Published: July 10, 2007
Download this Solution Accelerator
Click here to get the Malware Removal Starter Kit from the Microsoft Download Center.
About This Solution Accelerator
This guidance provides a set of tasks that licensed Windows® users can perform at no cost to create the Malware Removal Starter Kit. Recommendations for free malware-scanning tools are included. You can use these tools in combination with the kit to conduct scans, detect problems, and remove malware from your computer.
The aim of the Malware Removal Starter Kit is to provide reactive guidance and prescriptive steps to help you recover a computer that has been exposed to malicious software. It is important to understand that no process can guarantee a full recovery from the damage that malicious software can do. For this reason, there is no substitute for solid defenses and reliable backup and recovery processes. In this way, if the worst does happen and you have to rebuild the computer, the impact will be minimized.
If you do use the recovery steps in this guide, we recommend spending some time after the computer is fixed to investigate how the malicious software was introduced to it. This effort should attempt to learn how the problem was introduced rather than trying to find something or someone to blame. If the weakness was with a technical defense measure, such as a firewall or antivirus program, you can review it and update the measure as required. If the problem was introduced because of the actions of staff, additional training may be required to ensure the problem is not repeated. Remember the golden rule: “Prevention is better than cure.”
Finally, while this guide is specifically written to help IT Generalists repair computers attacked by malware in small- to medium-sized organizations, much of this information is valuable for protecting the home computers that belong to you and your staff. For more information about protecting home computers, visit the Microsoft Security at Home Web site.
In More Detail
Windows PE provides powerful preparation and installation tools for Windows operating systems. With Windows PE, you can start Windows from a removable disk, which provides resources to troubleshoot Windows on the client computer. For more information about Windows PE, download the Windows Preinstallation Environment Technical Overview.
Requirements
The following are operating system and feature requirements for preparing a Windows PE kit:
You can use the following resources to meet these requirements:
For more information about 32-bit and 64-bit system requirements, see the:
Task 1: Install the Windows Automated Installation Kit (AIK)
The first task in this process is to obtain the Windows Automated Installation Kit (AIK). This kit includes Windows PE and other files for you to install on your computer. The kit installs by default as an image (*.img) file on any system drive that you choose.
Task 2: Download the Malware-Scanning Tools and Utilities
You will need to identify the tools that you want to use with Windows PE to perform malware scans on your computer. Windows PE does not support tools that use .msi packages to install on your computer. In addition, the amount of random access memory (RAM) on your computer can constrain what scanning tools you can use.
Task 3: Create the Malware Removal Starter Kit CD-ROM
Creating the Malware Removal Starter Kit CD-ROM requires you to produce a Windows PE image for the kit, modify the base Windows PE image by adding the tools to it, change the size of the disk cache to provide some additional space for RAM, and then build an .iso image file to burn the changed image to a CD-ROM. Periodically, you will need to download the latest virus signature updates for the offline scanning tools on the CD-ROM to keep them as effective as possible to detect malware.
Task 4: Use the Malware Removal Starter Kit to Scan Your Computer
Now you are ready to use the Windows PE image and the tools you selected to scan your computer for malware.
How to Determine if You Have a Problem
Malware will often target a computer’s operating system. The Windows operating system has been a significant target for a number of years because of its popularity. However, other operating systems have also become targets of malicious software. In addition, many malware programs target Microsoft and third-party applications, and in some cases even antivirus software. For these reasons, it is important to keep both the operating system and the applications that you use up to date.
Related Resources
See the following resources on the Microsoft Web site for more information about this and other Solution Accelerators:
Community and Feedback
- Want to know what’s coming up next? Check out our Security Guidance Blog.
- E-mail your feedback to the following address: SecWish@microsoft.com
- If you’ve used a Solution Accelerator within your organization, please share your experience with us by completing this short survey (less than ten minutes long).
About Solution Accelerators
Solution Accelerators are authoritative resources that help IT professionals plan, deliver, operate, and manage IT systems that address real-world scenarios. Solution Accelerators provide free prescriptive guidance and automation to accelerate cross-product integration, core infrastructure development, and other enhancements.
Register to receive the Solution Accelerator Notifications newsletter so that you can stay informed about new Solution Accelerator releases and updates. The newsletter covers such areas of interest as
- Communication & Collaboration
- Security, Data Protection, & Recovery
- Deployment
- Operations & Management
Download this Solution Accelerator
Click here to get the Malware Removal Starter Kit from the Microsoft Download Center