Earlier this month Microsoft has announced Microsoft Standalone System Sweeper in beta, a recovery tool that can help you start an infected PC and perform an offline scan to help identify and remove rootkits and other advanced malware. Basically it is similar to what Kaspersky Rescue Disk and Avira AntiVir Rescue System does which is to boot up the computer with it and scan the computer without Windows being loaded. The good thing about using a rescue system is no matter how powerful or smart the malware is such as a MBR rootkit, it cannot do anything to hide its presence from security software because it is inactive.
There are 2 versions of Microsoft System Sweeper, the 32-bit and 64-bit. If you want to scan a Windows system that is 32-bit, you will have to use the 32-bit version of Microsoft Standalone System Sweeper. If you attempt to use the 32-bit version of Microsoft System Sweeper on a 64-bit Windows, you will end up with an error saying “Windows Defender Offline cannot be started. The media you are attempting to run is for 64-bit operating systems and is not compatible with the 32-bit operating system on this computer. Error Code: 0x8004cc07.” So if you are a computer technician, you may need to have two versions of the Microsoft Standalone System Sweeper in hand because it is impossible to tell without booting in to Windows and check from System.
After downloading the correct version of Microsoft Standalone System Sweeper, run the tool and you will be asked to select the device you want to use to create Standalone System Sweeper. You can either select a blank CD or DVD, USB drive that is not password protected, or create an ISO file so you can burn it later. Upon clicking Next, the tool will start downloading the necessary files which is over 200MB and install it on the medium that you’ve chosen.
To use Microsoft Standalone System Sweeper, you will have to boot up your computer with the CD/DVD or USB and follow the on-screen instructions. Windows Defender Offline will automatically run allowing you to run a quick, full or custom scan. It is also possible to update the definitions if the computer is connected via LAN.
If you haven’t noticed, the Microsoft Standalone System Sweeper is actually based on Windows Defender. Windows Defender is included and enabled by default in Windows Vista and Windows 7. Although Windows Defender is provided for free by Microsoft on Windows computer but many still opt to use other third party antivirus software such as AVG, Avira, Avast or Microsoft Security Essentials because Windows Defender is only an antispyware program and does not use heuristics to classify the replicating programs like viruses.
As a simple test, I copied 3 malware samples (Whistler, TDSS4/TLD4, Mayachok/Cidox) that is already detected by most antivirus software to my test machine and the updated Windows Defender can only detect Whistler and TDSS4/TLD4 while missing Mayachok/Cidox. I then installed Microsoft Security Essentials and it caught all 3 malwares. Although Windows Defender’s detection is not that superior, no harm having an additional rescue disk alternative.
Download Microsoft Standalone System Sweeper
Related posts: