This article provides information on SMaRT - a process that can be used when you have problems detecting or cleaning up malware, or a computer becomes reinfected after successful cleanup.
Applies to the following Sophos product(s) and version(s)
Not product specific
1. Understanding SMaRT
What is SMaRT?
SMaRT provides a systematic process which allows you to deal with malware from the time you initially suspect or discover its presence, through to its removal. This process can be implemented by using the step-through Interactive Guide or by working through the downloadable PDF User Guide. Links to these are provided below.
Both SMaRT guides demonstrate the processes and tools needed to remove resistant malware. It advises on which tools should be used, under what circumstances, and how best to use them.
Note: SMaRT is designed to be used with Windows 2000 and above.
When to use SMaRT
The SMaRT process should be used under any of the following circumstances:
- A scan has alerted you to the presence of malware on your system. You have attempted to clean it up, but were unsuccessful. For example, this may be due to the fact that the system is reinfecting itself. SMaRT helps you to track down and deal with these situations
- You believe you may have malware on your system, but are unable to locate it.
- Suspicious items have been detected, but you are not clear as to whether they are actually malware.
How does SMaRT work?
By using series of questions, presented in a precise order, the SMaRT process advises when to use any of the specialized tools which are listed in the table below.
2. Getting started with SMaRT
A guide for users:
A guide for network administrators:
Download the tools
The table below allows quick access to all of the tools used by SMaRT. There are direct links to tools themselves but we recommend you read the associated KB article first to familiarize yourself with how the tool works.
|Tool ||Download link ||KB article |
|Source of Infection Tool (SOI) |
Used to identify where persistent malware originates. This can be either a network location or a local process.
|SOI ||111505 |
|Sophos Bootable Anti-Virus (SBAV) |
Used to detect and disinfect fully compromised computers using an independent operating system
|SBAV ||52053 |
|Sophos Healthcheck (SHC) |
Used to check the status of the Sophos installation on the computer
|SHC ||112843 |
|Sophos Virus Removal Tool (SVRT) |
Used to clean up malware in standalone situations, often used when other anti-virus vendor products are installed
|SVRT ||113298 |
|Sophos Diagnostic Utility (SDU) |
Collects system information and log files for all Sophos products that are installed.
|33533 ||33556 |