Step 5: clear viruses and spyware from customers' computers

Step 5: clear viruses and spyware from customers' computers

Author: Erik Eckel
Translation: endurer, 2nd

Tags: infection, virus, anti-spyware, spyware, advertising software & malware, network threats, security, viruses and worms, Erik Eckel

 

IT consultants must regularly clean up stubborn, often regenerated, and eroded spyware and viruses on customers' computers. Erik Eckel shared his preferred strategy for quickly restoring the system to stable operation.

 

Customers make spyware and virus infection workstations, PCs and laptops inevitable. No matter from gateway protection to automatic scanning, as well as the preparation of preventive measures for Internet usage policies, malicious software threats may even be secretly defended through a layered defense system.

 

To make the situation worse, many customers are reluctant to spend money on independent anti-spyware, although they understand that they need minimal anti-virus protection. This is a good example. I call it irrational. Customers who do not invest in preventive measures can also prove more easily that once their systems or networks are under a corrupt attack, it is justified to pay 3 or 4 times the cost for infection prevention.

Some IT experts advocate simply erasing the system and re-installing windows, while others suggest giving up and winning the bad guys. The truth lies in the difference between the two.

The following attempts and the correct methods often repair systems, including serious damage. I have sent the system back to running like a regular college student, even if there are 1,200 Trojans, viruses, and worms on the computer, hitting my workbench. In other cases, I need to reinstall the operating system for a single, sinister and malicious system. The trick is to know which method will take effect as soon as possible when you encounter a client computer that may be infected.

This is the most effective steps I have found to clear viruses and spyware. After copying the drive image (there is always the best way back when fighting against malicious infections), follow these steps:

1. Isolate the drive

Many rootkit and Trojan Horse threats are good at hiding them from the operating system as soon as possible or before Windows starts. I found that even the best anti-virus and anti-spyware tools-including AVG AntiVirus pro, malwarebytes's anti-malware, and SUPERAntiSpyware-are sometimes struggling to eliminate this stubborn infection.
You need a dedicated system to clear it. Take the hard disk out of the annoying system, place it as a dedicated test machine, and run a variety of anti-virus and spyware to scan the entire slave disk.

2. Clear temporary files

When the drive is still from the disk, browse all users' temporary files, which are usually in Windows xp c: /Documents and Settings/user name/Local Settings/TEMP directory or Windows Vista C:/users/user name/APP data/local/Temp folder.
Delete the items in the Temporary Folder. The threats hidden here will try to be reborn when the system starts. It is easier to delete these hateful files by taking advantage of the drive or the drive.

3. Install the drive back and scan again

Run a complete anti-virus software scan and run two comprehensive anti-virus software scans (delete all detected infections) with two popular, recently upgraded, and different anti-virus applications) then, install the hard disk back to the system. Then, perform the same scan again.
Despite scanning and previous cleanup, you may still be amazed at the number of residual active infections that the anti-malware application subsequently finds and removes. Only by performing these additional local scans can you determine that you have found and deleted known threats as much as possible.

4. Test System

After completing the above three steps, you may want to determine that the system can work well without making mistakes. Start it, open the web browser, and immediately delete all offline files and cookies.
Next, go to the IE connection option (Tool | Internet option and select the connection tab) to confirm that the malicious program does not change the default proxy server or LAN connection settings of the system. Correct your problems and make sure these settings match your network or customer network.
Then, we randomly access 12-15 websites. Find any signs of exceptions, including clear pop-up windows, redirection network searches, hijacked webpages, and similar faults. Do not worry, clean up the machine until you can open Google, Yahoo, and other search engines, and the search has completed a half-dozen terms. Be sure to test the system's ability to access popular anti-malware websites, such as AVG, Symantec, and malwarebytes.

5. Dig out deep residual infections

If there is still any residual infection, such as the search being redirected or access to a specific website being blocked, try to identify the file name of the active process that causes trouble. Trend Micro's hijackthis, Microsoft's process explorer, Windows's built-in Microsoft System Configuration Utility (START | run, input msconfig) is an excellent tool to help find hateful processes.
If necessary, search for and delete all entries in the registry that are related to hateful executable files. Restart the system and try again.
If the system is still damaged or unusable, you should consider re-installing it. If the infection persists after all these steps, you may be defeated.
What are your methods? Some IT consultants prefer different strategies from those listed above; however, I have not found other processes that can do better in quickly stabilizing system responses.
Some IT consultants are convinced of the tricks. I have studied knoppix as an alternative. In addition, I have performed several practical operations. I used an infected windows drive as a drive to access an Apple laptop from a drive to delete especially stubborn files on a Windows Drive.
Other technical staff suggest using tools such as reimage, but even when I asked this tool to identify the regular Nic, I was in trouble. Without the NIC, the Automatic Repair Tool could not work.
Do you have any suggestions on removing viruses and spyware from customers' computers? You are welcome to make comments for the discussion.

 

Http://blogs.techrepublic.com.com/project-management? P = 714 & tag = NL. e101

Five Step process for removing viruses and spyware from client machines

Author: Erik Eckel

Category: consulting

IT consultants must regularly remove stubborn, often regenerative and corrupting spyware and viruses from client machines. Erik Eckel shares his preferred strategy for quickly returning systems to stable operation.

It's inevitable that clients will infect workstations, PCs, and laptops with spyware and viruses. regardless of preventive steps, from gateway protection to automatic scans to written Internet use protocols ies, malware threats sneak through even layered defenses.

What makes the situation worse is that your clients aren't willing to invest in standalone AntiSpyware software, even though they understand the need for minimal antivirus protection. this is a perfect example of what I call reactive rationality. clients who won't invest in preventive measures find it easier to justify paying three or even four times the cost of prevention to remediate infections once a debilitating disruption strikes their systems or network.

Some it extends sionals advocate simply wiping systems and reinstalling windows, while others suggest that's akin to giving up and lethers the bad guys win. The truth lies somewhere in.

Endurer Note: 1. akin to: similar (similar to, same family)

Following tried-and-true methods frequently repairs even heavily damaged systems. I 've returned systems to college students that ran as well as they did out of the box, even though some 1,200 lively Trojans, viruses, and worms were active on the machine when it hit my workbench. in other cases, systems with a single sinister and nefarious infection required me to reinstall the operating system. the trick is to discover which method is called for as quickly a possible when encountering an infected client PC.

Endurer Note: 1. Out of the box: "out of box" is used to describe an uncertain event. It is often used as an adverbs to describe the uncertainty of a certain viewpoint. It is said that this term is related to the idea of a famous mathematical riddle answered by British mathematician Henry enster Dunnell in the early 20th century. The question requires four straight lines to connect the nine points in the Three-multiplication and three-distribution on the plane, and a link is required, that is, the pen cannot leave the paper when drawing a line. The key to solving this mathematical problem is to overcome the traditional idea of drawing points within the three multiplication and three boundary. If the line is connected beyond the boundary, the problem can be solved, in this way, the word "out of box" is generated. Correspondingly, this situation is called "boxed-in ". In the IT field, the pace changes rapidly, so everyone is looking for an out of Box way of thinking and trying to innovate.

Joyce, a netizen, suggested that it should be handled according to their existing specifications or programs.
"Out of the box" is also used as a synonym for "off the shelf," meaning a ready-made software, hardware, or combination package that meets a need that wowould otherwise require a special development effort."

Here are the virus and spyware steps I find most valid tive. after making an image copy of the drive (it's always best to have a fallback option when battling malicious infections), these are the steps I follow:

1. Isolate the drive

Using rootkit and Trojan threats are masters of disguise that hide from the operating system as soon as or before Windows starts. I find that even the best antivirus and antispyware tools-including AVG Anti-Virus professional, malwarebytes anti-malware, and SUPERAntiSpyware-sometimes struggle to remove such entrenched infections.

Endurer Note: 1. Master of: proficient (control, Master )... People

You need systems dedicated to removal. Pull the hard disk from the offending system, slave it to the dedicated test machine, and run multiple virus and spyware scans against the entire slaved drive.

2. Remove temporary files

While the drive is still slaved, browse to all users 'temporary files. these are typically found within the C:/Documents and Settings/username/Local Settings/TEMP directory within Windows XP or the C: /users/username/APP data/local/Temp folder within Windows Vista.

Delete everything within the Temporary folders; then threats hide there seeking to regenerate upon system startup. With the drive still slaved, it's much easier to eliminate these offending files.

Endurer Note: 1. Seek to: pursuit, strive for

3. Return drive and repeat scans

Once you run a complete antivirus scan and execute two full AntiSpyware scans using two current, recently updated and different AntiSpyware applications (removing all found infections), return the hard disk to the system. then, run the same scans again.

Despite the scans and previous sanitization, you may be surprised at the number of remaining active infections the antimalware applications subsequently find and remove. only by using Ming these additional native scans can you be sure you 've done what you can to locate and remove known threats.

4. test the system

Once you finish the previous three steps, it's tempting to think a system is good to go but don't make that mistake. boot it up, open the web browser, and immediately delete all offline files and cookies.

Endurer Note: 1. It is tempting to: people may think about it.

Next, go to the Internet Explorer connection settings (tools | Internet Options and select the Connections tab within Internet Explorer) to confirm that a malicious program didn't change a system's default proxy or LAN connection settings. correct any issues you find and ensure settings match those required on your network or the client's network.

Then, visit 12-15 random sites. look for any anomalies, including the obvious pop-up windows, redirected Web searches, hijacked home pages, and similar frustrations. don't consider the machine cleaned until you can open Google, Yahoo, and other search engines and complete searches on a string of a half-dozen terms. be sure to test the system's ability to reach popular antimalware web sites such as AVG, Symantec, and malwarebytes.

5. Dig deeper on remaining infections

If any infection remnants remain, such as redirected searches or blocked access to specific web sites, try determining the filename for the active process causing the trouble. trend Micro's hijackthis, Microsoft's process explorer, and Windows 'native Microsoft System Configuration Utility (START | run and type msconfig) are excellent utilities for helping locate offending processes.

If necessary, search the registry for entries for an offending executable and remove all incidents. Then reboot the system and try again.

If a system still proves fail upt or unusable, it's time to begin thinking about a reinstall. If an infection proves persistent after all these steps, you're likely in a losing battle.

What's your method? Some IT consultants prefer a different strategy from what I outline above; however, I haven't found another process that works better at quickly returning systems to stable operation.

Some IT consultants swear by fancier tricks. I 've investigated knoppix as one alternative. and I 've had a few occasions where, in the field, I 've slaved infected Windows drives to my MacIntosh laptop in order to delete a boot disk.

Endurer Note: 1. Swear by: Swear by (extremely reliable); OK
2. In the field: field (in the field, in the battlefield, in the battle, in the competition)

Other technicians recommend leveraging such tools as reimage, although I 've experienced difficulty getting the utility to even recognize common conditions, without which the Automatic Repair Tool cannot work.

What methods do you recommend for removing viruses and spyware from clients 'machines? Join the discussion by posting a comment.