Virus Removal Remotely vs In Shop

AlaDes

AlaDes

Active Member
Reaction score
35
Location
White Sulphur Springs, WV
I'd love to get into doing remote support more so than I am now but when it comes to viruses and tune-ups I just can't for the life of me see how a quality job can be done in such a short period of time.
For those of you more experienced than I am, do you do things differently during a remote call versus doing it in house?
Maybe I'm just trying to be too thorough during my in house virus removals because it usually takes me 1-3 days to thoroughly clean an infected system. Granted, I don't actually spend that much time on a machine but some of the scans I do can take as long as 24 hours because I use full scans versus quick scans. In my experience, the quick scans miss allot of stuff that full scans catch. Do you guys just perform the quick scans remotely and inform the customer they need to perform a full scan later?
 
Normally when I get a house call it takes on average about an hour to scan and remove a virus infection. I really have never had to take over 2 hours. I scan with malwarebytes in safe mode and then also empty the browser caches. At times they will have some rootkit work to do but rkill will most of time stop the rootkit so I can go about removing that too.

As for the remote support I do a bit of that but not for viruses. I see those comercials on tv about the remote virus repair and I think they are all ripoffs. They just want to sell you some long term plan that is major bucks.

I really dont see how you can do a good virus scan from remote. I prefer to be hands-on-site and do it right the first time.
 
coffee said:
I really dont see how you can do a good virus scan from remote. I prefer to be hands-on-site and do it right the first time.
Click to expand...

Although I agree with you on this, I feel it can be done to a degree, which is why I asked the question. However, you may be able to help me just as much as someone who performs remote removals because you are able to do it within 2 hours, which is my target. Is there a difference in the way you do a house call versus an in shop removal? I guess what I am getting to is...am I just being way to thorough by wanting to get everything?

iisjman07 said:
Lisa - Call That Girl is the one you want to be talking to; she's the resident export on remote work

Actually, I was hoping to get her attention lol. Have even though about paying her to perform a remote session for me to get some tips lol.
Idea: Lisa could offer one remote virus removal session with the purchase of her awesome book (which I've already purchased), as a training tool (would cost more) ;)
Click to expand...
 
Last edited:
coffee said:
Normally when I get a house call it takes on average about an hour to scan and remove a virus infection. I really have never had to take over 2 hours. I scan with malwarebytes in safe mode and then also empty the browser caches. At times they will have some rootkit work to do but rkill will most of time stop the rootkit so I can go about removing that too.

As for the remote support I do a bit of that but not for viruses. I see those comercials on tv about the remote virus repair and I think they are all ripoffs. They just want to sell you some long term plan that is major bucks.

I really dont see how you can do a good virus scan from remote. I prefer to be hands-on-site and do it right the first time.
Click to expand...

MBAM misses tons of stuff, even on the full scan which takes 2 hours on a lot of machines. Its good and I use it, but if there was any one virus scanner + empty cache that fixed viruses, we'd be in trouble. A lot of viruses also require sfc scans or manually replacing system/driver files.

Then there's the random virus that throws you a loop, and even after spending hours, you end up having to reinstall the OS. I'd love to see the look on a clients face if that happened on site. (before you start flaming we do somewhere in the neighborhood of 50-60 virus removals a month and n&p maybe one... there's some ugly ones out there)

Unless I have a very insistent business client that wants to waste a couple hundred, every virus removal comes in to the shop.
 
compnet said:
MBAM misses tons of stuff, even on the full scan which takes 2 hours on a lot of machines. Its good and I use it, but if there was any one virus scanner + empty cache that fixed viruses, we'd be in trouble. A lot of viruses also require sfc scans or manually replacing system/driver files.

Then there's the random virus that throws you a loop, and even after spending hours, you end up having to reinstall the OS. I'd love to see the look on a clients face if that happened on site. (before you start flaming we do somewhere in the neighborhood of 50-60 virus removals a month and n&p maybe one... there's some ugly ones out there)

Unless I have a very insistent business client that wants to waste a couple hundred, every virus removal comes in to the shop.
Click to expand...

You sound about as thorough as I am. After running everything in the D7 arsenal I still perform a full system scan of MSE, which will usually pick up things the quick scan missed. Just out of curiosity, once you start a virus removal, on average, how long from start to finish does it take you? I end up spending a couple of days on each one sometimes because I make sure all updates will install properly after cleaning the system.
 
No offense to anyone who does virus removals remotely but I would personally GUARANTEE you are missing somethings...... we run a variety of programs, mostly linux based to remove most viruses, and a lot of scripts.

viruses are benched and are a 3-5day turnaround, usually only 2 or 3, but up to 5 business days.
 
Most of the work I do is remote support. And I removed tons of viruses/malware without a problem remotely. Cleaning a malware from a computer is not much different than having the computer in front of me. There are some cases which make it difficult but talking the customer over the phone helps in those situations. I can do a malware job in under 2 hours all depending how fast the internet connection is, how fast the computer is on the other end and how bad the malware is. Of course MBR viruses are impossible to clean remotely and also when they don't have a Internet connection. In most cases I can figure that out quickly. I also guarantee my work for 30 days and I recheck with all my customers too. Some remote malware jobs I have rechecked physically and have found that I've done a through job. I might be willing to do a remote job for you and you can watch.
 
SprinterTech-WI said:
viruses are benched and are a 3-5day turnaround, usually only 2 or 3, but up to 5 business days.
Click to expand...

This is about the same turn around i have in my shop and it makes me feel better already because it means I'm not as slow as I thought I was lol. However, due to my driving job I do have to do them remotely during my breaks or my co-driver is driving.
 
SprinterTech-WI said:
No offense to anyone who does virus removals remotely but I would personally GUARANTEE you are missing somethings...... we run a variety of programs, mostly linux based to remove most viruses, and a lot of scripts.

viruses are benched and are a 3-5day turnaround, usually only 2 or 3, but up to 5 business days.
Click to expand...

Agree 100%. I'm finding that remote assistance (at the residential level) has particularly specific users. On-going maintenance, fixing odd issues related to printing or configuring software issues, and so on. I think by doing virus/malware removal remotely you're doing a disservice to the customer.

My turn-around time is exactly the same. The end of day 1 is my cut-off time for making a decision whether or not to clean the machine vs. reformat. A bunch of fluid factors involved in that decision; how badly is the machine infected, how quickly does the customer want the PC back, does the customer want any of their data saved, do they have the original install discs/product keys for existing software, etc. I make the diagnosis, give the customer the assessment and the option of what to do, and after day 1, or in the AM of day 2 I give them that call and refine the re-delivery date.

I would not feel comfortable cleaning a virus-infected PC remotely, and don't offer that service.
 
I use a 1-2-3 combo of Combofix (safe mode w/networking), Hitman Pro (sm w/net), and MBAM (normal).

I find that process takes out any infection, including rootkits, Zeroaccess, etc. Scan times combined are 2-5 hours depending on computer speed, hard drive fragmentation, and number of infections.

My problem is that Combofix seems to always kill the remote connection. No matter what I try, what method of remote connection I use, CF loves to kill my remote connection, and usually right BEFORE asking me to click "yes" for something.

So right now I don't do remote virus removal because I'd have to eliminate CF as a tool, and CF is a big part of my removal process.
 
I do remote virus removals regularly. It really depends on how quickly you catch many of the viruses (malware, actually). Unless the Internet connection is messed up or the system won't boot, it is not only possible but easy. Obviously there are those where you have to go onsite or bring it in. We do work mostly with businesses, but I remember even when residential was most of our work that it was fairly easy. And since then, I've gotten much better at virus removals.

As for the time, I try to be as efficient as possible. While I will test new methods all the time, most of the viruses I encounter are removed within an hour. If it takes over 3 hours, I'll just nuke and pave unless the client can't have that happen, for some reason.

Honestly, I can't imagine spending several days on virus removal. It isn't cost effective for me or the client (even if it is being worked on at my shop). I know you aren't sitting there actively working on it the entire time, but that still seems insanely long to me. If the virus is that embedded, you are usually going to run into problems later.

And yes, before you ask, my one hour and under virus removals have not come back (and I am talking a couple of years after the fact). It is all about having the right tools, fine tuning your process, and knowing how the symptoms indicate the type of malware infection. And for remote, I use the same tools I do in the shop or onsite.
 
jdpetrov said:
I use a 1-2-3 combo of Combofix (safe mode w/networking), Hitman Pro (sm w/net), and MBAM (normal).

I find that process takes out any infection, including rootkits, Zeroaccess, etc. Scan times combined are 2-5 hours depending on computer speed, hard drive fragmentation, and number of infections.

My problem is that Combofix seems to always kill the remote connection. No matter what I try, what method of remote connection I use, CF loves to kill my remote connection, and usually right BEFORE asking me to click "yes" for something.

So right now I don't do remote virus removal because I'd have to eliminate CF as a tool, and CF is a big part of my removal process.
Click to expand...

CF does kill the connection everytime, but you can have the customer give you a call in 30- 45 mins. and have the customer assist with getting reconnected.
 
Normally I can get things done by running a scan with malwarebytes. This usually takes about an hour to accomplish and sometimes 1.5 hours depending on the computer speed and data. Most all my customers are residential. There are some times that I run into major problems where the customer has let it go too long and now the system is really foobar'ed. Then it goes right into the shop where I can take a closer look at things and get them straightened out.

I would have to say right now Im running about 1 out of 3 goes into the shop.

After working with virus removal for sometime you get a feeling for what is actually wrong with the system. Whether its a simple virus removal or some big rootkit problem that has been going on for some time. But there are other factors like if the system needs a good deep cleaning also then I will just do it all in the shop and bring it back out to the customer. It all depends.

coffee
 
AlaDes said:
For those of you more experienced than I am, do you do things differently during a remote call versus doing it in house?{/QUOTE]

I do a lot of remote and there is no shortcut for scanning. After you have remove the virus you need to make sure it's completely clean by doing a full scan. Otherwise your taking a chance.

For remote, I will either disconnect or just let it run. I'm using Remotezilla and I can have as many session as I want. The most I have is 4 or 5 sessions.

For onsite, I normally do two full scan. Sometime, I work it, around my lunch time. And other times, I will run the second scan and leave. I will then follow up with remote support to make sure.

Worst case scenario, take the system to your shop.
Click to expand...
 
Scanners don't and won't catch everything.

You really need to learn how to use AutoRuns and ProcessExplorer and for that matter D7's malware scan.

There is no reason not to have a 24hr turn around for a virus removal.

And learning how to manually remove viruses makes doing so remotely a fairly simple task.


-End of Rant-
 
compnet said:
Oh snap... yahoo just took half your remote virus removal business...

http://news.yahoo.com/blogs/upgrade-your-life/computer-virus-remove-195435755.html
Click to expand...

Less than 30sec in safe mode with networking so it will load ONLY the basic files windows needs to run and NOT the virus!

This women should be fired, does she not know that driver files are one of the most common infections. It's because of videos like this one that we all still have jobs. If you could get by with what was explained in that video we'd all be out of business. Google != Qualified, your nephew != Computer Technician, your 4yo should not be playing with your brand new $1200 laptop (taken from another thread, lol).

I wonder how some people make it by in life, -+ Rant off +-
 
Just got one today where you get the normal desktop icons all missing and the taskbar. But even the mouse doesnt work. So, I booted linux and mechanically it runs fine. Took it to the shop because I wanted to study this thing closer and clean it out. Its pretty dirty.

I should start carrying my vac with me. I know.


coffee
 
You must log in or register to reply here.

Similar threads

HCHTech
Brute Force vs. scripting
Replies
12
Views
2K
YeOldeStonecat
YeOldeStonecat
Appletax
[TIP] Manually Resize Recovery Partition in Win 10 so Updates Do Not Fail
Replies
5
Views
581
Appletax
Appletax
britechguy
Beware when setting up a fresh copy of Windows 11
Replies
3
Views
681
britechguy
britechguy
britechguy
Is it any wonder that we have these problems with laptop lids/hinges?!!!
2
Replies
24
Views
1K
Philippe
Philippe
HCHTech
CoPilot & ChatGPT in my business
Replies
4
Views
499
Sky-Knight
Sky-Knight
Back
Top