being a big fan of Desinfec’t (formally known as Knoppicillin, a Linux based virus scanner that runs from CD) I thought I should give the System Sweeper a try.
What makes my case a little special is that the “PC” to scan is a xen-vm.
I downloaded the iso-file, created a xen-vm to boot it, mounted the disk-image of the PC to scan (read-only) and started the vm. The result was pretty disappointing: Windows PE booted but displayed an error very soon:
Microsoft Standalone System Sweeper cannot be started. Please contact support.
Error code: 0x8004cc01
Searching the net for this error did not bring up much info except for this thread so I started playing around. I finally got it running and those are the things I had to fix:
- the system you are scanning needs to be supported by the tool (e.g. I tried to scan a Windows Server 2008 R2 hd which did not work)
- the tool needs write-access to the disk you are scanning (I first tried to scan a read-only drive since Desinfec’t can do that)
- the PC that boots the tool needs at least 750 MB RAM and 500 MB disk space
- if you want to update virus definition online you need a DHCP server that assigns IP / DNS / GW to the Windows PE during booting.
This way I was able to boot a xen-vm from the Sweeper-Iso, update the virus definitions online and scanned the “hard disk” of another xen-vm (Windows 7 64-bit).
My resume: a nice tool but I would really like the option to just scan a hard drive no matter of the OS it contains and with only read access.
Hope this helps those who encounter the same error.