Programs such as Malwarebytes Anti-Malware free are all well and good for cleaning malware infections provided you can access and use the operating system, but what about a machine which is so heavily infected the operating system won’t load or, if it does, is not responsive or functional? That’s where the bootable malware removal tools provided by most reputable antivirus vendors come into their own.
My youngest son recently brought over his aging laptop which he informed me was running like a hairy goat (that’s bad by the way). I pressed the go button and the operating system appeared to load okay but then, sure enough, I soon discovered that the system was near enough to unusable. Couldn’t open any programs, command prompt or run. Couldn’t open any directories, Computer or Control Panel. Right click functions weren’t working at all and only the occasional left click function – it was a mess.
Apart from almost everything being inaccessible, I noticed that the hard drive activity light was constantly blinking furiously. I also noticed that his resident antivirus program was not running. All symptomatic of a seriously infected machine. So, this really left me with only two viable options:
- A fresh install
- Try to cleanup the malware and, hopefully, return the system to its former glory.
Option #1 was problematic in this case. I won’t bore you with the details, suffice to say that this machine started off life running Vista and had been upgraded to Windows 7 at some time along the way. Minus any Vista installation media, and with the system almost totally unresponsive and no Windows 7 product key to hand, this approach moved quickly from optional more toward improbable.
So, it was on to option #2.
Best Free Bootable Malware Cleanup Tools
There are quite a few free bootable malware cleanup tools available but, in no particular order, I would recommend the following four:
- Eset SysRescue Live – 324.9MB
- Kaspersky Rescue Disk 10 – 264MB
- BitDefender RescueCD – 636MB
- Avira Rescue System – 624MB
I opted for Kaspersky Rescue Disk 10, mainly because I’d used it before with some success and was familiar with the program, but also because it is the smallest of the downloads (not sure why such a disparity in download sizes).
Most of these tools include an option to create a bootable USB flash drive as well as CD but I’m concentrating on the bootable CD option here. The first thing you need to do is burn the downloaded ISO to CD. This function is built into all Windows versions since Windows 7. In Windows 8.1 and 10, simply right click the ISO file and select “Burn disc image”. I suggest you also enable the option to Verify. For Windows 7, follow the instructions from Microsoft here: Burn a CD or DVD from an ISO file – Applies to Windows 7.
Now you’ll need to restart the machine and boot from the CD – you may need to change the device boot order in BIOS so the CD/DVD drive is number 1. This process may differ slightly between various BIOS editions but will be similar in most cases. Just Google around for instructions.
Working with Kaspersky Rescue Disk is pretty straightforward, the essential steps are:
- Select Graphic Mode at the top of the list of options (should be enabled by default)
- Wait while the program mounts the drive
- Once that has completed (generally only a matter of 20-30 seconds) and the Scan window opens – make sure to click the My Update Center option first and download the latest definitions.
- Once that has completed, go back to the Objects Scan window and start the scan.
- You can view a more comprehensive guide here: http://support.kaspersky.com/8097
By the way; the scan is pretty intensive so be prepared for a long wait, in the case of my son’s laptop it took a little over 3 hours to complete.
There’s no real need to mess with the settings, everything is set to optimum/recommended by default. At the completion of the scan, if any malware has been detected, you’ll be presented with options on how to deal with it. Once again, the recommended action is clearly indicated and generally the best option.
That’s pretty much all there is to it and, at the end, hopefully you’ll be back with a malware free and fully operational system. In the case of my son’s laptop, it worked a treat, cleaned up multiple serious infections and everything is back to normal. Although, now I have regained full access, I noticed his system drive has 13GB free space out of a total 116GB, so more work to do yet. It is actually a 250GB hard drive separated into 2 partitions – the almost full 116GB system partition and a completely empty 104GB data partition, just goes to show how computer savvy my lad is, not!
I’ll move all personal data over to the empty data partition and then use PrivaZer to perform a thorough cleanup of the system drive. Should be running like brand new when he gets it back. Good ole dad!
This is really impressive Jim.
Totally coincidental that a good friend phoned this morning to say that his PC had deleted thousands of important work files on his pen drive.
Long story short is that I created the ESET bootable USB drive, booted with the infected pen drive also in place and ran a scan without any system hard drives connected.
I wasn’t sure if this were possible but it is and exactly what I’ve been looking for, although no threats were found.
Opening a new thread in the forum to continue the discussion of this and the results.
Cheers Marc.
In all honesty, my lad’s laptop was so badly infected I did not expect the brilliant result which eventuated.
That is great info I have had many systems that have had the same issue. Will need to add this to my tool kit and give it a try next time I get this problem. Thanks!
Hi Jim,
A great result, and so may people drop ‘poo-poo’ on Kaspersky and Privazer.
I cleaned up a client’s computer this a.m. with Advance System Care, free version, then found a heap of junk left by Norton with a run of ClamWin Anti-Virus, one off manual run only, the Norton Removal Tool does not remove same, so a trip into the registry to remove the dregs, and finishing the job with an installation of Avira anti-virus.
Regards,
Jonno
Good stuff Jim Hillier, keep up the good work.
Regards
Roger H. / PC-Bug Fixer / Sydney, Australia.
Hi Jim,
I rescued my PC from my HDD factory installed partition and I now have a vanilla Vista OS (which I sure hope MS would allow me to cash in for a freebie Win 10 like they did for their Win 7 clients, but that probably ain’t gonna happen, sigh!).
Of course I lost all my data from the factory restore but as we’ve been warned many a-time I have not used that PC since to prevent rewriting over my old data.
I don’t imagine any of the 4 rescue disks you listed would be of any help in rescuing my data as well (which I foolishly never got around to backing up and am now singing the blues for my laziness) ?
Any software recommendations (free or paid) on recovering data from a reformatted HDD from an OS re-install would be greatly appreciated.
Pity this poor fool,
Dan