We often discover viruses on our PCs when they materialize as fake anti-spyware, where a pop-up says you’ve been infected and points you to a website which, for $49, will cure it. But these FakeAVs account for only about 20 percent of all viruses circulating. Most viruses are hidden, often in rootkits where they’re not detectable by conventional AV software.
Rootkits are hidden files in a directory structure. They’re difficult to detect when the OS has been compromised. AV software is helpless against them because it looks for viruses in plain sight. To see them, you need a clean version of Windows to scan the directory structure.
In May, Microsoft released a beta version of Standalone System Sweeper, which runs a PXE version of Windows. This stripped down version of the OS has better success scanning the directory for rootkits because it’s like attaching your PC to another machine’s AV. Standalone System Sweeper comes in 32 and 64 bit flavors, and boots from a CD, DVD or thumb drive.
In my test, the scan took about 40 minutes on a 32 bit version of Windows XP with Office 2003. It offered choices (like extensions to skip) and offered to download the latest signatures.
In the enterprise it’s common to reimage or replace a machine that’s infected, but this tool is effective for scanning the image itself for hidden viruses. All you need is a PC that can boot to a USB or static drive and an Internet connection. For home users or smaller companies, it’s best when used on a regular basis to check for and remove rootkits and viruses, saving a day’s worth of work of having to reinstall the OS, the applications and settings.
Photo: New York Public Library