My Tune Up Checklist

[Coffee is good :)]

Below is my guide for doing a thorough tune up. What do you think of it and how might I make it better? Thanks in advance.

Tune Up

. Stop unwanted startup programs
. Run CCleaner -> (recover HDD space, cleanse web browser activity, clean out bad registry entries)
. Defragment the hard drive
. Run chkdsk from DOS box -> (test for bad sectors and file system integrity)
. Run sfc /scannow -> (If any changes are detected to a protected system file, the modified file is restored from a cached copy located in a compressed folder at %WinDir%\System32\dllcache.)
. Remove junk/bloatware -> (free up disk space)

. Update all installed web browsers and the latest versions of:
Java, Flash Player, Adobe Reader, CCleaner, Silverlight, Auslogics Disk Defrag, TeamViewer
-> (I give customer's a 30 day guarantee so this makes it easy to remote into a computer to work on it instead having to drive to the customer's house)

. Run Fix IE utility -> (re-registers all the concerned dll & ocx files required for the smooth operation of Internet Explorer)
. Remove MSN Messenger from addons in Internet Explorer -> (load IE faster)
. Check if the Firewall is enabled
. Update DirectX
. Update Windows
. Disable Auto Restart to pause BSODs
. Update the graphics card drivers -> (better stability/performance)
. Check if the system is set to automatically receive updates
. Change Virtual Memory size to: System Manage Size
. Change System Restore to 1-3% depending on size of HDD
. Run Microsoft Security Analyzer
. Visual inspection of motherboard for swollen capacitors and brown/darkish spots
. Test the power supply


Physically clean the system

. Remove internal dust -> (vacuum first, then compressed air, then wipe down with moist paper towels)
. Wipe down the exterior
. Clean the optical drive -> (lens cleaner CD)


Tips:

Non-booting system: Boot to ERD Commander and perform system restore or use UBCD4WIN to get system to boot to Windows.

If viruses are launched even after you boot in Safe Mode and you cannot get the AV software to work, try searching for suspicious entries in the subkeys under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot. Subkeys under this key control what is launched when you boot into Safe Mode. Also, if you are unable to boot into Safe Mode, system files might be infected. Go into the windows directory, sort by date. Check for any files newer than a few weeks.



If the customer has less than 512 MB RAM with XP or 1 GB with Vista/7, then I highly recommend to them to upgrade their memory.
I have a number of sticks from 100MHZ up to 333 MHZ for older systems that are likely to have less than 512MB for XP.
I only charge about a dollar or two above the price I paid for them on Ebay. I store them in an antistatic bag in my tool bag.

 

[LunchBox]

Good check list.

The only thing I would say is that System Restore should be disabled and re-enabled after the virus cleaning.

The reason for this is that if you delete the restore points early on and after you remove the malware you system can be messed up. And the restore points are the things that can easily get you back up and running.

If the device is clean and after reboot all is well then you can remove the restore points. Rebooting the PC will not make any malware hidding in the restore points active. They will would only be active when restoring to one of those points.

Here is a good System Restore point tutorial
http://www.bleepingcomputer.com/tutorials/tutorial56.html

 

[iisjman07]

I thought that was a pretty good list. I was pleased to see a balance between scanners and manual malware removal, and the tuneup seemed reasonable too

 

[ajc196]

Pretty much what I do, but with a couple more.

-Dump restore points & restart system restore service.
-Run JavaRa after updating Java.
-Install WOT in all browsers.

As for the process, it usually goes like this: blow out/clean ---> backup ---> HW diags ---> malware removal ---> tuneup ---> test devices and apps.

 

[Coffee is good :)]

Good check list.

The only thing I would say is that System Restore should be disabled and re-enabled after the virus cleaning.

I agree

I thought that was a pretty good list. I was pleased to see a balance between scanners and manual malware removal, and the tuneup seemed reasonable too

I prefer to do a very thorough tune up so that the system works great, which makes the customer incredibly pleased. I charge $55 for a tune up, $60 with virus removal, or $65 if the system is FUBAR and I gotta do a reinstall. All three include a tune up.

Pretty much what I do, but with a couple more.

-Dump restore points & restart system restore service.
-Run JavaRa after updating Java.
-Install WOT in all browsers.

As for the process, it usually goes like this: blow out/clean ---> backup ---> HW diags ---> malware removal ---> tuneup ---> test devices and apps.

Would it be fine to just uninstall legacy versions of Java?

 

[Coffee is good :)]

I came across another user's post on how they do their virus removal and decided to adapt it to my own needs. This is it right now:


Virus Removal

1) Boot up computer and get a feel for how bad the infection is.

2) Boot the computer to a Live CD
- Before CD loads completely, insert USB stick with your tools on it. This is so you can copy files onto the HDD before you reboot.
- If you make a WinPE CD, make sure that hidden files are visible. This can be done with through the registry when the CD is first loaded.
- Run CCleaner to remove temp files that may harbor viruses

3) Use EzPcFix
- If it’s XP click load hives
- If it’s Vista or 7 replace “Documents and Settings” with “Users” and click load hives
- If it’s XP delete temp files (select everything but History). This doesn’t work with Vista or 7
- Open up registry keys and delete any suspect entries (or take the time to learn what to delete)
- Take note of file locations so you can delete those later
- Open registry values and correct any wrong values (or learn what to do here)
- Open browser helper objects and delete anything suspect
- Open downloaded program files and click “remove items”
- Open services and cycle through different control sets and options. This is a good place to find some rootkits
- Reset Winsock
- Open pending file rename operations and cycle through control sets
- Open text files and check the hosts file and others

4) Manually look for malware files sorting by date and company name
- TIP: Some file explorers let you create Bookmarks for these locations. Use Explorer++ on custom WinPE CD.
- root of C:\
- C:\Documents and Settings\user name\local settings
- C:\Documents and Settings\user name\application data
- C:\Users\user name\appdata
- Don’t forget to check “all users” and “public” as well
- C:\Program Files
- C:\Program Data
- C:\Windows
- C:\Windows\system32
- C:\Windows\system32\drivers
- C:\Windows\fonts

5) Copy tools from USB stick onto HDD.

6) Reboot computer and see how things are.
- There should be no serious problems left.
- If there are, go back to step 2 and get some more practice.

7) Run CCleaner
- If it’s a Vista machine EzPcFix won't delete temp files correctly.
- Malware hides in temp files and also these files increase AV scan time.

8) If you aren't confident that the infection is gone, or if it was a serious infection, run ComboFix.

9) Use AutoRuns & Process Explorer & HiJackThis

10) Reset Internet Explorer settings to default.

11) Run virus/rootkit scans and save/print log

12) Proceed to tune up the computer

13) Disable and then Enable system restore.

 

[iisjman07]

I made a Tuneup Checklist but for malware removal I usually approach it differently depending on the infection and severity, so making a list would be long and boring

 

[Coffee is good :)]

I made a Tuneup Checklist but for malware removal I usually approach it differently depending on the infection and severity, so making a list would be long and boring

I really like the tune up checklist spread sheet. I might modify it and use it
+1 Good stuff

 

[datadatau]

+1
Thanks for the list