I recently had to clean an infected Windows computer where the malware was impossible to remove while running windows. I couldn’t find a resource that had straight forward instructions on what to do when the malware was so entrenched that removing it seemed impossible. My first attempt at cleaning was with the windows computers hard drive connected to a machine running Ubuntu 8.04.1 and a scan with ClamAV. This works ok, but it’s a pain to hook up hard drives and certainly not something the average windows user can do.
During my search for solutions I found a couple of bootable CDs that allow for scanning hard drives without booting windows. This makes malware removal easy.
This first is the BitDefender LinuxDefender boot CD. You need the machine to be connected to the Internet to allow for signature updates.
http://unices.bitdefender.com/?p=12
Direct CD ISO link: http://download.bitdefender.com/rescue_cd/
The second is F-Secure’s rescue CD. This also needs a net connection to update signatures.
http://www.f-secure.com/linux-weblog/2008/06/19/f-secure-rescue-cd-300-released/
Direct CD ISO link: http://www.f-secure.com/linux-weblog/files/f-secure-rescue-cd-release-3.00.zip
Both seem to work great, I ran both to make sure nothing was missed by the other. The BitDefender CD looks better and has more tools, but the end result is the same.