Before you pull out the Windows disc or use the factory restore, you might try creating and using a bootable disc or USB drive to scan for and remove the infections. These rescue discs and drives run outside of Windows and boot to their own OS right from the disc or drive.
Most of these are totally free thanks to the Linux and open source community so well take a look at a couple you might consider using next time you get a serious infection. Keep in mind, rescue discs or USB drives cannot scan or recover encrypted disks. If your drive is encrypted, I commend you for being security conscious but you can't do any rescuing or recovering until you've disabled the encryption.
To use these bootable rescue discs or USB drives, your PC must be configured to be able boot from the given drive. CD/DVD and USB booting is usually turned on by default but can be changed via the BIOS setup utility available right after you turn on your computer. Some computers may also have a boot menu where you can choose to boot from different drives.
Before booting up a rescue disc or drive, make sure the computer is connected via an Ethernet cable directly to the router or modem so theres an Internet connection for downloading antivirus updates. Some allow you to configure wireless connections but it will be much easier to go the wired route.
In addition to an antivirus scanner, Kaspersky Rescue Disk 10 offers a few other tools on the Linux desktop. The file manager lets you save or backup your files from an unbootable hard drive. Theres also a Web browser if you need to research any blue screen error codes or other symptoms.
They provide documentation on creating both discs and USB drives. Once created, you can find documentation on how to use them on the disc or USB drive in the rescue\help\ directory. Theres also help available while youre using the software.
After booting up Kaspersky Rescue Disk 10 and accepting the license, it will try to auto configure the network connection for Internet access, but it wont automatically check for updates. To check you just select the My Update Center tab and hit Start Update .
Once updated, you go back to the Objects Scan tab. Here you can select to include the disk boot sectors, hidden startup objects, and/or drives. To select specific directories to scan, manually add it to the list. To start scanning, click hit the Start Object Scan button.
The BitDefender Rescue CD provides a Linux desktop environment. Along with the antivirus scanner, it has a file manager so you can save or backup your files from an unbootable hard drive, Test Disk to recover partitions, GParted to edit partitions, and a Web browser.
They provide a how-to on creating a BitDefender Rescue disc or USB drive on their website. Once created, you can access the documentation on using BitDefender Rescue in the Docs folder on the disc or drive.
After the BitDefender Rescue disc or USB drive boots up, the network connection auto configures. After accepting the license, the virus signatures automatically update and it automatically starts scanning all drives. If you want to scan only certain files or folders, double-click the BitDefender Scanner icon on the desktop to launch the BitDefender On-demand Antivirus Scanner.
The F-Secure Rescue CD uses the Knoppix OS (a derivative of Linux) and has only a menu-based interface. In addition to the antivirus scanner, it includes PhotoRec to recover deleted or corrupted files and Test Disk to recover partitions.
They dont offer specific instructions on creating the disc but they do provide a user guide discussing how to use it once created.
Once the disc boots and you continue by pressing Next it will automatically configure the network connection and download updates. If you cant connect, you can use a healthy computer with Internet access to download the updates to a USB drive, and then take the USB drive to the infected computer.
Once on the scanning screen, you can select to scan the master boot records (MBR) for all drives and select which drives to scan. You cannot select specific directories on the drives, it scans the entire drive.
The AVG 9.0 Rescue CD uses a menu-based OS and also provides some additional tools along with the antivirus software. The Memtest86+ tool for testing and diagnosing memory issues, file manager for rescuing files, Test Disk to recover partitions, and a Windows registry editor to remove any changes from infections. It also features a ping tool to test network connectivity and a text-only web browser.
You can create a bootable disc or USB drive. They provide a user guide for preparing discs or USB drives and using the software.
During booting it attempts to auto connect to the Internet. If it connects successfully, it will ask if you want to check for updates. If you cant connect to the Internet, you can put the updates on a USB drive using a different PC and load them into the AVG Rescue CD using the Update menu.
To start scanning you go to the Scan menu. There you can select the drives or directories you want to scan.
Remember, Kaspersky and BitDefender have desktop interfaces while F-Secure and AVG are menu-based. If you cant connect the infected PC to the Internet, consider using the two latter options since you can update via a USB drive. However, the two first options provide better file managers to save or backup your files.
Remember to make sure youre plugged into the Internet via an Ethernet cable before booting the disc or USB drive, not Wi-Fi or 3G.
Hopefully, once you remove the infections youll be able to boot into Windows again. If not, the Test Disk utility (included on all but Kaspersky) might be able to recover the boot configuration.
If all else fails, break out the Windows disc for its recovery and repair options.
Eric Geier is the founder of NoWiresSecurity, which helps businesses easily protect their Wi-Fi networks with the Enterprise mode of WPA/WPA2 security. He is also a freelance tech writer. Become a Twitter follower or use the RSS feed to keep up with his writings.