By Susan Bradley/Windows Secrets Newsletter
If you want to build an advanced system-cleaning and -recovery toolkit, here are my recommendations. Some of these tools have been around for a while, and some are in beta. Test them out and see what you find — you might be surprised.
Making it more difficult for malware to hide
Microsoft Standalone System Sweeper. Microsoft finally has its own offline tool — currently in beta — that lets you build bootable media and scan a system without running the installed (and possibly corrupted) version of Windows. Historically, this capability has required Linux and a third-party app. It’s nice to see Microsoft stepping up to the bar and offering its own version.
The System Sweeper (shown in Figure 1) scans for malware from a clean, protected environment. After you reboot your PC with the System Sweeper–created media, it’s considerably harder for malware to trick the operating system. Try it out. Go to System Sweeper’s home site and download it, then follow the instructions in a Security Garden blog. System Sweeper can boot from a USB flash drive or a CD-ROM.
Figure 1. Microsoft’s System Sweeper makes it difficult for malware to stay hidden on your PC.
Kaspersky Rescue Disk. This tool, shown in Figure 2, has been around for a while and works much like Microsoft System Sweeper: you download an ISO file from the Kaspersky site and build bootable media — either CD or USB. But because you’re downloading an ISO file, creating a bootable rescue disk is more complicated than with System Sweeper.
With the Kaspersky utility, you’re booting an alternative operating system. That helps with malware detection because a virus built for one operating system may not be clever enough to hide from another OS. Once you’ve created the rescue disc, it’s relatively easy to have Kaspersky’s app scan the hard drives and clean the system.
Figure 2. Kaspersky Rescue Disk works below Windows to scan and clean a PC.
Windows Recovery Console. Often overlooked by PC users, Windows Recovery Console was highlighted in a recent Microsoft Malware Protection Center blog as a way to clean and repair Windows’ master boot record. For example, if you get flagged as having the Win32/Popureb.E Trojan (description), Microsoft strongly recommends following the instructions in the blog. Once you’ve launched the Recovery Console, run the command bootrec.exe /fixmbr to replace the master boot record with a clean version.
For more on this topic, see Lincoln Spector’s July 8, 2010, story, “Rescue Windows with a bootable flash drive,” in the paid section of Windows Secrets online.
Password-recovery apps and other useful tools
Online NT Password & Registry Editor. We’ve covered password recovery tools before, notably in Ryan Russell’s April 22, 2010, item, “Recovering lost passwords using boot CDs” (paid content). But I want to recommend Peter Nordahl’s password-recovery tool (info/download site), which resets the Windows admin password and works on all versions of Windows from NT Version 3.5 on. It’s not new, but it’s still effective when you get locked out of your PC. It even re-enables a disabled administrator account.
This post is excerpted with permission from Windows Secrets.
