One of the problems with malware is that it is often difficult to remove while the system is running. Last week, I dealt with a particularly sticky infection that I couldn’t remove until I used a boot CD. In the case of rootkits, their very nature is to hide from the system, so you often don’t even know they are there. The only reliable way to remove a rootkit is by scanning the hard disk while the system is offline and comparing known good system files to those on the hard disk.
While not broadly publicized, Microsoft has developed a tool to remove rootkits and other advanced malware from systems running these versions of the Windows operating system: Windows XP Service Pack 3; Windows Vista (RTM, Service Pack 1, or Service Pack 2, or higher); Windows 7 (RTM, Service Pack 1, or higher) in both 32-bit and 64-bit editions. The tool is called “Microsoft Standalone System Sweeper Beta.” Looks like it has been designed for use by support personnel.
Thank you for contacting Microsoft Support. You have been directed here to download and install the beta version of Microsoft Standalone System Sweeper Beta, a recovery tool that can help you start an infected PC and perform an offline scan to help identify and remove rootkits and other advanced malware. In addition, Microsoft Standalone System Sweeper Beta can be used if you cannot install or start an antivirus solution on your PC, or if the installed solution can’t detect or remove malware on your PC.
Microsoft Standalone System Sweeper Beta is not a replacement for a full antivirus solution providing ongoing protection; it is meant to be used in situations where you cannot start your PC due to a virus or other malware infection.
I haven’t tried it out yet, but it’s probably a good idea to download and build bootable media for both the 32-bit and 64-bit editions.
If anyone tests this before I do, please leave a comment.