Jump to content











Photo
- - - - -

FREE: Microsoft Safety Scanner - Portable antivirus program


  • Please log in to reply
30 replies to this topic

#1 Michael Pietroforte

Michael Pietroforte

    Silver Member

  • Advanced user
  • 660 posts
  •  
    Germany

Posted 10 May 2011 - 10:24 PM

Microsoft Safety Scanner is a free portable antivirus program that can be launched from a USB stick.

The Microsoft Safety Scanner was just released a few days ago. The free portable antivirus tool only comes as a simple EXE file and is available as a 32-bit and 64-bit version. The EXE file contains all the virus signatures.

Posted Image

A portable antivirus program is useful whenever you want to scan a PC that lacks antivirus software. If you don't have a Microsoft antivirus scan engine installed (Microsoft Security Essentials or Forefront), you can use the Safety Scanner if you need a second opinion.

… read more of FREE: Microsoft Safety Scanner - Portable antivirus program

Author: Michael Pietroforte
Copyright © 2006-2011, 4sysops, Digital fingerprint: 3db371642e7c3f4fe3ee9d5cf7666eb0


View the full article

#2 steve6375

steve6375

    Platinum Member

  • Developer
  • 5,351 posts
  • Location:UK
  • Interests:computers (!), programming (masm,vb6,C,vbs), OSes, photography,TV,films,guitars
  •  
    United Kingdom

Posted 03 June 2011 - 07:20 PM

Microsoft now have a Beta Microsoft Standalone System Sweeper tool. You can create a bootable USB or CD or ISO which runs a form of WinPE 3. Also the USB drive (if made) can be updated with new definitions without reformatting it again. You can also run the ISO from a grub4dos USB drive - see http://sites.google....prepusb/sweeper for details of how to do this.

#3 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 10,873 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 03 June 2011 - 07:51 PM

Though not specified anywhere that I can find, the "thing" you actually download is a downloader (not the actual files) and it won't run under XP SP2.
Message is:

Standalone System Sweeper Tool cannot be used on your operating system.

Error code:0000-8004FF04


Quite obviously this error message is NOT among the "help" page topics:
https://connect.micr...24894&mkt=en-us


Maybe it's IMAPI 2 or whatever. :cheers:

Naah, it's Service Pack 3 required :), found it :juggler::
https://connect.micr...24884&mkt=en-us

@steve6375
Maybe you should add a little note to your nice :thumbsup: page:
https://sites.google...prepusb/sweeper

:unsure:
Wonko

#4 steve6375

steve6375

    Platinum Member

  • Developer
  • 5,351 posts
  • Location:UK
  • Interests:computers (!), programming (masm,vb6,C,vbs), OSes, photography,TV,films,guitars
  •  
    United Kingdom

Posted 03 June 2011 - 08:05 PM

Works on my XP Atom EeePC (1GB ram) but I had to download Imapi v2.0 KB932716 first and reboot...

#5 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 10,873 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 03 June 2011 - 08:23 PM

Works on my XP Atom EeePC (1GB ram) but I had to download Imapi v2.0 KB932716 first and reboot...

Maybe that's it. :thumbsup:

I cannot reboot right now, I ran the IMAPI 2.0 installer but it didn't prompt me to reboot.

I'll see if I will be able to try again in a couple of days.

:juggler:
Wonko

#6 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10,202 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 04 June 2011 - 05:24 PM

Why is IMAPI required in the first place?

Is this "thing" trying to burn a CD or something? :dubbio:

#7 sbaeder

sbaeder

    Gold Member

  • .script developer
  • 1,291 posts
  • Location:usa - massachusettes
  •  
    United States

Posted 05 June 2011 - 12:10 AM

Why is IMAPI required in the first place?

Is this "thing" trying to burn a CD or something? :dubbio:

Yes, since it wants to create a stand-alone, bootable version of their scanner tool...

#8 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10,202 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 05 June 2011 - 11:29 AM

Hmm.. a Windows PE boot disk?

Where does it grab the bootable files from? This is getting interesting.. :dubbio:

#9 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 10,873 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 05 June 2011 - 12:37 PM

As usual :dubbio: , the MS guys are making it senselessly restricted :w00t: (and stoopidly put the SP3 check :ph34r:).

Went to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows" and changed "CSDVersion" from "0x00000200" (SP2) to "0x00000300" (SP3) and rebooted.

Downloading now. ;) :unsure:

Created the .iso (Advanced :cheers: ).

It seems like a "normal" PE 3.x (only "dumbed down")

Relevant files should be:
http://download.micr...gepackage32.exe
http://download.micr...tes/mpam-fe.exe

http://download.micr...gepackage64.exe
http://download.micr.../mpam-fex64.exe

:cheers:
Wonko

#10 steve6375

steve6375

    Platinum Member

  • Developer
  • 5,351 posts
  • Location:UK
  • Interests:computers (!), programming (masm,vb6,C,vbs), OSes, photography,TV,films,guitars
  •  
    United Kingdom

Posted 05 June 2011 - 01:08 PM

Yep - shift+F10 does not work - so cannot load network drivers and get latest updates.Posted Image
I have updated the page on my website now to show how you can update your USB drive with the latest updates using the MSSE update download (same files!).
https://sites.google...prepusb/sweeper

#11 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 10,873 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 05 June 2011 - 01:45 PM

Yep - shift+F10 does not work - so cannot load network drivers and get latest updates.Posted Image
I have updated the page on my website now to show how you can update your USB drive with the latest updates using the MSSE update download (same files!).
https://sites.google...prepusb/sweeper


Yep, it would be interesting to understand HOW the SHIFT+F10 was disabled, though I think that it's the actual "shell" that is built like that, check the WINPESHL.INI:
[LaunchApp] 

AppPath = "%ProgramFiles%\OfflineScannerShell\OfflineScannerShell.exe"

https://sites.google...prepusb/sweeper

If using Windows XP, you will need SP3 and you also need to install the Imapiv2.0 Image Mastering tool (KB932716).


Of course it's your page :cheers: , but that - as just seen - is plain misinformation :unsure:.

Though NOT for the faint of heart, SP3 is NOT *needed*, all it is needed is to change the relevant key in the Registry, or more simply download directly the files without using the stoopid downloader. (and later create a .iso from the files or make a bootable USB stick out of them)

AT LEAST, you should point out how that is what MS says. (which not always - please read as NEVER - is the "true story" or the "whole story" :dubbio: ).

:ph34r:
Wonko

#12 steve6375

steve6375

    Platinum Member

  • Developer
  • 5,351 posts
  • Location:UK
  • Interests:computers (!), programming (masm,vb6,C,vbs), OSes, photography,TV,films,guitars
  •  
    United Kingdom

Posted 05 June 2011 - 02:06 PM

OK, FYI - I drive a Ferrari (actually it's a 2CV but I have stuck a Ferrari badge on the radiator grill, so it is a Ferrari really!).Posted Image

#13 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 10,873 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 05 June 2011 - 02:57 PM

OK, FYI - I drive a Ferrari (actually it's a 2CV but I have stuck a Ferrari badge on the radiator grill, so it is a Ferrari really!).Posted Image

I guess it's still better than my Porsche :dubbio::


:unsure:

:cheers:
Wonko

#14 steve6375

steve6375

    Platinum Member

  • Developer
  • 5,351 posts
  • Location:UK
  • Interests:computers (!), programming (masm,vb6,C,vbs), OSes, photography,TV,films,guitars
  •  
    United Kingdom

Posted 05 June 2011 - 02:59 PM

Posted Image

#15 cdob

cdob

    Silver Member

  • Expert
  • 980 posts

Posted 05 June 2011 - 04:40 PM

It seems like a "normal" PE 3.x (only "dumbed down")

Relevant files should be:

Deep links may change in future.

Some strings from mssswizard.exe:

How do I restart my computer after using the bootable media
http://go.microsoft..../?LinkID=210165

Help & How-To
http://go.microsoft..../?LinkID=215991

System Requirements
http://go.microsoft..../?LinkID=215992

PE32 imagepackage32.exe
http://go.microsoft....550&clcid=0x409

32 mpam-fe.exe
http://go.microsoft....593&clcid=0x409


PE64 imagepackage64.exe
http://go.microsoft....551&clcid=0x409
mpam-fe.exe
http://go.microsoft....552&clcid=0x409


In adddition read strings from final mssswizard.exe, if a final version is released.

#16 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 10,873 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 05 June 2011 - 04:52 PM

Deep links may change in future.

Sure. :unsure:

That will be the future.
Posted Image

:dubbio:

The "hardcoded" links seem anyway like "dynamic ones" (unlike the ones I posted earlier which are "direct links" to current files).

It is likely that these "dynamic links" won't be changed anytime soon, otherwise there would have been no reasons to use them instead of the "direct links", but you know, it's still MS, so you can never say.

For the record (missing info in this thread, here for the benefit of the less expert peeps ) the mssstool32.exe (which is the downloader you get) is a SFX that can be opened allright with 7-zip and that contains a few files, including the actual mssswizard.exe file cdob is refeering to.

A suitable tool to get the actual TEXT inside *any* file is BINTEXT:
http://www.mcafee.co...ls/bintext.aspx

:cheers:
Wonko

#17 Giraffe

Giraffe

    Silver Member

  • Advanced user
  • 505 posts
  •  
    United Nations

Posted 05 June 2011 - 05:49 PM

Is this any good? If beta Microsoft Standalone System Sweeper tool creates it's own boot files,... basically it gets root access :dubbio:




:unsure: I'm thinking to isolate this ms-ware from doing damage. The last time I ran a similar cleaner, it found something abnormal in my 'nasty' files and auto deleted small ones (100 - 500 KB ones *.exe) even though other normal AVs never reported Trojans.

#18 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 10,873 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 05 June 2011 - 06:28 PM

If beta Microsoft Standalone System Sweeper tool creates it's own boot files,... basically it gets root access :cheers:

Are you 100% sure you connected properly brain to fingers BEFORE typing the above? :dubbio:

The result is a bootable PE 3.x, either from CD/DVD or from USB stick, nothing particularly different from *any* other PE around, and there is NO such thing as "root access" on Windows, there is "System" account (what any PE will use).

More generally, you shouldn't have "nasty" files at all :unsure: , or, should you have them, you should know how to manage them (or NOT run any "similar cleaners", you do understand that the very purpose of a cleaner is to clean, don't you?).

:ph34r:
Wonko

#19 Giraffe

Giraffe

    Silver Member

  • Advanced user
  • 505 posts
  •  
    United Nations

Posted 07 June 2011 - 12:48 PM

Are you 100% sure you connected properly brain to fingers BEFORE typing the above? :)

Not this time around... I'm multi-tasking too much... :mellow:


The result is a bootable PE 3.x, either from CD/DVD or from USB stick, nothing particularly different from *any* other PE around, and there is NO such thing as "root access" on Windows, there is "System" account (what any PE will use).

More generally, you shouldn't have "nasty" files at all :( , or, should you have them, you should know how to manage them (or NOT run any "similar cleaners", you do understand that the very purpose of a cleaner is to clean, don't you?).

:cheers:
Wonko

i meant root in the sense, complete control of hardware (spying ability to report back home for statistics, no firewall to stop them, modifying their OS etc). Its like clicking YES to a license which says "we'll delete whatever we want, we'll open your OSes so our authorized spies can shag you whenever they want. Continue or don't use".


Home users tend to keep too many nasty because they're not business users. I do create back ups and put them on NAS but just to use this app if i'm forced to make a backup... :whistling: my mind says, better look for "Wonko or reboot approval in posts then driving blind"

#20 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 10,873 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 07 June 2011 - 03:46 PM

i meant root in the sense, complete control of hardware (spying ability to report back home for statistics, no firewall to stop them, modifying their OS etc). Its like clicking YES to a license which says "we'll delete whatever we want, we'll open your OSes so our authorized spies can shag you whenever they want. Continue or don't use".

Any PE will have system privileges.
Theat's one of the reason why people should build thier own PE and know what he/she puts in it.
The usual way to avoid problems of "spying", "phoning home", etc. is to simply DISCONNECT the PC from network (or dial up telephone or wi-fi card etc.) and work on the offline system.
Sure, a malicious PE could always plant a rootkit or some other nasties, but life is tough, if you don't trust something, don't use it or build your own trusted solution or pay for a solution some professional that you do trust.

Home users tend to keep too many nasty because they're not business users. I do create back ups and put them on NAS but just to use this app if i'm forced to make a backup... :( my mind says, better look for "Wonko or reboot approval in posts then driving blind"

I don't see the point :unsure:, noone has a gun at your head forcing you to use or not use *any* tool.

This is freedom. :whistling:

Doing things makes some risks needed to be taken. :mellow:
Doing nothing makes some other risks needed to be taken. :cheers:

Decisions, always decisions.... :)

:cheers:
Wonko

#21 u2o

u2o

    Frequent Member

  • .script developer
  • 257 posts
  • Location:Argentina
  •  
    Argentina

Posted 20 June 2011 - 04:18 AM

It has 10 days for use and expires ¿? :smart:

Posted Image

#22 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 10,873 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 06 January 2012 - 04:42 PM

Just to try and keep things as together as possible:
http://reboot.pro/16145/

The new name is seemingly "Windows Defender Offline Beta". :w00t:

:cheers:
Wonko

#23 Boot_Monkey

Boot_Monkey

    Frequent Member

  • Advanced user
  • 142 posts
  • Interests:Umm, Bootdisks.
  •  
    Australia

Posted 05 October 2012 - 03:09 AM

OK, so who has this working on their disk?

I have a very tricky environment to run it on, so it's going to be a lot harder for me to get working.

I need to know where people are at with getting it running on their existing disc, and it so, how are they handling the updating?

I'm not sure wether I should edit the MS disc, or edit my own image to contain it within my image.

Any thought? I'm trying not to re-invent the wheel.

Cheers!

#24 steve6375

steve6375

    Platinum Member

  • Developer
  • 5,351 posts
  • Location:UK
  • Interests:computers (!), programming (masm,vb6,C,vbs), OSes, photography,TV,films,guitars
  •  
    United Kingdom

Posted 05 October 2012 - 08:24 AM

I haven't played with this for a while, but Tutorial 41 on http://www.rmprepusb.com site deals with running it from a USB and updating.

#25 Boot_Monkey

Boot_Monkey

    Frequent Member

  • Advanced user
  • 142 posts
  • Interests:Umm, Bootdisks.
  •  
    Australia

Posted 11 October 2012 - 12:29 AM

Thanks Steve,

I've noticed that SIW2, has created something. Don't know the details though. He/she has made a niffty little program menu with a button to start the app.

What I need to know, is does WDO have any weird requirements for it to run. I don't mean min specs, but more to do with deps. There are quite a few drivers in it, and not sure if I'll need to copy those.

Anyway, I'll try various things and see how I go.


Update: Here is a log that gets generated when I try to run it from my usual WinPE disc




Info	 No unattend file was found; WPEINIT is using default settings to initialize WinPE

Info	 ==== Initializing Display Settings ====

Info	 No display settings specified

Info	 STATUS: SUCCESS (0x00000001)

Info	 ==== Initializing Computer Name ====

Info	 Generating a random computer name

Info	 No computer name specified, generating a random name.

Info	 Renaming computer to MININT-55K36VR.

Info	 Acquired profiling mutex

Info	 Service winmgmt disable: 0x00000000

Info	 Service winmgmt stop: 0x00000000

Info	 Service winmgmt enable: 0x00000000

Info	 Released profiling mutex

Info	 STATUS: SUCCESS (0x00000000)

Info	 ==== Initializing Virtual Memory Paging File ====

Info	 No WinPE page file setting specified

Info	 STATUS: SUCCESS (0x00000001)

Info	 ==== Initializing Optional Components ====

Info	 WinPE optional component 'Microsoft-WinPE-Setup' is present

Info	 WinPE optional component 'Microsoft-WinPE-Setup-Client' is present

Info	 WinPE optional component 'Microsoft-WinPE-WMI' is present

Info	 WinPE optional component 'Microsoft-WinPE-WSH' is present

Info	 STATUS: SUCCESS (0x00000000)

Info	 ==== Initializing Network Access and Applying Configuration ====

Info	 No EnableNetwork unattend setting was specified; the default action for this context is to enable networking support.

Info	 Acquired profiling mutex

Info	 Install MS_MSCLIENT: 0x0004a020

Info	 Install MS_NETBIOS: 0x0004a020

Info	 Install MS_SMB: 0x0004a020

Info	 Install MS_TCPIP6: 0x0004a020

Info	 Install MS_TCPIP: 0x0004a020

Info	 Service dhcp start: 0x00000000

Info	 Service lmhosts start: 0x00000000

Info	 Service ikeext start: 0x00000000

Error	 Service mpssvc start: 0x00000422

Info	 Released profiling mutex

Info	 Spent 1186ms installing network components

Info	 Spent 0ms installing network drivers

Info	 STATUS: FAILURE (0x80070422)

Info	 ==== Applying Firewall Settings ====

Info	 STATUS: SUCCESS (0x00000001)

Info	 ==== Executing Synchronous User-Provided Commands ====

Info	 STATUS: SUCCESS (0x00000001)

Info	 ==== Executing Asynchronous User-Provided Commands ====

Info	 STATUS: SUCCESS (0x00000001)

Info	 ==== Applying Shutdown Settings ====

Info	 No shutdown setting was specified

Info	 STATUS: SUCCESS (0x00000001)

Warning Applying WinPE unattend settings failed with status 0x80070422; ignoring shutdown settings


Another quick Google shows that 0x80000422 means.........

Error Code 0x00000422
by RegMender Editorial Team, under Win32 Error Codes
Code(DEC): 1058 Code(HEX): 0x00000422 Type: win32 Name: ERROR_SERVICE_DISABLED Description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.