Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

High Volume System Cleanups


  • Please log in to reply
4 replies to this topic

#1 Grazopper

Grazopper

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 15 September 2009 - 09:34 PM

Hey guys!! I have been a long time visitor to these forums, but just recently became a member. I manage a computer repair store, and I handle the majority of the repair as well. We get many computers in for repair (average 10 computers a day), and most of that is spyware related. We have changed our methods quite a few times over the last few years, and have done a decent job of cleaning out the infection in a timely matter. Currently, it takes roughly 1.5-2 days to repair a virus/spyware infection. However, with the changes in the malware infections becoming more and more complex, I wonder if our current method is the best.

That's where I need your input. Here is our current method of cleanup on Windows XP:

1. Pull the customer's hard drive and slave into lab computer. Run AVG Anti-Virus scan, followed by Norton Anti-Virus scan.
2. Return hard drive to customer's computer. Boot Safe Mode.
3. Install, update, and run Malwarebytes' Anti-Malware Scan. (Reboot to remove threats as necessary, returning straight to Safe Mode)
3.1 If program will not run, boot Normal Mode and run AVG AntiRootkit, removing any rootkits. Reboot in Safe Mode and continue.
4. Install, update, and run Spybot - Search & Destroy (Immunize user account)
5. Install, update, and run Spyware Doctor Starter Edition
6. Run HijackThis
7. Run SDFix, allowing system to reboot into Normal Mode
8. Install, update, and run ComboFix (installing Recovery Console)
9. Clear all System Restore points.
10. System File Checker (sfc /purgecache, followed by sfc /scannow)
11. Install, update, and run CCleaner (deleting Temp Files, and Registry Cleaner until no items appear)
12. Reboot.
13. Address any errors, or any issues not fixed by the above.
14. Update Flash, Java, and Shockwave.
15. Perform Windows Updates, including any service packs.


On Windows Vista, we skip SDFix. If there are multiple admin accounts, we run 3,4,5, and 6 on each account.

Using this method, we are able to clean up multiple customer computers in 1.5-2 business days. We have thus far avoided any programs that require Normal Mode to install and run, due to the fact that we can't always get into Normal Mode.

So there it is. If there is anything that anyone else is doing, I definitely appreciate any advice. When replying, please bear in mind that these methods have been chosen because they address the majority of concerns - it maximizes time efficiency for our high volume.

Thanks in advance!!

BC AdBot (Login to Remove)

 


#2 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:38 AM

Posted 16 September 2009 - 12:06 AM

Install, update, and run Malwarebytes' Anti-Malware Scan. (Reboot to remove threats as necessary, returning straight to Safe Mode)


This jumped out at me. I have always been told that when using Malwarebytes, it should be run in regular windows, not safe mode, and then the computer should be rebooted into regular windows, not safe mode, after running it to let it finish up removing things

#3 Grazopper

Grazopper
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 16 September 2009 - 06:06 AM

I have seen that as well. The reason that our scans are usually run in Safe Mode is because you can't always get the program to install and/or update in Normal Mode. Running in Safe Mode doesn't necessarily remove everything in the initial scan, but it does allow the program to run and update almost every time.

#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:01:38 PM

Posted 16 September 2009 - 10:41 AM

You won't even touch the new rootkit out there
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 Grazopper

Grazopper
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 18 September 2009 - 09:48 PM

You are absolutely right about the rootkit. There are actually quite a few that are not detected with these steps. If we encounter any issue with installing or running any of these steps, we boot the computer into Normal Mode. We primarily use AVG Anti-Rootkit (a little outdated, but still sufficient in most cases), Panda Anti-Rootkit, Blacklight, and/or GMER. If we are unable to remove rootkit, we do a clean install of Windows.

Do you have any suggestions that may be more effective against the newer rootkits??




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users