon launching the installer, it informed me that I also needed Image Mastering API v2 (kb932716-v2) which is used to write a CD image from within an application. The link in the pop-up alert just took me back to the system requirements page at the above link, but IMAPIv2 wasn’t referenced. I had to search for it, and finally found it here: http://tinyurl.com/3h7xqm2 Once IMAPIv2 was installed the installation proceeded with a further download that it then burned to a CD. To run the sweeper, put the CD in your drive and then restart the computer. At the “Boot from CD” prompt press any key and your computer will boot a subset of Windows 7 and immediately launch the Standalone System Sweeper. Agree to the terms, let it update the signature database (which implies that you have an internet connection,) and then click the SWEEP item in the top bar menu. The first thing that I noticed was the notification “This may take a few hours…” That should go in the Guinness Book of World Records as an understatement. On my machine it took 9:53:41 – yes, almost 10 hours! It examined 6,388,935 files (131 GB used.) It found two items – one Trojan at the ‘Severe’ level in a downloaded utility that purported to unlock files left in a locked state. It was several years old and I had uninstalled it but never blew away the installation package. It identified a component that appears to have targeted eBay activity. I let the program delete it. (By the way – the Mozilla organization has File Assassin that performs that function well.) The second was a medium level warning about a left over component of an uninstalled copy of Partition Magic v5. I let System Sweeper delete it as well. Since my machine was never in a won’t boot state, I can’t report that Standalone System Sweeper would fix that condition, but recommend that you create the appropriate 32-bit or 64-bit CD against the possibility that some day you may need it. I was very impressed that it found two things that other products had missed. I’ve created the 64-bit CD as well – just in case.
|
 Click Here |
 |
 |
DacsGear!
|