the PE will create a ram drive for temp files and it allows you to set up your network settings at bootup via manual or dhcp.
Unlike stinger, MRT and similar apps it has a full database of all signatures for spyware and virus/trojan apps and is not just a targeted subset of the latest or most prevalent. I would suggest that good practice is to burn to CD or boot from a PE disk of some description and use because multi-infected machines will infect your USB sticks with various nastyware and you will go around happily infecting other machines via your sticks.
It is a tool which can be used whatever way you like, but along with things like roguefix and MBAM will enable you to clean a machine of active threats in a relatively quick manner compared to a full AV scan with a resident program (which may already be compomised). I would also use standard manual techniques like checking the windows\system32 dir and the drivers dir for the most recently created files. One of your problems with rootkit type infections is they will intercept system calls and return false information so booting from a PE environment is always favourite for me personally.
Unfortunately many newer threats use a multi level infection system which can involve many components and it is usually a toss up between recovery or re-install depending on the system's importance and value. For a home PC you are probably looking at a wipe/reload being economically the better solution as the time involved can be pretty much predicted. Any RK infected machine may have also legit backdoor configuration like opening remote desktop, adding GoToMyPC or LogMeIn software or reverse shell connection through telnet and SSH. These will not usually be picked up by an AV tool as they are legit files bent to a illegit purpose. For a real nasty infection only wipe and reload can be considered a real clean up.
I'm using Windows 7 - you got a problem with that?
Bookmarks