Rootkits are applications that are stored in hidden directories or volumes on your computer. They’re an effective way for virus writers to hide their weapons, since most antivirus software typically miss them. The disk must be analyzed from outside the OS. Microsoft’s solution is to boot to Windows PE (Pre-installation Environment) a lightweight version of Windows to perform the scan. It installs on a thumb drive or DVD and loads into memory.
Before you start make sure you have a blank CD/DVD or a minimum 250MB thumb drive. Then download the 32 or 64 bit version of MS Standalone System Sweeper.
Save the file to your desktop.
Double-click and run it.
Microsoft says you’ll need 250 MB of free space on your thumb drive. Click Next.
You can burn the image to a CD, DVD, USB or create and burn an ISO file. I chose USB. Click Next.
Select the drive letter for your USB file. Or the correct drive if you’re burning it to disc.
Remember MS Standalone System Sweeper Tool will format the USB drive. Make sure you back up anything you need before using it.
It takes several minutes to build the bootable USB. This is a good time to beat the next level on Angry Birds!
Click Finish and leave the thumb drive plugged in. Then restart your system.
You’ll want to modify the bios to boot from USB. On Dell’s choose F12, on others it could be F2 or Del. In the case below, I select to boot from USB Storage Device. Hit Enter.
Looks like Windows 7, but it’s PE.
Standalone System Sweeper starts up.
Next click Start Full Scan.
Now MS Standalone System Sweeper will start scanning your system. The amount of time it takes will vary. I scanned three machines and each took about 45 minutes to an hour.
Luckily in my case, no rootkits were found. If your test finds a rootkit, send us a photo and leave a comment below.
After the scan complete, close out of MS Standalone System Sweeper and restart your system.
Using this tool doesn’t damage your to your PC or OS. You may have a rootkit installed and not know it, so it’s worth the hour it takes to run.