Malware is my most recent cause of headache. A specific antivirus product (looking at you SEP) has been completely worthless for preventing, detecting, and removing this stuff. Because I only have a few hours at client sites a full reinstall of Windows and applications, which would be the ideal solution, isn’t an option.
Enter the F-Secure Rescue CD. A free removal tool, it has successfully detected and removed the Malware that other product didn’t even detect. The F-Secure Rescue CD is a bootable Linux live CD that will boot the computer, download up to date malware detection patterns, and then scan the hard drive. Because it’s booted into Linux and not Windows it’s able to detect and remove malware that can go undetected while Windows is booted.
The downside is that the F-Secure Rescue CD will rename important Windows files that could prevent Windows from booting, resulting in a BSPD. If you do use this CD make sure you review the log file of files that are cleaned. In one instance it renamed C:\Windows\System32\Drivers\volsnap.sys to C:\Windows\System32\Drivers\volsnap.sys.virus. The volsnap.sys was infected with malware, but renaming the file also caused Windows to BSOD on boot, even when attempting to boot into Safe Mode. In most cases you can restore the file from your Windows install media using the recovery console, but you have to be well versed in the DOS command line to do so.
extract e:\i386\volsnap.sy_ C:\Windows\System32\Drivers\volsnap.sys.