Best software load for starting out

[ComputerDuder]

Hi Guys (and gals). I'm re-starting my business now that I've moved into a populated area and have just about everything in place. The only sticking points I have right now are software tools for virus/malware removal, along with other fixes. I have the free version of D7, and it looks like it'll come in handy, but when it comes to virus/malware removal, there is just so much out there, and a lot of the tools listed in the TN software list for this kind of stuff are outdated.

So, what would fellow Technibblers recommend for someone starting out? I will also be doing remote support, so would like to find virus/malware removal tools that would work well in that environment as well. Thanks!

Joel

 

[bertie40]

Different tech prefer different tools. It's what you feel happy and confident about using. Also, look at the type of work you get in. Get the software (and hardware) to suit.
D7 is a good starting point. I'd learn my way around that, and delve deeper into the individual components.

There,.....
I've resisted the impulse to suggest hitting the "search" button.

 

[ComputerDuder]

You people and your mythical 'search' button!

Seriously, I've looked at just about every thread in this part of the forum. There's just so much data to choose from, not to mention the passage of time. I'm the poster child for Executive Functioning Disability.

 

[smashedbotatos]

It all depends on how you want to go about it. What is your procedure? Do you prefer a rescue disk, winpe, safe mode, or normal mode?

My process is as follows if I suspect an infection. After disk is successfully imaged and proper hardware diagnosis.
First, I PXE boot Kaspersky Rescue Disk, scan
Second, I boot safe mode or WinPE
Third, Malwarebytes
Rest as needed
Fourth, SuperAntispyware
Fifth, Hitman.pro
Sixth, TDSS Killer
Last, ComboFix
Then boot to normal Windows or (if in PE just start d7) and use d7 to fix anything that the infection may have broken. Proxy, hosts, redirects, browser extensions, etc.

Hope this is helpful.

 

[atlanticjim]

My method is similar to Smashedbotatos.

Here are my steps

Remove the passwords.

Image the drive.

If at all possible get running in normal mode with killemall or msconfig diagnostic startup. If that won't work, I look for a good restore point to start from. Remember that most tools expect to run in normal mode. If I can't get there, I boot with DrWeb LiveDisk and let it do its Kaзaчoк dance.

Turn off Windows update. (So it doesn't try to install updates while I am doing other things.)

Remove all junk and temp files and all but the last three restore points (no sense in scanning those)

Set a restore point.

Temporarily add some RAM to speed my next processes (based on this, I might suggest to the client a RAM upgrade as an up-sell. I have never had them refuse that)

MBAR. I have dumped TDSSkiller, at the suggestion of users from here, in favor of MBAR from malwarebytes.

MBAM.

Hitman Pro

ADWCLeaner (replacement for SAS, I don't know if it is technically any better, I just like the interface )

At this time I get out of diagnostic mode and use Autoruns to look for anything I can disable on startup. As an aside, lately it have been leaving JAVA update and FLASH update in the auto runs because of all the spoof websites that suggest downloading an update.

Check that necessary processes are running and I use D7's tools to reset and repair services.

Now that the virus removal portion is done, I move to the tuneup.

WSUS offline update.

Turn on windows update.

PatchMyPC to update all the software.

Update and scan with whatever antivirus they are using.

Remove the RAM I temporarily installed.

Call the client and make suggestions for changes and upgrades. eg. Change antivirus, add MBAM Pro, add RAM, Upgrade HDD, retire this computer and get a new one "I will be happy to migrate all your important documents and files to the new computer".

I think I have included all the steps. This has been my process for the past few months but I am always looking for good recommendations to tweak it.

 

[ComputerDuder]

Awesome, thanks a lot guys!

 

[cstech]

I will say one of the biggest aids for me starting up was D7. I purchased it before I struck out on my own and was using it will still at a "big box store" technically we weren't allowed such a nice software package because they one, they were too cheap to get it for the techs and two they didn't think any of the techs they hired was smart enough to use things like that. (most of them I have to say aren't) This one software package is what I used to set my procedures for most everything I do. I set things up to run the way I want and just hit "auto" and move on to another system while it does it's thing.

I have done the "install extra ram" trick many times. What I do is tell the customers when I call to let them know it is ready that I did install some more memory into their computer to complete the work in a more timely manner. If they would like to me to demonstrate the difference in speed when they come in to pick it up I would be more than happy to leave it in. They either respond, No, I just want to pick it up and go. or Sure, and how much would it cost to just have it run faster... for me it is about 75% that go for it.

If it is a virus removal one of the first things I suggest is a different AV program because obviously the one they had didn't protect their browsing habits. I very rarely have a VR that does not get some kind of upgrade for a AV program.

Another very useful tool is things like NTpswd, a few live Linux disks, as well as gparted or clonezilla or some type of disk imaging software. As Jim says he images the disk first. I have found this to be a very good practice as a just in case... We all know that the end user hasn't backed up their system and if something happens to there super important data it will be all on you t try and get it back or.... well like I said we all know the story.

So tools, yep D7 would be the one thing if you don't get anything else yet get that.

Charles
cstechsolutions.biz

 

[MasTech]

While is it not all inclusive... Look into SARDU. It prepares ISOs and bootable USBs that can load a number of useful tools and OS installers. It also includes a feature to download some of the supported versions of live linux distros & various bootable anti-virus/malware kits. Add the fact that it comes with the useful option to add a mix Windows (XP/Vista/7/8) installs.

It's a very easy way to have a semi-one stop blue-ray or USB for system clean up, repairs, and OS installs.

The Win32 based tools that are mentioned above can be included (or added to a USB post prep for use in working in a Windows environment.

There are other tools that do the same. Sardu just happen to be the one that was a help in a time crunch.

 

[gunslinger]

I have a few 16 gig flash drives with my "Mobile kits" on them and then some external 500gb HDDs for other things like backing up customer date and storing ISOs.

The mobile kits were made with Xboot and a customized start menu. The drives are bootable and have Lubuntu, Linux Mint, Active Boot CD, Hiren's on them. The menu once booted contains maybe 150 tools that get updated daily with ketarin.

I tried D7 and its a great idea and a good tool. Same idea me and several other techs have had. But I find the UI so horrible I hate working with it.

 

[kwest]

Good god man how long does it take you to run all those scans?

Here is my process

Malwarebytes ccleaner and patchmypc all running the same time
With ccleaner I uninstall bad programs and disable ahead add ons
Fix issues reboot run malware again and make sure it is clean
Check browsers and make sure they are not hijacked. If they are run adwcleaner
This cleans about 95%
If still infected I dive deeper with combofix or hitmanpro

That is how I am able to offer a 24hour turnaround time.

I get maybe get 1 out of 100 that will come back reinfected.

 

[Xander]

Kwest, you're saying that you're "main" virus removal tool is an anti-malware tool and not an actual antivirus one? Ooookay.

So, from what you've detailed, at no point do you run an actual antivirus?

 

[mikeroq]

I don't have the best infrastructure at work, so I don't really image or backup many peoples computers. I do an image if I am upgrading their OS or fresh installing. I wish I could do it every time but I have a 10/100 network so doing it over the network takes too long, only one external HDD, and just under 1tb of space on my bench machine.

First thing I do, I turn it on and look it over. See whats going on, some customers descriptions suck. I do test hard drives but don't really run memtest. Don't have the time and boss would get mad.

These are some of the tools I use:

Boot discs: Hirens, UBCD, WinPE, Paragon, I did use the Kapersky rescue disc again recently but it was damn slow.

Stuff on my flash drive. Three folders:

Cleanup Package:

• ccleaner
• defraggler
• HijackThis
• MBAM
• McAfee Stinger
• Spybot
• Rkill
• Adwcleaner
• Combofix
• FSS
• HitmanPro
• JRT
• KillZA
• RogueKiller
• TDSSKiller

Installs & Updates (not very big)

• Ninite (with flash)
• Windows Live Essentials
• IE8 for XP
• Windows Update Agent for XP
• .net, .net 2, .net 3, .net 3.5, .net 4

Programs & Tools

• Advanced Tokens Manager
• Key Update Tool for XP
• OEM Cert Autoinstaller
• OPA Backup
• Chrome Portable
• Burn in Test
• GSmartControl
• Hyper PI
• RealTemp
• SIW
• TestDisk
• SpeedFan
• Prime95
• 3DP Net
• 3DP Chip
• Double Driver
• Fab's Autobackup4Tech
• Nirsoft Utilities
• TeamViewer Portable
• ShowMyPC
• CIntRepair
• FileRepairPortable
• FixWin
• Microsoft Fixit
• Tweaking Windows Repair
• Browser Repair Tool
• ComIntRepair
• File Association Fixer
• MiniToolBox
• Notifications Cleaner
• Reg files to fix .exe
• disk2vhd
• gimagex
• imageusb
• imagex
• KeyFinderThing
• PatchMyPC
• PC Decrapifier
• Pidgen
• Putty
• Recover Keys
• Recuva
• vhd2disk
• WinsockxpFix
• XP Toolbar Fix

I am going to add more registry files, default services for xp/vista/7/8. Still got more to find though.

 

[kwest]

Kwest, you're saying that you're "main" virus removal tool is an anti-malware tool and not an actual antivirus one? Ooookay.

So, from what you've detailed, at no point do you run an actual antivirus?

Are you saying that malwarebytes doesn't scan and remove viruses? It does. Again I test and scan with more if it doesn't clean it all.

 

[ohio_grad_06]

Also, have not seen these all mentioned. 3 biggies for me.

Rogue Killer
JRT
ADWCleaner

Many times those three programs do most of the job. For me those three alone have cut most of my cleanup times significantly because they are quick and efficient, many times I can run those and follow up with a full AV scan and if they come back clean call it good if things seem to act right. Not always of course. Galdorf in another thread mentioned that Anvi rescue cd seems good for ransomware. I'm quite fond of Avast myself for free antivirus for others.
Tweaking.com repair tool as someone mentioned is great.

I recommend parted magic for something bootable that you can use to recover files, change passwords, partition, you can do cloning with it, etc.

I also am fond of Acronis for the ease of use. I'd also recommend considering to keep a bookmark to blackvipers site for the stock registry entries for Windows systems.

Some posted a site recently, gegeek.com that has quite a few guides and links on it that would probably be invaluable to you.

 

[mr m]

Are you saying that malwarebytes doesn't scan and remove viruses?

I was under the impression that MBAM does not remove viruses so I Googled it.

Malwarebytes Anti-Malware is not meant to be a replacement for antivirus software. Malwarebytes Anti-Malware is a complementary but essential program which detects and removes zero-day malware and "Malware in the Wild". This includes malicious programs and files, such as virus droppers, worms, trojans, rootkits, dialers, spyware, and rogue applications that many antivirus programs do not detect or cannot fully remove. That being said, there are many infections that Malwarebytes Anti-Malware does not detect or remove which any antivirus software will, such as file infectors. It is important to note that Malwarebytes Anti-Malware works well and should run alongside antivirus software without conflicts. In some rare instances, exclusions may need to be set for your specific antivirus product to achieve the best possible system performance.

https://helpdesk.malwarebytes.org/e...ytes-Anti-Malware-replace-antivirus-software-


I usually scan in this order: rootkits, malware and then viruses. Of course as we have all realized over the years nothing is set in stone as our daily routines constantly morph unlike a plumber or carpenter. I don't know when malware overtook viruses. Maybe when the hackers realized it's more fun to make money then blow up a system.

 

[NYJimbo]

Kwest, you're saying that you're "main" virus removal tool is an anti-malware tool and not an actual antivirus one? Ooookay.

So, from what you've detailed, at no point do you run an actual antivirus?

LOL, I'm always amazed how many techs use a minimal amount of tools and think the machine is clean just because they don't see any obvious viruses. I know a tech who runs mbam quick, SAS and TDSSKILLER, if nothing weird seems to be happening after that, he gives it back to the customer. When I mention all the new tools he says "I don't see a need for them".

These threads show which techs really get it and those that don't.

 

[kwest]

I believe that is for active scanning not removal processes. I would never have just malwarebytes on a system. After my process and I verify the system is running clean.

I have 4 in the shop today. I will run some antivirus after my process and see what comes up. I have done that in the past and results are zero.

 

[kwest]

Not trying to start an argument here but are steps 4 5 and 6 finding anything and how long are you keeping the persons computer?

I have been in business for 8 years and rarely get reinfections from my process. I give a guarantee to reclean if it gets reinfected and I think I received one comeback last year.

 

[CLC]

I believe that is for active scanning not removal processes. I would never have just malwarebytes on a system. After my process and I verify the system is running clean.

I have 4 in the shop today. I will run some antivirus after my process and see what comes up. I have done that in the past and results are zero.

Run a full scan with kav rescue, or bitdefender live if you really want a test.

As a rule of thumb I always run an offline scan before I do anything else, it may be overkill but I'ts not like I have to sit and watch the progress bar.

Edit: I do run a hard drive test and clean all the temp files first I guess. ^ Would be the second thing I do.

 

[ComputerRepairTech]

Good god man how long does it take you to run all those scans?

Here is my process

Malwarebytes ccleaner and patchmypc all running the same time
With ccleaner I uninstall bad programs and disable ahead add ons
Fix issues reboot run malware again and make sure it is clean
Check browsers and make sure they are not hijacked. If they are run adwcleaner
This cleans about 95%
If still infected I dive deeper with combofix or hitmanpro

That is how I am able to offer a 24hour turnaround time.

I get maybe get 1 out of 100 that will come back reinfected.

They are correct your process is flawed. Its not terrible but your process is only targetting malware that effects browsers and other various junk that malware bytes picks up on. You miss out any rootkit that only has an info stealing module enabled. Granted most of them have additional redirect modules enabled some will not. Also not every single one that installs redirects etc will do it on every reboot though most will. I think at the very least you should throw in a rootkit scanner first like MBAR if you dont want to do a seperate AV scan at least make sure the active AV is working prior to doing the malware bytes scan (assuming full scan).