Streamlining Virus Removal/Tune Up Process

[vitalgeek]

Here is what I currently have and it gets the job done time and time again, I just want to see what you all think I could do to streamline it. This is in order (i.e. run rkill first, then tdss, etc):

rKill - scan and manually remove

TDSSKiller - scan away

CCleaner - Use to empty the recycle bin, clean temp folders and cookies, etc. When done with cleaning use the registry scanner to fix the registry.

Autoruns - Remove all unverified/unnecessary startup processes.

Process Explorer - Remove all running suspect processes.

Cintrep - Internet "fixer-uper" lol(this is one I think I might be able to get rid of, though it has helped before. I feel it can keep the first call resolution down)

HiJackThis - Scan with HiJackThis and scan the results at www.hijackthis.de.

Mats WinSecurity - Tool from Microsoft that fixes commmon problems.

Malwarebytes - Run Malwarebytes to scan for malware.

Disk Defrag - Defrags Disk

Check Device Manager for outdated/uninstalled drivers

Open CMD and use "chkdsk c: /f /r" and "sfc /scannow"

Run updates

Talk to cx, see if they need anything, inform of future steps, offer to remove installed programs.

Note: if in shop, clean physically! Remove dust, wipe down exterior, etc. Also visually inspect the motherboard for swollen capacitors and brown/darkish
spots and test the power supply.

To be honest, I want to remove or modify the things that take forever like mbam, defrag, chkdsk, sfcscan, updates, etc. What would you do?

Thanks

 

[PC Problems]

Hi, I would remove/change the following from your list:-

Defrag is a complete waste of time - takes ages to complete and *MAY* save 1 - 2 seconds loading time!

Inform customer to do the updates in their time, and educate why they need to. Change update settings to automatic.

SFC - I only do this if Windows is running poorly.

Replace chkdsk with chkdsk c: /p

DO NOT remove mbam from the process! Use the quick scan instead of full.

Also check Add/Remove for toolbars and other crap installed...

Before doing anything, make a Restore Point and install the Recovery Console if XP, this has saved me from countless disasters!

Mike.

 

[16k_zx81]

Yep it's a hefty list. My 5c would be just to say, automate whatever you can. If you can script it, or run it from a third party app, it's a good way to go. If you are running all those apps manually (starting and checking each one sequentially) its more time than is necessary at the machine / bench.

(oh, except the bit about talking to customers. I wouldn't automate that, even though I would like to sometimes)

 

[Cambridge PC Support]

Also, image drive first to cya.

What's Mats Winsecurity then? I couldn't see it on the Microsoft site.

Replace chkdsk with chkdsk c: /p

this is only within the Recovery Console

 

[Kitten Kong]

I like the list, but as has been said, automate what parts of it you can.

Personally I would use fabs to backup all the clients data first cya.

Most of this can be done with D7. Which automates the majority of what your using.

Ditch the defrag.

Change hijiack this to OTL by old timer - Far deeper scan, and checks for far more than hjt.

Use Hitmanpro as my main scanner.

As well as mbam, use SAS as a second scanner.

I would check the drivers out on driveragent.com (or similar), if new drivers are required, then you could consider it additional revenue.

Lose chkdsk and sfc. Only need this if there are problems with the file structure.

Instead of CCleaner, I would use TFC (Temporary File Cleaner - this prog cleans ALL users temp files, rather then the current users, takes a tad longer to use, but cleans deeper).

If the client did not originally have any security products on the machine, I would install SAS pro, and kaspersky AV. Both on trial versions, very good reason for up sell opportunities, with some good margins.

 

[Tekguy]

Definitely drop the defrag part. Vista & Win7 automatically defrag a drive so any newer pc doesn't even need defragged & even on WinXP pc's a defrag hardly makes a noticeable difference.

The creators of Malwarebytes recommend a quick scan instead of a full scan. That's going to save you quite a bit of time also.

 

[732914TECH]

our process is pretty similiar to yours minus the defrag part

 

[vitalgeek]

Defrag is gone, and I'll be looking into D7.

Thanks for the input and keep it coming!

 

[Xander]

Mine was pretty close to what D7 does. I'm not so busy that I can't throw in some 'value added' perks like leaving it on overnight to do a full scan and defrag. Plus, when it comes to systems that have infections, I'd rather be more thorough than less.

I also do a CrystalDisk & HDTune check on every system. They only take a minute and, if the hard drive is bad, it's better to know and offer pre-emptive cloning than to have them come back a few months later with a dead drive.

 

[Tony_Scarpelli]

I always enjoy this laundry lists as it gives me a chance to see what others are doing, ask myself why this or why that? Its a good exercise.


Thanks.

 

[cyabro]

Not sure why some people are saying "don't bother with a defrag as it makes no difference."
We run a defrag on pretty much every machine that comes in the workshop, using MyDefrag, and notice a big improvement on all of them. It does take a long time to run if it hasn't been done before but I think it is worth it.

 

[vitalgeek]

Can't do D7. It's too large of a file for remote support, and if the customer's speed is slow, could take forever.

 

[Kitten Kong]

how about if you put d7 into your dropbox folder, and access it from there?

You dont have to run all the scans either, just the ones you need or want to.

 

[axslingr]

Not sure why some people are saying "don't bother with a defrag as it makes no difference."
We run a defrag on pretty much every machine that comes in the workshop, using MyDefrag, and notice a big improvement on all of them. It does take a long time to run if it hasn't been done before but I think it is worth it.

100% agree. MyDefrag works great.

Lance

 

[ubuzz]

100% agree. MyDefrag works great.

Lance

I've never used MyDefrag ... I'll have to check it out.

 

[FoolishTech]

Can't do D7. It's too large of a file for remote support, and if the customer's speed is slow, could take forever.

I keep D7 and 3rd Party Tools in an archive on my webserver for downloading on client's PCs when working remotely. I also keep D7 in a separate zip without the 3rd Party Tools for a faster download (or transfer via Teamviewer), when the situation doesn't require the other tools immediately, or at all. Even the full archive typically only takes a few minutes to download *shrug* but then again, I'm patient, and frequently getting up for coffee refills. I have had a few people wonder what I'm doing and I merely tell them I need to transfer the appropriate tools to their PC for the job I'm doing.

Frequent offenders of remote support, like our business customers with contracts, get D7 left on their PC in a \Support directory, so next time I connect I can go there and just update it.

To throw in my 2c on defrag, while I agree it is usually pointless, sometimes I do run across a system where the volume is so severely fragmented it does noticeably impact performance. So I always try to check the fragmentation percentage of the drive and if severe, (or I just have extra time with the PC) I'll go ahead and do it. When working remotely or in a time sensitive situation, if I feel there is a need for it, I will instruct the client on how to do it.

 

[quinnlaup]

This thread has got me thinking that our removal proceedure is far too long currently we

1 Run TFC
2 Full scan SAS
3 Full scan MBAM
4 Hitman Pro
5 Spybot (rerun on all individual user accounts) always finds things albeit low level
6 GMER
7 Avast (rerun until clean scan result)
8 HJT
9 Autoruns
10 Windows Updates
11 Defrag

On rogue type infections i normally remove it manually with autoruns and regedit etc then run SAS and MBAM until the scans come back clean.

I realise this process seems MUCH longer than others listed here and i would welcome constructive criticsm/suggestions. I noticed that no-one has mentioned using an AV. Our process although long seems to give good results but turnaround for virus removal (not rogues etc) is normally 2-3 days which i would like to shorten but still be confident that machines are going out clean. I look forward to hearing your thoughts


kind regards

quinnlaup

 

[stevenamills]

Good thread.

One thing that I always do, towards the end, is make sure MS updates work. The whole process is so poorly
executed that the slightest discrepancy will cause it to fail - permissions etc.

Getting it to work can be a PITA, but is a good integrity check.

Also, while you're waiting for things to run you can contemplate
how MS became the world's largest software company writing crap like this!

 

[Tony_Scarpelli]

This thread has got me thinking that our removal proceedure is far too long currently we

1 Run TFC
2 Full scan SAS
3 Full scan MBAM
4 Hitman Pro
5 Spybot (rerun on all individual user accounts) always finds things albeit low level
6 GMER
7 Avast (rerun until clean scan result)
8 HJT
9 Autoruns
10 Windows Updates
11 Defrag

On rogue type infections i normally remove it manually with autoruns and regedit etc then run SAS and MBAM until the scans come back clean.

I realise this process seems MUCH longer than others listed here and i would welcome constructive criticsm/suggestions. I noticed that no-one has mentioned using an AV. Our process although long seems to give good results but turnaround for virus removal (not rogues etc) is normally 2-3 days which i would like to shorten but still be confident that machines are going out clean. I look forward to hearing your thoughts


kind regards

quinnlaup

May I ask what you charge for all this work? how many computers do you have on your bench at any given time on average?

 

[quinnlaup]

Normally a virus removal would cost $100 dollars (approx) we have space for 19 PC's but normally average 12-14 on the bench at any given time.

kind regards

quinnlaup