There are only two ways to remove malicious software from an infected Windows machine: with the infected operating system running or not.
The easy way, of course, is from within the infected copy of Windows. Just download anti-malware software, install it, run it and get on with your life. The problem is, this may not work.
Much of todays malicious software features very technically sophisticated defenses against detection. Recently researchers at the University of California at Santa Barbara took control of the Torpig botnet and wrote a paper about the experience. Their description of how the software infects a computer is fascinating. The sophisticated approach makes the malware very hard to detect by any software running within the corrupted copy of Windows.
Given this, there are, again, two ways to go.
When I first broached this subject, I suggested removing the infected hard disk and connecting it a USB port on another computer using a special cable. But, there's another approach to access the infected hard drive while still bypassing the infected operating system, one that lets the hard drive remain inside the infected computer.
Boot the infected computer using a CD, DVD or USB flash drive and run another operating system off the bootable media.
It takes Windows where it was never meant to go to a CD. That is, it creates a bootable CD that runs a stripped down copy of Windows XP.
Although UBCD4WIN runs XP, the computer on which it runs can have any version of Windows installed. Like a normal copy of XP, the version that runs off the CD can read/write any hard drive partition formatted with the NTFS, FAT or FAT32 file systems.
The original intent of the Ultimate Boot CD for Windows was to run assorted diagnostics against the host computer (my term). Included in these diagnostics are a handful of antivirus and antispyware applications such as Avira's AntiVir, McAfee's Stinger and Super Antispyware.
There are some problems, though, with running anti-malware software from the Ultimate Boot CD for Windows.
Read the rest at eSecurityPlanet.