Vista Forums - View Single Post

**rive0108** · 05-13-2009

Quote: Originally Posted by merkat106

During my days working as an in-store PC tech at Circuit City, these were techniques I developed for cleaning heavily infected computers.
This is what I did if the client's computer won't boot, freezes during startup, or constantly crashes.
1. Remove hard drive and connect it to a clean, anti-virus protected computer.
a. Run a virus scan on infected drive
b. Physically delete known virus files/folders
c. Run a checkdsk to correct any file system errors, which was done though command prompt> chkdsk /r
2. Reinstall hard drive in client computer
a. Boot computer into safe mode
b. Used CCleaner & MSCONFIG to disable any viruses/malware from starting during boot
c. Run an antispyware program such as AdAware or Spysweeper (run portably through flash drive)
d. Scan for viruses with client's AV program, if present
3. Reboot client computer normally
a. Run CCLeaner to delete temporary files, cookies, etc
b. Defrag client's computer, I used Auslogics Disk Defragmenter (on flash drive)
c. Check for internet connectivity then update client's AV program, if it hadn't already.
d. Scan for viruses with client's AV program to ensure computer is cleaned

And if all failed, or the OS was damaged too much, then we reinstalled/recovered the OS

No system File integrity checks from within the RE enviroment?
sfc /scannow

There is a free diagnostic tool for Windows (sysInspector). its color coded, [green good/red bad]. Do not use HJT in x64 Windows as it is not compatable, and will result is "missing" file errors.

For antivirus/antispyware, I would use a 3-star certified product (most have free trials). Most "client" software is ineffective (i.e., that is why they are infected with malware. [Trend Micro/CyberDefender/Vipre/AVG for example]) Polymorphic malware usually requires a specialty scanner/cleaner like Malwarebytes once it is able to establish a foothold.
both spysweeper and ad-aware offer standard scanning and cleaning at best. I would Use Defender and NOD32 4 which is a 3-star Advanced++ in both Hueristic and On-Demand scanning, and is able to utilize a bootable recovery disk for cleaning, and set Defender to notify about running programs that make system changes as this will allow you to block the change, and prevent the program from running.
Using a reg cleaner on a system is not the best of ideas in dealing with malware, as most Malware will just re-install itself. Most reg cleaners/Optimizers cannot distinguish between legitimate and unwanted programs, and more often than not will cause Windows/program corruption necessitating a Windows re-install, but out of all, CCleaner will probably be the safer bet-as long as you know the function of the entries it wants to "clean', and use oversight. Deleting/blocking cookies, and deleting temp files can be done through the Control Panel setting.

05-13-2009	#3 (permalink)
rive0108 Vista Ultimate X64 SP2 2,073 posts	Re: Virus Removal Techniques Quote: Originally Posted by merkat106 During my days working as an in-store PC tech at Circuit City, these were techniques I developed for cleaning heavily infected computers. This is what I did if the client's computer won't boot, freezes during startup, or constantly crashes. 1. Remove hard drive and connect it to a clean, anti-virus protected computer. a. Run a virus scan on infected drive b. Physically delete known virus files/folders c. Run a checkdsk to correct any file system errors, which was done though command prompt> chkdsk /r 2. Reinstall hard drive in client computer a. Boot computer into safe mode b. Used CCleaner & MSCONFIG to disable any viruses/malware from starting during boot c. Run an antispyware program such as AdAware or Spysweeper (run portably through flash drive) d. Scan for viruses with client's AV program, if present 3. Reboot client computer normally a. Run CCLeaner to delete temporary files, cookies, etc b. Defrag client's computer, I used Auslogics Disk Defragmenter (on flash drive) c. Check for internet connectivity then update client's AV program, if it hadn't already. d. Scan for viruses with client's AV program to ensure computer is cleaned And if all failed, or the OS was damaged too much, then we reinstalled/recovered the OS No system File integrity checks from within the RE enviroment? sfc /scannow There is a free diagnostic tool for Windows (sysInspector). its color coded, [green good/red bad]. Do not use HJT in x64 Windows as it is not compatable, and will result is "missing" file errors. For antivirus/antispyware, I would use a 3-star certified product (most have free trials). Most "client" software is ineffective (i.e., that is why they are infected with malware. [Trend Micro/CyberDefender/Vipre/AVG for example]) Polymorphic malware usually requires a specialty scanner/cleaner like Malwarebytes once it is able to establish a foothold. both spysweeper and ad-aware offer standard scanning and cleaning at best. I would Use Defender and NOD32 4 which is a 3-star Advanced++ in both Hueristic and On-Demand scanning, and is able to utilize a bootable recovery disk for cleaning, and set Defender to notify about running programs that make system changes as this will allow you to block the change, and prevent the program from running. Using a reg cleaner on a system is not the best of ideas in dealing with malware, as most Malware will just re-install itself. Most reg cleaners/Optimizers cannot distinguish between legitimate and unwanted programs, and more often than not will cause Windows/program corruption necessitating a Windows re-install, but out of all, CCleaner will probably be the safer bet-as long as you know the function of the entries it wants to "clean', and use oversight. Deleting/blocking cookies, and deleting temp files can be done through the Control Panel setting. Last edited by rive0108; 05-13-2009 at 04:08 PM..
My System Specs