System Restore to remove viruses?

[Galdorf]

System restore is never a good idea due to possibility that the restore point could have infected files and chance that a rootkit/bootkit would just re-infect the machine.
Best to start with external scan via rescue cd- kaspersky or slave into test bench and scan.
That way you get to detect and remove rootkit/bootkit/virus/trojans and worms.

[MobileTechie]

I think it's often a great first step. You can scan for rootkits etc later. Quite often it works wonders and gains you full online control of the machine.

[npinc]

Quote:

Originally Posted by Galdorf

System restore is never a good idea due to possibility that the restore point could have infected files and chance that a rootkit/bootkit would just re-infect the machine.
Best to start with external scan via rescue cd- kaspersky or slave into test bench and scan.
That way you get to detect and remove rootkit/bootkit/virus/trojans and worms.

That works well with many infections, but not all. We just found that accessing the drive remotely and manually pulling infections out of key folders accelerates the process for us (and we don't even have to meddle in personal folders to do it).

A manual process works well for infections that hide and monitor others, disables key resources, etc. We can do it quickly because we know exactly what we're after and where to find them. That's probably a good part of what sets us head and shoulders above any competition. We've run into many occasions where the previous tech missed key files. Simply using automated tools is insufficient.

It might not work well for the next person if they don't know exactly what they're targetting though, so individual mileage may vary.

[Trusted IT Solutions]

Quote:

Originally Posted by npinc

It might not work well for the next person if they don't know exactly what they're targetting though, so individual mileage may vary.

How do you know which folders to check for each virus? Or do you check the same (common) ones each time?

[Galdorf]

Quote:

Originally Posted by npinc

That works well with many infections, but not all. We just found that accessing the drive remotely and manually pulling infections out of key folders accelerates the process for us (and we don't even have to meddle in personal folders to do it).

A manual process works well for infections that hide and monitor others, disables key resources, etc. We can do it quickly because we know exactly what we're after and where to find them. That's probably a good part of what sets us head and shoulders above any competition. We've run into many occasions where the previous tech missed key files. Simply using automated tools is insufficient.

It might not work well for the next person if they don't know exactly what they're targetting though, so individual mileage may vary.

Problem with that method is if all the exe's ,com and dll's are infected you miss them eg. w32.Virut ect.

I do a external virus scan on a fast test bench followed by manual inspection for unknown rootkits/bootkits or zero day fake av's ,autoruns,scan processes which takes 30 mins at most for whole thing.

[npinc]

Quote:

Originally Posted by Galdorf

Problem with that method is if all the exe's ,com and dll's are infected you miss them eg. w32.Virut ect.

I do a external virus scan on a fast test bench followed by manual inspection for unknown rootkits/bootkits or zero day fake av's ,autoruns,scan processes which takes 30 mins at most for whole thing.

Actually, I don't. We're VERY familiar with Virut. We know exactly what we're looking for and how to identify its nasty presence in a hurry. Virut can't be removed fully and cleanly by virus removal tools, despite what they themselves claim. It's a nasty bugger of a virus.

Also, it's not a carte blanche process, hand picking is just one of many things we do. We don't disclose our complete process. We just clean up the messes.

[Cadishead Computers]

@npinc, I have just had a look at your site, very impressive.

However, I'm not sure if your aware of this or not, but clicking on your parts tab, and from here to the online parts catalogue, it appears that zen carts has only just been installed, and there is what looks like setup information displayed throughout the catalogue pages.

Apologies, if you did know about this, but thought I would let you know in any case

[npinc]

Quote:

Originally Posted by Cadishead Computers

@npinc, I have just had a look at your site, very impressive.

However, I'm not sure if your aware of this or not, but clicking on your parts tab, and from here to the online parts catalogue, it appears that zen carts has only just been installed, and there is what looks like setup information displayed throughout the catalogue pages.

Apologies, if you did know about this, but thought I would let you know in any case

Thanks so much. You're right. I TOTALLY forgot about the link on that page and I really appreciate the reminder! I'm setting up a new online store and only have the base install in place at this time. I changed from the old provider and rerouted the domain.

I should fix that right away. Thanks again.

[Cadishead Computers]

Not a problem buddy. As I mentioned, I wasn't sure if you were aware of it or not. Didn't want you to think I was putting my nose in where it wasn't wanted etc.

Fresh pair of eyes, always helps

[npinc]

Quote:

Originally Posted by Cadishead Computers

Not a problem buddy. As I mentioned, I wasn't sure if you were aware of it or not. Didn't want you to think I was putting my nose in where it wasn't wanted etc.

Fresh pair of eyes, always helps

Absolutely. I created a quick temporary index page until I get it up and running. Anything else you find, please let me know. So much appreciated.