Remote Repair

geekhelp4u

geekhelp4u

Member
Reaction score
3
Location
Cypress, Texas
Hey all,

What are the best steps and programs in order that you guys use to repair virus/spyware/malware infected machines quickly over a remote connection?

Portable apps are great onsite, but what do you use over a remote connection?

external scans are obviously out of the question for remote repair.

I am guessing a combofix, smitfraud fix, superanti, malwarebytes, and ccleaner are a great start - as well as the avast virus scanner... any other great progs to add???

Also, it looks like some have their restore points infected... is there a good restore point delete prog to get rid of all the old bad infected ones?

Thanks
 
I don't know of a way to delete particular restore point files, but turning off system restore deletes them all; turning it back on will start fresh.
 
System Restore Points

If the Computers Support VPro You could Actually Remove them Via the Recovery Console.

Basic Information on VPro
http://en.wikipedia.org/wiki/Intel_vPro
It Must be turned on in the BIOS, but will allow Remote Access to BIOS, Through Booting.

Another option is To Use a Windows PE Environment CD Preconfigured with Specific Network Drivers for the computer and Make sure Boot From CD is Enabled. This would require you to have them either Insert the CD For you (That you could snail mail) or you could ask them to insert a Rewritable CD. My Preferred Option. After Making Changes, Scans, Etc... Outside of Windows, Erase the CD and IT will boot back into Windows Just Fine. Need to boot back to Windows PE, Rewrite your Image back on to the CD and Reboot.

A Good Place too look for a working copy of Windows PE that supports lots of Network Cards out of the box is The Reimage.com bootcd.


Hope this Helps.


One Last Thing Probably a bit Easier Too. You Could always Boot To Safemode with Networking.... (Can be hard if you don't have the right Remote Support Tool) and Then Change the Permissions like so

In Windows Explorer click [Tools] [Folder Options]
Click the [View] tab, click [Show Hidden Files and Folders]
Clear [Hide protected operating system files (Recommended)] check box.
Click [Yes] on the change confirmation box and click [OK] to exit.
Right-click the System Volume Information folder in the root folder.
Click [Properties] and select the [Security] tab. Click [Add]
Enter the name of the user you are allowing access to the folder.
Click [OK], and then click [OK].
Double-click the System Volume Information folder to open.
 
Thanks for the heads up... I can support safe mode networking connections.. my remote software is Bomgar... guess the best bet would have them download firefox through command line prompt since IE will not open.

I have done this before, but can't seem to find it! Can anyone kindly give me the command to download firefox through a command prompt???

The PE idea is out...would have been my first choice... but our machines use SafeBoot drive encryption that will not allow you access to the drive in a boot environment.
 
geekhelp4u said:
I have done this before, but can't seem to find it! Can anyone kindly give me the command to download firefox through a command prompt???

The PE idea is out...would have been my first choice... but our machines use SafeBoot drive encryption that will not allow you access to the drive in a boot environment.
Click to expand...


Not sure if this is still relevant but you could have them download it via FTP through the command line.

ftp releases.mozilla.org
Connected to releases.geo.mozilla.com.
220-
220-
220-Welcome to TDS Internet Services - anynymirror101.mirrors.tds.net (New York)
FTP service.
220-
220
User (releases.geo.mozilla.com:(none)): anonymous
331 Please specify the password.
Password:
230 Login successful.
ftp> cd pub
250 Directory successfully changed.
ftp> cd mozilla.org
250 Directory successfully changed.
ftp> cd firefox
250 Directory successfully changed.
ftp> cd releases
250 Directory successfully changed.
ftp> cd 3.0.3
250 Directory successfully changed.
ftp> cd win32
250 Directory successfully changed.
ftp> cd en-US
250 Directory successfully changed.
ftp> get "Firefox Setup 3.0.3.exe" ff3.exe
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for Firefox Setup 3.0.3.exe (7508608 bytes).
226 File send OK.
ftp: 7508608 bytes received in 78.36Seconds 95.82Kbytes/sec.

THe commands in bold should theoritcally download the file the ff3.exe in the current directory.

Also if you search the forums you will see their are other 3rd party tools that allow you to do this exact thing with much less work. But this should work on every standard install box.

Hope this helps
 
'Remote Support System' lets you have up to 10 software tools right there in your... connection? The have a 'tool builder' that you can make your fav programs a single .exe that when you launch it remotely, just unpacks it and runs it on the remote pc.. no installing... no uninstalling involved. It's really a neat feature.

I bought RSS a couple years ago but am just getting it implemented now. Has all the neat features.. automatic reboot and reconnect in safe mode is a big one, for me anyway. The customer doesn't have to install anything and it's not web-based which is nice. They have a "client builder" which you set up all your settings and creates a very small .exe that the client runs (from their desktop, a website, etc) and when you disconnect just disappears from the remote machine.. unless you drop the "listener" module on the machine while you're there.

Anyway, like I said I bought RSS a couple years ago and still can't find anything I like more (other than probably LogMeIn Rescue). But I just can't afford that. I hadn't seen any talk about it on the forums, so I thought I'd let you all know about it.

Good luck.

Kirby
 
LogMeIn Free supports a "Reboot to safe mode" option, and with 25+ machines on my account, still hasn't asked me to upgrade to Pro.

So as long as the system isn't SEVERELY borked and is still appearing in the computer list, you can connect, update and/or install your AV tools, reboot into safemode, reconnect, run the scans, and fix the computer. It even has a "hard reboot" to avoid logoff processes that could potentially restore malware functionality, although that reboots back to normal mode, but hey, it beats driving, amirite?

I've done about a half-dozen removals since picking up LogMeIn 6 months ago, and I love the heck out of it. I've been able to fix darn near anything that doesn't require slaving the drive to another machine or a repair install.

The only big downside is you have to have pre-configured the user for LogMeIn with the Free account.
 
RyanMeray said:
LogMeIn Free supports a "Reboot to safe mode" option, and with 25+ machines on my account, still hasn't asked me to upgrade to Pro.
Click to expand...

Where do you access the "safe mode" reboot option, maybe it is only in Windows and IE, I am primarily running in in Ubuntu and Firefox

I have 67 on mine, I have used it for 3+ years for free and I never get bugged
 
doortodoorgeek said:
Where do you access the "safe mode" reboot option, maybe it is only in Windows and IE, I am primarily running in in Ubuntu and Firefox

I have 67 on mine, I have used it for 3+ years for free and I never get bugged
Click to expand...

Might only be in Windows, but it's definitely in Firefox. After connecting to the computer, while at the "Home Screen", go to "Preferences," "Reboot Options" and you'll see it in there.
 
You must log in or register to reply here.

Similar threads

Diggs
Spectrum Security Alert
Replies
10
Views
884
Diggs
Diggs
M
Syncro Vs SimpleHelp
Replies
5
Views
3K
YeOldeStonecat
YeOldeStonecat
RetiredGuy1000
Interesting article on the changing role of the computer repairman
2
Replies
31
Views
4K
Sky-Knight
Sky-Knight
Frick
Anyone have expierience removing GozNym yet?
Replies
14
Views
2K
CW2CAK
C
HCHTech
Windows 10 unidentified network
Replies
6
Views
2K
HCHTech
HCHTech
Back
Top