Microsoft Provides Bootable Malware Scanner for Infected Computers

Microsoft is providing customers with a standalone malware scanner running from bootable CDs, DVDs or USB drives, for use on systems that are infected with sophisticated threats.

Computer malware comes in various forms and with different capabilities. Some threats are more sophisticated and resilient to removal than others.

Many families of malware interfere with certain antivirus programs by preventing them from running on infected systems or stopping their services.

Others prevent access to security websites in order to prevent victims from downloading anti-malware programs or asking for help.

One of type of persistent malware is rootkits. These register themselves as drivers which gives them low-level access to the operating system.

In some cases they can even interact directly with the hard drive without relying on the Windows file system APIs and they can use this functionality to protect themselves.

One particularly nasty type of rootkits is capable of writing code into the master boot record (MBR). This allows them to control the boot process and start even before the operating system, reason for which they are referred to as bootkits.

All these threats pose various problems for traditional antivirus programs which can make properly cleaning a Windows installation while it's running impossible.

To solve this issue, some antivirus vendors have created so-called rescue discs, bootable CDs that start a separate operating system and can run their anti-malware products unrestricted.

This is a very effective method, because the malware can't interfere with the scanning process and everything is run from memory; nothing is installed on the hard drive.

It looks like Microsoft has decided to provide a similar solution in the form a tool called Microsoft Standalone System Sweeper. This tool is still in beta and depends on the Windows installation. The other antivirus vendors normally use Linux for their rescue discs.

Users can download a builder application which creates a bootable CD, DVD or USB drive. They have to choose between a 32-bit or a 64-bit version, depending on the architecture of the infected Windows system they want to clean.

It seems this tool might have been available for some time now, but Microsoft didn't actively promote it to the masses. Instead, it asked its customer support staff to decide which cases warrant its use.

Microsoft Standalone System Sweeper can be downloaded from here.