Linux
Apache
MySQL
PHP

CSS
XHTML1.1
XML/RSS

Creative Commons

2011-06-03 09:42:45

First Party Tools For Removing Windows Malware

Hopefully, if you're a Windows user, you already know that Microsoft has a free, first-party antivirus tool that you can download and install to help protect your system. It is called Microsoft Security Essentials and can be downloaded from here:

https://www.microsoft.com/en-us/security_essentials/default.aspx

What you may not know is that Microsoft just released a tool for rootkit detection and removal. For those of you who don't know what a rootkit is, you're probably infected. Just kidding... but seriously. A rootkit is a type of malware that installs itself onto your system in such a way that it is completely, 100% undetectable by antivirus programs. It does this by replacing the low-level system files that operate at a lower level than antivirus programs with it's own copies.

These malicious copies do two things. First, they act 100% like the genuine system files, so that your system still functions. Second, and this is the kicker, they hide all of the malicious files installed on your system so that they can run and you don't even know that they're there.

One example of this is getting a directory listing. Let's say that you open a command prompt and run 'dir'. That's a normal system command that should just show you the contents of a folder. However, when you have a rootkit this command will run, deliver the results to the rootkit which will strip out all of the malicious files, then show you the "cleaned" list of files. You'll never know that a malicious file exists in that folder because it is removed from the directory listing before you ever see the list. That's just one simple example of how a rootkit operates.

So, suffice it to say, rootkits are undetectable from within your computer. This is why Microsoft made a new tool: System Sweeper. System Sweeper is a bootable rootkit remover. Obviously, or maybe not so obviously, you can't remove a rootkit if you can't see it. I've already explained that within your system you can't see the rootkit, therefore you can't remove it by installing some removal tool on your system. This is why System Sweeper doesn't get installed on your system.

System Sweeper is a bootable ISO file, which you can burn to a CD or thumb drive. You reboot your computer with the CD or thumb drive in, boot to it, and it will scan and attempt to remove rootkits from your computer. Then you can reboot into Windows and use your computer as normal, rootkit free!

Microsoft offers one version for 32 bit systems and one version for 64 bit systems, so you need to use the right version depending on what kind of system you have. If you are unsure as to which you should use, do this to find out:
You can download the tools to make the CDs from the System Sweeper page, or you can just download the ones that I made and burn them to a CD or thumb drive.

MSSS_Media32.iso
MSSS_Media64.iso

Back

1 comments


2013-08-14 15:02:27


Hugo Napoli says...
Good information. It was helpful for me. Thanks you very much.

Post a comment!

Name:
Comment: