standard operating procedure for virus/spyware removal jobs

[Afford-A-Tech]

I usually evaluate the state of the system initially and if it looks like it is massively infected I advise an uplift. You can never judge how long some of the scans will take and I explain that I could be sat here watching scans run for 4-5hours whilst charging or I can take it back to the workshop and charge less. They are usually happier with this option.

If the PC only appears to have minor infections than:

ATF Cleaner
Combofix
Malwarebytes quick scan
AV scan with Avast or Avira
Hijackthis

This will usually take between 1 and 2 hours. If Combofix and Malwarebytes are finding loads of infections though I will advise the customer to rethink the uplift.

Would you recommend to do this all while in safe mode. also what are your thoughts about use a PE Based Live Cd to do all of that. Although i do not like to rely on live cds all the time.

 

[ASDCR]

eh

vundo/XPav2008 runs in safe mode too






so.. don't bother!

 

[Fixedathome.com]

Would you recommend to do this all while in safe mode. also what are your thoughts about use a PE Based Live Cd to do all of that. Although i do not like to rely on live cds all the time.

I usually try normal mode if possible.
I will quite often run an Avira scan from a PE disk on a badly infected system and then go through the steps I mentioned above. This does add to the time though so probably not worth doing onsite.

 

[Fixedathome.com]

eh

vundo/XPav2008 runs in safe mode too






so.. don't bother!

Don't bother trying to remove them?

 

[iptech]

A reasonably confident/competent tech shouldn't be relying upon 3rd party scanning software to do the job, you should be able to see where and when the virus is operating and you should disable and eliminate as much of that virus before you run any scanning or cleanup software.

No customer is going to be happy paying you $50+ an hour to sit and watch a $20 piece of software running only for you to give up and opt for 'nuke and pave' because the virus still runs under Safe mode.

 

[ASDCR]

"don't bother" going to safe mode



i've cleared viruses in normal mode - "safe" mode isn't a sanctuary anymore

the biggest baddest nastiest nasties snicker at safe mode






so don't bother

*shrug*

 

[iptech]

"don't bother" going to safe mode



i've cleared viruses in normal mode - "safe" mode isn't a sanctuary anymore

the biggest baddest nastiest nasties snicker at safe mode






so don't bother

*shrug*

I'll stick to my methods and you stick to yours. But thanks for the indifferent response anyway.