I heard about this new tool from Microsoft the week of June 15, 2011 and wanted to try it out. Standalone System Sweeper (in beta), is made to use on those computers so infected that they can’t be booted up without having the malware instantly taking over the machine. The System Sweeper software is downloaded (to a clean computer) and then installed either to a USB drive or CD and it becomes your bootable solution to start the computer and run a scan. Pretty cool – it bypasses the installed OS and boots from the CD or USB stick and loads windows and starts a scan of your computer.
There are 2 flavors – you can download both versions to the same computer and get them ready, but be sure to run the scan on the appropriate computer. You will need a Windows Live ID (free) to do the download.
For detailed instructions and screenshots, I’ll direct you over to Ask-Leo as he’s gone into more detail than I would have on the step-by-step, complete with illustrations.
The download is really a 2-part procedure. I thought I was ready to go after I’d downloaded it, but the download is an .exe file that needs to be extracted and put on a CD or USB drive. When you’re ready to run it, Leo says to change the boot sequence to either your CD or USB drive, but I found I didn’t have to do that. I rebooted the computer, hit the F12 key until it took me to the boot sequence screen, then I simply arrowed to my USB drive, hit enter and it went ahead and loaded windows and started the scan. That was nice that I didn’t have to change the boot sequence.
My Scan Found Thirty Trojans/Other Malware
I’ve run it on two 64-bit computers so far. The scan on my desktop (work) computer took 2’20”. I was truly shocked when it said it found 30 different Trojans, Backdoors, etc. on that machine. I thought for sure there was something wrong with the results. But I scrolled down the list and it named each Trojan and Backdoor item and it also told me the location of the malware. Twenty-nine of them were located in a folder where I’d stored a website backup I made of a site before building a new site. When I talked to my IT guy about it, he said since most malware comes from infected websites, he wouldn’t be surprised. Since the files were downloaded as a backup, I’m guessing that all those bad things were just lying dormant in there. I think they were dormant because my machine never showed the signs of infection on it. The one other Trojan was from Java and was in my Sun Java folder (I know Java can be bad news).
I spent a little time scrolling through all the names of the bad stuff. There’s a button to get more detail on the malware and looked at what they said about the different kinds of malware. I wished I could have gotten a screenshot of it, but since I was in this dedicated scan mode, I couldn’t do it. The way the scan results are set up, the rectangular box with the results is only about 2” high, so I couldn’t see the whole list of malware at once—had to keep scrolling down. I might have tried taking a snapshot of all the malware if the box could have expanded. Then on the same results page I was given the choice of how to handle the infections. Quarantine, Remove and Allow were the choices. I chose remove! When I chose ‘Remove’, it said it might take a few minutes. Thirty minutes later, it was still stuck at about 3/4 done. So I figured it was locked up and had to do a reboot and ran the scan again.
I chose to not scan the whole computer again. Luckily, there are options to scan particular folders, so I chose the 2 folders the malware was found in and ran it on just those 2 folders. It found the same number of infections – only a lot quicker. I clicked the ‘remove’ again, and this time, it zapped them in about a minute. Then I ran another scan on those folders and they came up clean, so I was done with that work station.
Next, was my Lenovo laptop. I rebooted and hit F12 and selected USB and it went into scanning mode. This one took 2 1/2 hours and it found Firesheep on my laptop. I clicked ‘Allow’, since I put it on there to try it out. I was very relieved it didn’t find anything really bad.
Then I used it on our 32-bit family computer and it found nothing.
- I was pleased with the tool, although it did stumble a bit when I tried to remove the Trojans the first time.
- It should be noted that you’ll need to update the definitions of the tool each time you need to use it, (same as you do with Malware Bytes).
- I like that Microsoft built it so certain drives and one or multiple folders can be selected to scan.
- If you’re using this on a client computer, you’ll probably want to take it with you since scan times are very long.