Guest post by “Microsoft has released its free Microsoft Safety Scanner. This scans for and removes malware from Windows systems without requiring prior installation. According to AV-Test’s Andreas Marx, the on-demand anti-virus scanner appears to be based on the Malicious Software Removal Tool (MSRT), but with the addition of a complete signature database. MSRT used a mini database of widely distributed threats and is distributed monthly via the automatic update function.”
Guess I’ll add this one to my list next time I have to do major cleanup on a machine
This needs a LiveCD option to be really useful. As long as the malware is running on the OS, then there’s still a significant chance that it can re-infect the system after it’s “removed” by the AV program. Booting into a separate OS is the only way to guarantee that the malware can’t be running when it’s removed.
I’m hoping this can be combined with BartPE to make that happen.
I was thinking the exact same.
I ran it on my work computer earlier – it runs “in-place” without installation, so I’m guessing if you booted BartPE and then popped in a USB stick with this on it, you’d be set…
Remains to be tested I guess.
Actually it looks like a big FAIL to me, and I’m all for free tools. Not only does it have separate 32 and 64 bit versions (WTH? For a virus scanner?) but it expires after 10 days which means give it up putting it on any kind of tool, not unless you want to make three of them a month!
For those that want a REAL tool I’d suggest Malwarebytes along with Stinger and AVG portable, along with Comodo System Cleaner (for cleaning out all the borked reg entries left behind) and Chrome Portable or Firefox Portable (for doing an online scan, using something like Housecall) on a WinPE or bootbale USB key.
Having a 10 day limit is just bogus! I was looking forward to having another tool in my toolbox but making it have an expiration date instead of simply updating on first run is Lame with a capital L!
That’s no need for a live CD. When AV finds a nasty virus, it can reboot the OS in safe mode, without loading start-up programs, services, etc.
Yes, there is. Half the time, the malware is still active in safe mode and cannot be completely removed, (it reinfects the system).
Edited 2011-04-21 15:17 UTC
Wow, you’ve obviously never encountered a truly nasty infection.
Offline scan is the most assured way to find/remove rootkits, etc.
Even then, once a machine is infected, it’s often impossible to know if it’s clean, you just pray that the 3 or 4 different AV programs you used found everything (often times, one will miss something that the other finds).
Win 8 to the rescue.
This is a nice move from MS. I hate bloated AV software which have 100+ megs, is always started when Windows boots up and slows and hinders the Os by scanning when it wants and what it wants. I like much more AVs which offer on demand scans.
I totally understand you: I ended up removing the AV from my Vista laptop.
However, unless I’m mistaken, I think most AV programs allow you to deactivate real-time scanning. I’ve mostly used Avira, it lets you choose between scans at read time, write time or both.
Very nice choice from MS for those who may not have access to it’s cousin in the MSDaRT toolset.