Monday, July 4, 2011

Malware scanner

Worms and trojans and viruses – Oh my! But beware the insidious rootkit, my child, because it is invisible. If you get a rootkit, it burrows deep into your system and disappears. Only a program specially designed to look for it will find it.

Microsoft has recently introduced the Microsoft Standalone System Sweeper (MSSS) that will, among other things, find and kill those pesky rootkits. Get the program at

MSSS is used a little differently than other one-time scans you’re familiar with such as MalwareBytes. It creates it’s own bootable CD or USB drive and you run it outside of Windows. It does this so it can find rootkits which, by definition, are hidden when Windows is running. If you actually bought your antivirus program on CD, it probably can do this; except MSSS is a little different (at least since I last had an AV CD). It doesn’t offer, but requires, that you update your definitions before running a scan.

Go to the download page and choose whether you want 32-bit or 64-bit. This button runs a downloader that gives you the option to create a bootable CD, bootable USB thumb drive, or download an ISO (Fig. 1). I’ll tell you what to do with an ISO next month; but until then, save yourself a lot of trouble and choose one of the other options.
Fig. 1 MSSS downloader
Fig. 1. The MSSS downloader menu (this image may have changed).

I decided to try MSSS out on my file server. When it runs a full scan – the default your first time – it alerts you the scan could take hours. Sure enough, after 4:52:42, it reported the number of “resources scanned” was 3,520,572!

Admittedly, my single C: drive runs about 350 GB (there’s a lot of client files I really should throw away). The program looked inside compressed files, naturally. It also looked inside downloaded .ISO CD images. To my surprise, it looked inside some Outlook .PST files to find a virus in the attachment of a piece of spam.

Creative Commons License
work by Bill Barnes is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
Permissions beyond the scope of this license may be available at