Utility Spotlight: Repair Your PC Infection
Microsoft Standalone System Sweeper can clean up your system after a virus infection and help you get back into Windows.
Sometimes a rootkit virus or other malware can so thoroughly infect your PC that you can’t even boot it up to repair the damage. For cases like this and other situations where malware is in so deep you can’t remove it, Microsoft has a free tool called the Standalone System Sweeper.
This utility lets you create a bootable CD or USB stick that can scan for and remove the infection. It also serves as a boot disk so you can get back into Windows. The Standalone System Sweeper is currently in beta. You can download a copy from the Microsoft Connect site. There are 32-bit and 64-bit versions available, so be sure to download the correct version to support your version of Windows. If you support a mixed environment, download both versions.
After downloading the appropriate version of Standalone System Sweeper (mssstool32.exe for 32-bit Windows and mssstool64.exe for 64-bit Windows), you can run it on any PC. To get started setting up the boot media, you’ll need either a blank CD or a USB device with at least 250MB of space. If you opt to create your boot media on a USB drive, make sure there’s no important data on it, as the process of creating the boot media will reformat the device.
Depending on your environment, it’s probably a good idea to set up a CD and a USB device so you have both types available. You’ll also need to be online when you create the boot media, as the utility will download the latest antivirus updates.
Running the executable file opens Standalone System Sweeper to create the boot media. The Select Media screen asks whether you want to use a CD/DVD or USB drive. A third option lets you create an ISO file so you can run System Sweeper within a virtual machine to scan for and eliminate any viruses (see Figure 1).
Figure 1 You can create boot media with Standalone System Sweeper.
Choosing the CD/DVD option downloads and processes the necessary files, burns them to the disc and then verifies the burn was successful. Selecting the USB option verifies the device and reminds you it will be reformatted. The tool then downloads and processes the files, reformats the USB device, and copies the necessary files.
After you’ve run Standalone System Sweeper to create the boot media, you can easily examine its contents. You’ll find the necessary boot folders and files for the Windows Preinstall Environment and a file called mpam-fe.exe or mpam-fex64.exe, which downloads the latest antivirus updates.
To run the CD/DVD on the infected computer, just pop it in the drive and boot from CD or DVD. To boot off the USB device, make sure that capability is enabled in the BIOS and choose that option when booting up.
The boot disc will load the necessary startup files and automatically launch System Sweeper. By default, the tool will prompt you to run a full system scan (see Figure 2). A full scan can easily take several hours, depending on the number of files on the target hard drive. You may want to run a quick scan or custom scan initially.
Figure 2 A quick scan is good, but a full system scan is better.
The quick scan examines key Windows .exe and .dll files. It typically takes a few minutes to run. The custom scan lets you choose which drives and folders you wish to scan. If the quick or custom scan turns up empty, you can always run the full scan (see Figure 3).
Figure 3 A full scan gives you details as it sweeps your system.
After the scan continues, System Sweeper will alert you when it finds any “unwanted items.” Reviewing any detected items displays the name of the malware, its alert level (low, medium or high) and a recommended action (remove, quarantine or allow).
You can also view additional details on the detected item, such as its category type (virus, adware and so on), its location and the recommended action. Choose an action and then click on the Apply actions button to run that command. After cleaning up the malware, the utility will prompt you to restart your PC to see if Windows will boot.
Launching the Standalone System Scanner gives a variety of options for your scans. The History panel displays details on any previously detected viruses. The Tools and Settings panel lets you customize your scans. You can exclude specific folders or file types you don’t want to scan, and indicate whether you want to scan archived files, e-mail or removable drives.
You can review quarantined items, permanently remove them or restore them. There’s also an option under the Help menu that lets you check for antivirus updates. You’ll want to periodically run this option to ensure that Standalone System Sweeper is scanning with current settings.
Within the Windows folder on the scanned PC you’ll find a subfolder called “support.” This contains log files you can open to review the details of each scan.
Standalone System Sweeper is compatible with Windows XP SP3, Windows Vista and Windows 7. Standalone System Sweeper is a handy tool to have in your arsenal the next time any Windows PC you have to support gets hammered by a nasty virus.
Lance Whitneyis a writer, IT consultant and software trainer. He’s spent countless hours tweaking Windows workstations and servers. Originally a journalist, he took a blind leap into the IT world in the early ’90s.