Results 1 to 12 of 12
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    NH
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    MSFT Standalone System Sweeper - anyone using?

    Hi,

    MSFT has a new tool (supposedly) to assist in cleaning up an infected system. I downloaded the Standalone System Sweeper - installed it to a bootable flash drive (32bit) and updated the signatures. I have run this on a seriously infected Compaq laptop running Windows Vista. However, it runs a scan (about 5 hours worth, and I've done this twice).. finds three items - but when I click on the clean the system, I get an error that says (... file or drive you are trying to scan does not exist on this computer ... ) - well, that is not good.. I have some iPhone photos of the various screens and the final error if anyone cared.

    Does anyone have any thoughts or suggestions on what might be wrong?

    thanks,

    JimA

  2. #2
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,436
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts
    Jim,

    Welcome to the lounge.

    I've run this program on both my desktop & laptop w/o problem. Of course, neither was infected and I didn't run it from a USB drive. Be aware that the program is only good for 10 days before you have to download it again!

    Good Luck!

    EDIT: Sorry, I was referring to a different MS tool. I've downloaded this one and am giving it a try on my laptop.
    Last edited by RetiredGeek; 2011-06-27 at 11:00.
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  3. #3
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    If that one doesn't work, there are other tools that you can use. Here is a Windows Secrets recommendation, that should be good even if a bit "old": http://windowssecrets.com/windows-se...maged-windows/

    Another one from a good AV product: http://live.sunbeltsoftware.com/

  4. #4
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    This is the first time I've seen that someone has actually used this tool and reported back about it. It would be very useful if others who have tried it reported their experiences, too.

    Jim, I'd suspect that the error message may be related to permissions or redirections/file hiding due to malware damage. Without knowing what malware is involved and no knowledge of the usefulness of error messages given by the system sweeper, it's hard to judge.

    Running a full chkdsk on the affected drive might reduce the errors and allow the tool access to more files.

  5. #5
    New Lounger
    Join Date
    Dec 2009
    Location
    NH
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by RetiredGeek View Post
    Jim,

    Be aware that the program is only good for 10 days before you have to download it again!
    Yes, I am aware that it must be updated and I did the update prior to running the scan.

    JimA

  6. #6
    New Lounger
    Join Date
    Dec 2009
    Location
    NH
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by satrow View Post
    This is the first time I've seen that someone has actually used this tool and reported back about it. It would be very useful if others who have tried it reported their experiences, too.

    Jim, I'd suspect that the error message may be related to permissions or redirections/file hiding due to malware damage. Without knowing what malware is involved and no knowledge of the usefulness of error messages given by the system sweeper, it's hard to judge.

    Running a full chkdsk on the affected drive might reduce the errors and allow the tool access to more files.
    Since I can't boot to Windows and my understanding was this Standalone Sweeper runs on it's own - so not sure what permissions or redirections would be in place. Of course, I have no way of changing them anyways.. I get the results of the scan - and the items found are 1. Rogue:Win32/Winwebsec (pFoNoNI06310.exe)
    2. TrojanDownloader:Win32/VB.YAJ
    3. VirTool:JS/Obfuscator.AQ

    the program just fails to remove the items - and gives the error message (Standalone System Sweeper encountered an error: 0x80508019. The file or drive you are trying to scan does not exist on this computer. Chooose another file or drive, and then scan your computer again.) - Of course, this is after it completed the scan of the supposedly non-existent drive and listed the files/trojans/viruses found on said non-existent drive.

    JimA

  7. #7
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    Symptoms
    VirTool:JS/Obfuscator are detections for programs that have had their purpose obfuscated to hinder analysis or detection by anti-virus scanners. They commonly employ a combination of methods including encryption, compression, anti-debugging and anti-emulation techniques.

    These obfuscation techniques are used on various kinds of malware. The malware that lies "underneath" may have virtually any purpose. Hence, there are no obvious symptoms that indicate the presence of this malware on an affected machine.
    Trying to translate the above into simple cause/effect terms, it looks like the files may not be successfully deleted unless the 'driver' is loaded to 'uncloak' them.

    If you could access the drive as a slave in a well protected second computer, it might help you work out what's happening, run chkdsk on it, find and save any valuable data.

  8. #8
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,436
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts

    My Results

    Ok, I downloaded the correct tool and ran tests on my Laptop & Desktop with the following results:


    Description ---------- Laptop --------- Desktop
    Processor -------------- i5 M430 -------- Core2 Duo Quad Q6600
    MHz -------------------- 2.27GHz ------- 2.40GHz
    Scan Media ------------ CD ------------- USB
    Scan Type ------------- Full ------------- Full
    Elapsed Time ---------- 2:39 ----------- 2:20
    Resources Scanned --- 836,021-------- 2,342,030
    Alerts ------------------ 1 Med/Low ---- 1 Med/Low
    Removal --------------- Succeeded ---- Succeeded

    In both cases the item was Adware:Win32/OpenC... and the infected file was
    SIW-setup64.exe. the SIW utility still worked upon reboot since it was the installation file.

    YMMV
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  9. #9
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    Quote Originally Posted by RetiredGeek View Post
    Ok, I downloaded the correct tool and ran tests on my Laptop & Desktop with the following results:

    In both cases the item was Adware:Win32/OpenC... and the infected file was
    SIW-setup64.exe. the SIW utility still worked upon reboot since it was the installation file.

    YMMV
    Probably something like the Ask toolbar in the installer, at a guess.

  10. #10
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    S.F. Bay Area, California, USA
    Posts
    735
    Thanks
    15
    Thanked 80 Times in 78 Posts
    I use SIW, but it DOESN'T have an installer - it's just a program you download & run (portable). The latest build is 0526, released on 5/26/11. The author's website (gtopala.com) specifically mentions it's spyware free, suggesting that you may have downloaded a pirated/modified copy. I get most of my freeware from MajorGeeks.com to avoid just this sort of occurrence.

    Zig

  11. #11
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,436
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts
    Zig,

    I only use MajorGeeks & CNet.com to get downloads also.
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  12. #12
    New Lounger
    Join Date
    Dec 2009
    Location
    Manchester, NH, USA
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Exclamation Leaves a lot of files on hard drive after !!!

    NOTE THIS THOUGH !!! : Either the Boot CD creation process or the scan from the CD created a "Standalone System Sweeper" folder in the
    "Windows" folder.


    That folder had 771 MB in 14 folders with 25 files after a scan I did on 9/06/11. There isn't any uninstaller for those that I could find, and it left 5 or 6 entries in the Registry too !

    I did another scan on another PC also on
    9/06/11 and it left 182 MB in 19 folders with 25 files again.
    I deleted the folders & files and Registry entries to save space, but think Microsoft should have provided an uninstall method or advisory they were there!


    On 12/27/11 I ran this from a newly made Boot CD with newly downloaded definitions and it worked fine, found no malware, so couldn't test virus removal part. Interface looked like MS Security Essentials. It did not create the folder mentioned above again, so maybe they fixed that with the latest creator file? Just deleted the mssstool32.exe, mpam-fe.exe, and MSSS_Media32.iso files after making the Boot CD to clean up.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •