Friday, March 14, 2008

Sysclean - a little known secret

One of the things that our I.T. department deals with on occasion (much to our frustration) is virus / malware / spyware / grayware infected computers. Though we do have a layered system in place, there is no system that will ultimately prevent every type of malware out there all the time.

(We also get lots of questions from our users about their home machines. Though we don't officially support home machines, developing good I.T. practices is part of our mandate and so we often encourage and help out with this out of good-will.)

In addition to telling them about some of the online scanners available (such as Trend Micro's Housecall or Symantec/Norton's equivalent) we also send them home with a rescue CD. On the CD is a little known secret... and it's free.

First, the secret
- then I will tell you why we do this in addition to online scanners.

Trend Micro offers an offline system cleaner called "sysclean". It isn't the most elegant of solutions, but it is thorough. It will detect most viruses, spyware as well as other forms of malware and it does a reasonable job of cleaning them up.

You can download the sysclean program here:

Once you have downloaded it, you will also need to download their latest pattern files. You can find those here:

You need both the Virus pattern as well as the Spyware pattern. Download the "new" pattern files titled SSAPIPTN.DA5.Put all the files into one directory, and unzip all pattern files. Then, run sysclean.com and let it scan away.


If you intend on putting this on a CD, there are several catches:

  1. On the target computer, you will need to copy the files off the CD onto a local directory and make them NOT read-only. This is because sysclean.com will actually extract other programs and require write access.
  2. Note that the patterns change almost daily - so be sure to keep the CD up to date.

Why do we encourage this in addition to online scanners?

For system recovery, this solution works well - it does not require plugins, or java to be installed. In fact, it does not even require an internet connection. But most importantly, it is not as suceptible to browser hijacks. (If we assume that the browser on the target computer is already infected, what good is a scanner that also requires that browser?)

No comments: