How to Remove Malware (Part 2): Booting from a CD: Page 2
Using a boot CD to remove malware can be more effective than simply running an anti-malware software program.
This brings up a Network Profiles window. The default mode of operation, DHCP, should work for most people, so just click on the OK button.
There will be a few messages about assorted services starting up and then you'll see the PE Network Configurator.
Every computer on a network is assigned a unique number. On networks running TCP/IP (which almost all do) the number is referred to as an IP address. The DHCP mode of operation means that something on each network (often the router) is in charge of handing out numbers.
If you click on the DHCP Details button, you can see the IP address that was assigned to the computer running UBCD4WIN. A sample of the DHCP details is shown below. Make a note of the IP address, we'll use it later.
Next, we need to enable file sharing, so click on the File Sharing tab at the top.
To enable file sharing, simply click on the Start Sharing button at the bottom of the window. Fairly quickly, the yellow "Stopped" tab in the black status window above the button should change to a green "Started."
The last thing we need to do on this computer is assign a password to the administrative account. This is done in the middle of the window.
Enter your chosen password twice and click on the Set Password button. There is no need for a complicated password, as this is a temporary network connection. I found that "abc" worked just fine. We'll need to enter the password in a minute, so you may want to write it down.
Now, it's time to shift over to the clean computer, the one with your favorite anti-malware software installed. The screen shots below are from a Windows XP machine but Vista should work just as well.
The first step in connecting to the infected machine running UBCD4WIN is to ask it for a list of resources it's sharing on the network. The only shared resource we care about is the infected C disk.
To do this, click Start -> Run and in the Open box enter the IP address of the infected machine preceded by a pair of backslashes (see below). Then click the OK button.
At first nothing happens, but shortly you are prompted for a user name and password. The default user name of "administrator" does not need to be changed. Enter the password you just specified for file sharing and click OK. There is no need to remember the password.
The networking software on the UBCD4WIN computer responds with a list of shared disk drive letters.
Next page: Accessing the C disk
May 19, 2009
Much of today’s malware uses very technically sophisticated defenses against detection, making it far tougher for users to remove.