Virus Removal Remotely vs In Shop

[gazza]

I think you would always be able to a better job with any virus removal in the shop as compared to doing it remotely.

I say this because the biggest problem with remote work is that you need to be connected to the internet and that allows the malware that you are trying to get rid of the opportunity to call for reinforcements.

Yes, you can disable most of them with process explorer but disconnecting the computer from the internet and then doing your removal is really the surest way of getting rid of malware.

I do perform malware removal remotely but generally speaking they are the ransomware/fake antivirus type, and most of them, not all, but most them can be removed without being onsite or in the workshop.

The secret to doing remote virus removal in a timely fashion will be depend on the clients broadband connection speed but you can make the process quicker if you have a checklist of things you need to do.

I only ever run Malwarebytes in quick scan mode but in short bursts, stop and remove what it finds and then do the same again, I don't want to have the computer sitting there for 1-2 hours scanning, connected to the internet and give the malware any opportunity of phoning home for it's cousins.

Before any remote work I read a disclaimer to the customer, or if they have a working internet I direct them to download my support tool and they have to read and accept the disclaimer to proceed with the remote support.

 

[coffee]

I think you would always be able to a better job with any virus removal in the shop as compared to doing it remotely.

I say this because the biggest problem with remote work is that you need to be connected to the internet and that allows the malware that you are trying to get rid of the opportunity to call for reinforcements.

Yes, you can disable most of them with process explorer but disconnecting the computer from the internet and then doing your removal is really the surest way of getting rid of malware.

I do perform malware removal remotely but generally speaking they are the ransomware/fake antivirus type, and most of them, not all, but most them can be removed without being onsite or in the workshop.

The secret to doing remote virus removal in a timely fashion will be depend on the clients broadband connection speed but you can make the process quicker if you have a checklist of things you need to do.

I only ever run Malwarebytes in quick scan mode but in short bursts, stop and remove what it finds and then do the same again, I don't want to have the computer sitting there for 1-2 hours scanning, connected to the internet and give the malware any opportunity of phoning home for it's cousins.

Before any remote work I read a disclaimer to the customer, or if they have a working internet I direct them to download my support tool and they have to read and accept the disclaimer to proceed with the remote support.

I agree with about all you said. Im using kaspersky boot disk on a system right now to see whats up. I dont like using kas in the field because it does take longer to scan. However, It does a great job.

Unfortunately, Alot of my work is suppose to be in the field. But I have to say I do take alot of systems back to the shop to clean them up. Ive learned to take a look at the partitions on the disk. If there is a hidden one then its probably going to the shop for removal. Otherwise I run a full malwarebytes scan in the home. There are also times I will use TDDSkiller and then start a scan.

The one thing I hate is when a customer has money invested into virus protection and they are running norton or mcaffee. Its a pain. I prefer avast for customers. I think its alot better. Sometimes I will tell them to get rid of norton or mcaffee and put on avast free version for them.

have a great night.

 

[ZenTree]

The one thing I hate is when a customer has money invested into virus protection and they are running norton or mcaffee. Its a pain. I prefer avast for customers. I think its alot better. Sometimes I will tell them to get rid of norton or mcaffee and put on avast free version for them.

have a great night.

I agree that norton especially can be a pain but if you're doing work on a system that has gotten a virus with a paid solution, surely it is better to advise on a better paid for solution. They are going to get better protection, feel more protected and also you get to make some money as well.

I only recommend free solutions when the computer is not able to run a more comprehensive antivirus and/or the customer just cannot afford to buy an AV solution.

 

[callthatgirl]

We have a high success rate with removing viruses remotely, if we can get in the computer. If we can't, we still talk them through a few things to get connected, if that works, we are ok. If not, they bring into our shops.

 

[YeOldeStonecat]

Like stated by many other techs here....."Can be done".

All the time? no, not always...sometimes you come across a good one that you have to clean "on your bench" with an offline disk.

And many times...you can get it cleaned up remotely just fine.
Sure...you can always feel better about your work being more complete if you have the machine on your bench for a day or two...since you can throw many different tools against it.

But sometimes....you're faced with a "Gotta fix it remotely...like it or not..there is no other choice!"

 

[Long Time Tech]

I have removed viruses remotely on many occasions. I have also removed viruses on site many times. I prefer to take the computer to the shop and fix it there. I always tell my customers that this is better to have a good cleanup and it takes a minimum of one day for anything thorough. Some people do not want the full service they want it fixed fast and that is all that they care about. So I do what it takes to get them back up and running so they can work make sure a good anti virus is installed and reports to virus after a quick scan and tell them to run the full malwarebytes over night

 

[TechLady]

I agree that norton especially can be a pain but if you're doing work on a system that has gotten a virus with a paid solution, surely it is better to advise on a better paid for solution.

The thing is, I am finding that Avast's free version actually does a better job all the way around. People have a hard time with the idea that something free works better than something paid, but in my experience with antivirus this is exactly the case. That said, I don't feel bad about steering them to Avast's paid version if that's what they want. But I absolutely do not recommend solutions like Norton or McAfee. I hate telling them this when they've spent good money on them (and they hate hearing it), but I'd rather tell them the truth--somebody has to.

As for remote virus removal, I use remote service more for maintenance or easy spyware removal. If it looks like the infection is serious, yeah, I would rather have it in my shop.

 

[MikeLierman]

2-3 days for a virus infection? 24 hours for a full scan? I'm sorry... are you guys from the past?!

My turn around time for even nasty infections is usually 24 hours or less. 48 hours max. I've never had a MalwareBytes full scan on a 750gb hard drive to take more than 4 hours. Most other scans take less than this. I don't use safe mode to run scans. The following procedure works just as well.

First when client books in computer I start it up. Plug in my USB and use EndItAll (vb script that kills all processes except system and services). I don't put up with customer's weather bug and crap coming up. This kills a lot of viruses and malware processes that are not tdss or rootkit based.

Then I run msconfig and disable everything. Then I run kaspersky tdss. If rootkit found, stop what I'm doing remove and reboot. At this point pc should be coming up w/ clean startup. I run ccleaner to empty out all viruses from temp folders. If tdss rootkit then check partition table. Correct if needed with live CD. Then run hitman. Then MBAM and SAS. I might even run eset online scan and trend micro house call. Remove everything found and document. At this point I usually reboot machine again.

I then run combofix to finalize everything, clean up anything left over. Then I will run SAS and MBAM again and make sure everything is clean.

During scans I start them all at once and leave it running. I have multiple computers on the bench so I can multitask or let run while I work on something else. Onsite is similar. May not run as many scans. I may run combofix first and then couple scans and ask the customer if there is anything they want while I'm waiting.

 

[technibbling]

I pretty much do as the previous poster does.

 

[Cambridge PC Support]

The thing is, I am finding that Avast's free version actually does a better job all the way around. People have a hard time with the idea that something free works better than something paid, but in my experience with antivirus this is exactly the case. That said, I don't feel bad about steering them to Avast's paid version if that's what they want. But I absolutely do not recommend solutions like Norton or McAfee. I hate telling them this when they've spent good money on them (and they hate hearing it), but I'd rather tell them the truth--somebody has to.

+1, but no-one wants the paid one here, not that I push it on them

I usually tell them that they've already paid out for their x months subscription so it's a sunk cost. I'm always very happy to be removing Norton/McAfee from a system.

 

[gscomputerguy]

Probably 80% of my business is doing virus removals and system tune-up's. I don't do virus removals remotely. They are only done in-house. I have a 5 business day turn-around time for all my work unless parts need to be ordered or I discover something odd that I talk to the customer about. With that said, using only one virus removal tool in my opinion does not cut it. I usually run a minimum of 3 different scanners in "Safe-Mode" using a full scann not quick and, also boot up with a linux based disk like Kaspersky Rescue Disk or something similar. I always use Autoruns and Rkill to end rogue processes and don't forget to turn off system restore or you will be re-infected at reboot.

_______________________
gscomputerguy
Gold Star Computers
"Your One-Stop Computer Shop"

 

[Parkwaytech]

5 business day turn around?! My customers would shoot me. I try to keep it to next day for in shop work. Obviously sometimes you get backed up, but I can't think of a time, except for when we were waiting for parts, that a customer had to wait five business days.

Viruses, except for heavy infections, can be removed remotely and usually within about an hour or two. If the computer is in the shop, I'll run a few extra scans, but I've got it pretty much down to a science now.

 

[Xander]

5 days is crazy long. Wow. I officially offer 2 business days but tell them I can usually do it in 1.

If I'm doing it remotely, they have to give me full access to it for several hours and I disable their input while I do it. I can almost always get rid of the main bad guy in a half hour or less (for the fake AVs, often <5 mins) but I throw several scans at it so that I can warranty it.
If someone is in a bum's rush and "must" have it done in less than an hour, that's fine but don't expect any guarantees.

 

[NYJimbo]

I hope you mean "less than 5 business days". I really can't imagine hanging onto a machine that long. I do some heavy A/V scanning after breaking the back of the active viruses but still it doesn't take 24 hours. I even update all windows patches and system drivers as part of it and its still less than 24 hours.

 

[PCX]

I guess it all really depends on your work load and process. For us, our general wait time for repairs not requiring parts to be ordered is 2 to 4 business days. Of those 2 to 4 days, one of them is used for a full diagnostics. In most cases when it comes to virus removals, tune-ups, reinstalls and HDD replacements, we can have the repairs done in 2 to 3, but we have been so slammed lately that we tell the customer 2 to 4. Personally, we rarely ever have a customer that had an issue with our wait time. If they did, we offer them (and charge them for) expedited services, but that's pretty rare.

 

[Xander]

... and don't forget to turn off system restore or you will be re-infected at reboot.

Missed this on first read.

System Restore doesn't work the way you seem to think it does.

Infected files that are in the SR directories don't run on startup. You want to flush SR to prevent *restoring* those files, not because they will be run on startup.

 

[FoolishTech]

I'm surprised at the 5 day reaction. At my last shop we had 3-4 day usually, sometimes more 3-5 or 4-5, (always a 1-2 day priority service billed @ 50% more/hr.) but those were our quotes, we usually did better than that. I prefer to quote high and set the customer's expectations just in case, then try to deliver before your time is up to make happy customers.

But actually, when I first started there the turnaround was 7-11 days, yes business days (though at the time that was 6 days a week) with 4 full time bench only techs not counting onsite. They averaged 40 systems in line waiting to be worked on at all times. It appeared to be a mad house. This was a college town and we were a block from the college so we got a lot of business. My processes got it down to 3-4 day turnaround and we were able to cut the fat and drop 2 bench techs to boot. Meanwhile our competition was still quoting 7-12 days standard.

BUT, aside from tooting my own horn, when you've got a lot of systems waiting to be worked on and more coming in the door, you quote high. Then you cherry pick the easy ones and get them out the door within a day or so and let the jobs you know are going to take a while wait in line or run run a days diagnostics. And in all reality many times those systems end up being there the whole time, but at least you quoted for it.

Point being, someone with a 5 day turnaround didn't tell you how much business they had. He probably has a market that supports it, and competition with a similar turnaround time.

If your turnaround time is like a day or two, maybe you run an incredibly efficient ship, but likely you don't have the right amount of business and maybe are paying too many techs for the workload you have (and just wait until business slows down so you're paying them to sit around and do nothing.) It's tough to balance tech power vs. business flow, but you have to plan for hard times. In the college town this was a MUST, because during the summer yes we did have a 1-2 business day turnaround because we weren't at a saturation point any longer with our incoming business, and had too many bench techs - but we had few enough that we could still pay them well during the slow months.

 

[PCX]

I'm surprised at the 5 day reaction. At my last shop we had 3-4 day usually, sometimes more 3-5 or 4-5, (always a 1-2 day priority service billed @ 50% more/hr.) but those were our quotes, we usually did better than that. I prefer to quote high and set the customer's expectations just in case, then try to deliver before your time is up to make happy customers.

But actually, when I first started there the turnaround was 7-11 days, yes business days (though at the time that was 6 days a week) with 4 full time bench only techs not counting onsite. They averaged 40 systems in line waiting to be worked on at all times. It appeared to be a mad house. This was a college town and we were a block from the college so we got a lot of business. My processes got it down to 3-4 day turnaround and we were able to cut the fat and drop 2 bench techs to boot. Meanwhile our competition was still quoting 7-12 days standard.

BUT, aside from tooting my own horn, when you've got a lot of systems waiting to be worked on and more coming in the door, you quote high. Then you cherry pick the easy ones and get them out the door within a day or so and let the jobs you know are going to take a while wait in line or run run a days diagnostics. And in all reality many times those systems end up being there the whole time, but at least you quoted for it.

Point being, someone with a 5 day turnaround didn't tell you how much business they had. He probably has a market that supports it, and competition with a similar turnaround time.

If your turnaround time is like a day or two, maybe you run an incredibly efficient ship, but likely you don't have the right amount of business and maybe are paying too many techs for the workload you have (and just wait until business slows down so you're paying them to sit around and do nothing.) It's tough to balance tech power vs. business flow, but you have to plan for hard times. In the college town this was a MUST, because during the summer yes we did have a 1-2 business day turnaround because we weren't at a saturation point any longer with our incoming business, and had too many bench techs - but we had few enough that we could still pay them well during the slow months.

I completely agree. This is why I do not understand how shops can consistently offer same day or next day turn around times unless

a. they are cutting corners

or

b. they have little to no business and usually for a good reason

We have a pretty good and streamlined process (even with our full diagnostics) but we are so slammed that we have no choice but to tell customers that it could take up to 4 days for many repairs that do not require parts to be ordered.

 

[AlaDes]

I guess one of the reasons I tend to take so long is because I want to be so thorough with a cleaning. Also, I have started doing a full day of diagnostics as PCX says he does just because it makes perfect sense. The time it takes to do a thorough hardware diagnostics is so much worth it, even if the customer does get a little upset. I have ran into a couple of systems where I ended up losing money because I went ahead and started the cleaning process just to find out that the reason I was having so much trouble with it was because of a bad hard drive. As a matter of fact, the hard drive is the first internal component I check anymore.

As others have stated on here, the longest part of the cleaning process is performing the scans. I have been thinking about temporarily adding memory to all the systems that come in for virus removals as a means of speeding up the process substantially. A lack of memory is usually the reason most of my scans take so long, even after putting a system in safe mode or disabling everything using msconfig.

 

[PCX]

As others have stated on here, the longest part of the cleaning process is performing the scans. I have been thinking about temporarily adding memory to all the systems that come in for virus removals as a means of speeding up the process substantially. A lack of memory is usually the reason most of my scans take so long, even after putting a system in safe mode or disabling everything using msconfig.

Been doing that for years, just make sure that you put a sticky note or something on the computer noting that you increased the memory. Nothing sucks more than unintentionally giving your customer expensive memory for free.