PDA

View Full Version : Virus and spyware removal steps?


chillihead
07-02-2007, 10:17 AM
I am getting ready to open shop here in California doing on-site pc repair. I know most of the calls I will take will be to remove virus's and spyware. Can you guys give me an idea on which popular tools you use for everyday jobs and the priority in which you scan using them?

Do you use boot cd's and scan in DOS/Linux mode to make it faster? Or, can you run most of these off of a flash drive as a standalone application? Or do you have to just do a quick install for each on the customers pc and then scan?

Thanks! I am really looking forward to getting into this freelance! :D

Bryce W
07-02-2007, 08:44 PM
In order:
Process Explorer (http://www.technibble.com/repair-tool-of-the-week-process-explorer/) to look at the processes running and spot anything suspicious looking.

MSConfig (http://www.technibble.com/how-to-use-msconfig/) to spot any viruses, adware and spyware which are designed to start on bootup.

Add Remove Programs to uninstall any adware or spyware that was found (much of the semi-legit stuff has an entry here).

Clean Temp Files, Temporary Internet Settings and other places computers generally store crap as this speeds up antivirus scans.

Run AVG Free (http://free.grisoft.com/doc/5390/us/frt/0?prd=aff)or Clamwin Portable (http://www.technibble.com/repair-tool-of-the-week-clamwin-portable/) for a full system scan.

If the virus cant be removed by the antivirus programs, I boot into a BartPE enviroment with UBCD4Win (http://www.ubcd4win.com/) and delete it there, or use Killbox (http://www.technibble.com/delete-those-undeletable-viruses-with-our-killbox-tutorial/) within Windows.

chillihead
07-02-2007, 09:43 PM
In order:
Process Explorer (http://www.technibble.com/repair-tool-of-the-week-process-explorer/) to look at the processes running and spot anything suspicious looking.

MSConfig (http://www.technibble.com/how-to-use-msconfig/) to spot any viruses, adware and spyware which are designed to start on bootup.

Add Remove Programs to uninstall any adware or spyware that was found (much of the semi-legit stuff has an entry here).

Clean Temp Files, Temporary Internet Settings and other places computers generally store crap as this speeds up antivirus scans.

Run AVG Free (http://free.grisoft.com/doc/5390/us/frt/0?prd=aff)or Clamwin Portable (http://www.technibble.com/repair-tool-of-the-week-clamwin-portable/) for a full system scan.

If the virus cant be removed by the antivirus programs, I boot into a BartPE enviroment with UBCD4Win (http://www.ubcd4win.com/) and delete it there, or use Killbox (http://www.technibble.com/delete-those-undeletable-viruses-with-our-killbox-tutorial/) within Windows.

Sounds good. Thanks...

Bryce W
07-02-2007, 10:06 PM
Oh, I forgot to add Hijack This! for cleaning up nasties left over by adware/spyware.

If you want an example of how these tools are used in an actual removal situation, checkout this article:
Case Study: Removing a virus/adware (AntiSpyLab) (http://www.technibble.com/case-study-removing-a-virusadware-not-detected-by-scanners/)

These may be useful too:
Case Study: New Malware Hiding in Task Scheduler (http://www.technibble.com/case-study-new-malware-hiding-in-task-scheduler/)
Case Study: Attack of the Legitimate Programs (http://www.technibble.com/case-study-attack-of-the-legitimate-programs/)