The following is from: ANDREW TECH HELP http://andrewtechhelp.com Microsoft Safety Scanner Monday, 25 April 2011 23:32 Administrator Andrew Microsoft Safety Scanner One of the worst things computer manufacturers have done for computer security is to include trials of commercial anti-virus software on computers they sell. This may sound strange, because having these computers going out of the factory with commercial anti-virus software means that they have protection as soon as they leave the factory, but it also means the user thinks they're protected, well after the software expires. The user doesn't have to pay for this software when they buy the computer and yet it's pre-installed and working, so most users assume the computer manufacturer sorted that out for them and that they will be protected for a long time. I often have to go out to people's computers and remove viruses that get onto people's systems because the anti-virus software that was supposed to be protecting them had expired (and therefore deactivated) rendering it useless. The process of resolving the problem is normally a 2 step process. Firstly I needed to remove the virus that managed to get on there (normally a virus pretending to be an anti-virus client which is actually trying to extort money out of the victim by holding their computer at ransom until they pay to "fix" the problem) using a program such as Malwarebytes and then remove the trial anti-virus, replacing it with a working anti-virus program. On April 15, 2011, Microsoft added a new tool to my toolkit which is designed to be much more effective than Malwarebytes and therefore replace it. The best bit is, it's absolutely free. This tool is called the Microsoft Safety Scanner. Microsoft Safety Scanner is NOT an anti-virus program and therefore does not replace a proper real time anti-virus client such as Microsoft Security Essentials. What it is though, is a tool that you can use to remove viruses on computers that don't have anti-virus software or where the regular anti-virus software was disabled by the virus (it does happen, which is why anti-virus software is only a second defence and not an excuse for bad security practice). So quite commonly the virus you get infected with will render your computer useless and will block the use of most tools that it believes you could use to remove it (Task Manager, Command Prompt, Internet Explorer etc) and the only way to gain some type of control of the computer is to reboot it into Safe Mode which will cripple the virus in some ways (because Safe Mode only loads the bare essentials that Windows needs to run and the files the virus needs to run aren't these). The problem with Safe Mode is, you can't really install or uninstall much software, because the services needed to do this (most notably the Windows Installer service) aren't enabled. Therefore you need something that is designed to be installed in Safe Mode (such as Malwarebytes) or something that is a packaged file that can be run without installation. You also need something that isn't dependant on connecting to the internet to check for the latest virus definitions, because that isn't always an option because firstly the internet doesn't always work in Safe Mode, but also because the virus may have damaged files needed to get on the internet. Microsoft Safety Scanner meets both of these requirements. So we should probably have a look at how Microsoft Safety Scanner works. It's exactly the same as the Microsoft Malicious Software Removal Tool that automatically gets updated and run each month during your automatic updates through Windows Update except for one small difference I'll cover in a second. In January 2005, Microsoft created this tool to scan for and remove specific common malware that was widespread and infecting computers everywhere. One of the key things it was searching for was rootkits, which were interfering with common system files, which Microsoft would then update through Windows Update and this would cause the rootkit to crash because it was looking for specific versions of these system files, which weren't there. When the rootkit crashed, it would bring the whole system down with it. This toolkit would allow for these rootkits to be removed before updates were applied. So Microsoft Safety Scanner is the same as this Malicious Software Removal Tool, but instead of containing the definitions for 20 or so widespread rootkits and viruses, it contains exactly the same set of definitions as the latest version of Microsoft Security Essentials. As it's a package of the latest virus definitions from Microsoft Security Essentials, but those virus definitions for Microsoft Security Essentials are updated 3 times per day and the Microsoft Safety Scanner doesn't update itself, Microsoft says this scanner will expire 10 days after downloading it, so you'll have to re download it after 10 days, which is fair enough. This makes it perfect for downloading onto a USB stick before removing viruses from a computer while in Safe Mode and then rebooting and installing a proper anti-virus program, which is exactly how it's designed to be used. Running this program on a working computer that's got a working copy of Microsoft Security Essentials (or other anti-virus) will not provide you any extra protection, this is purely for running when you've got a virus and your normal anti-virus program isn't working or when there is no anti-virus installed. So when you first load it, it asks you to accept the licence agreement, then explains what it does and gives you 3 options (the same three you get with the Malicious Software Removal Tool and with Microsoft Security Essentials). You can either run a Quick Scan (finds most viruses and takes about 15 minutes), a Full Scan (a more through scan which can take several hours) or a Custom Scan (which scans the folders of your choice). Once you pick an option, you just wait for it to scan your computer and if it finds viruses, it will remove them for you! It's as simple as that. Safety Scanner - EULA Safety Scanner - Welcome Safety Scanner - Mode Selection Safety Scanner - Scanning Safety Scanner - Complete So that's Microsoft Safety Scanner - your Malwarebytes replacement that you can download from ( http://www.microsoft.com/security/scanner/en-us/default.aspx ). This tool works on Windows XP, Windows Vista and Windows 7 (and respective Server editions). I'll repeat this for a final time: this is NOT an anti-virus replacement, but rather an on demand virus removal tool with a full anti-virus definition database that's useful to remove malware on systems that do not have working anti-virus software on them before installing proper real time anti-virus software such as Microsoft Security Essentials. For this tool, I say well done Microsoft. Now to try and get computer manufacturers to pre-install Microsoft Security Essentials instead of commercial anti-virus trials so that we limit this problem of expired anti-virus programs. back to top Last Updated on Friday, 29 April 2011 01:39 To subscribe or to leave the list, or to set other subscription options, go to www.freelists.org/list/real-eyes