eSecurityPlanet: The Best Way to Remove Viruses, Spyware and other Malware (Part 1)

May 19, 2009
By Michael Horowitz

There are only two ways to remove malicious software from an infected Windows machine: with the infected operating system running or not.

The easy way, of course, is from within the infected copy of Windows. Just download anti-malware software, install it, run it and get on with your life. The problem is, this may not work.

Much of today's malicious software features very technically sophisticated defenses against detection. Recently researchers at the University of California at Santa Barbara took control of the Torpig botnet and wrote a paper about the experience. Their description of how the software infects a computer is fascinating. The sophisticated approach makes the malware very hard to detect by any software running within the corrupted copy of Windows.

Steve Gibson, in his Security Now podcast, offered another lesson about the many defenses malware (in this case the Conficker worm) employs to prevent detection. It's frightening and impressive and makes plan B, scanning from outside the infected operating system, the obviously better approach.

Given this, there are, again, two ways to go.

Click the URL above to read the full article