Posted 15 September 2009 - 09:34 PM
Hey guys!! I have been a long time visitor to these forums, but just recently became a member. I manage a computer repair store, and I handle the majority of the repair as well. We get many computers in for repair (average 10 computers a day), and most of that is spyware related. We have changed our methods quite a few times over the last few years, and have done a decent job of cleaning out the infection in a timely matter. Currently, it takes roughly 1.5-2 days to repair a virus/spyware infection. However, with the changes in the malware infections becoming more and more complex, I wonder if our current method is the best.
That's where I need your input. Here is our current method of cleanup on Windows XP:
1. Pull the customer's hard drive and slave into lab computer. Run AVG Anti-Virus scan, followed by Norton Anti-Virus scan.
2. Return hard drive to customer's computer. Boot Safe Mode.
3. Install, update, and run Malwarebytes' Anti-Malware Scan. (Reboot to remove threats as necessary, returning straight to Safe Mode)
3.1 If program will not run, boot Normal Mode and run AVG AntiRootkit, removing any rootkits. Reboot in Safe Mode and continue.
4. Install, update, and run Spybot - Search & Destroy (Immunize user account)
5. Install, update, and run Spyware Doctor Starter Edition
6. Run HijackThis
7. Run SDFix, allowing system to reboot into Normal Mode
8. Install, update, and run ComboFix (installing Recovery Console)
9. Clear all System Restore points.
10. System File Checker (sfc /purgecache, followed by sfc /scannow)
11. Install, update, and run CCleaner (deleting Temp Files, and Registry Cleaner until no items appear)
13. Address any errors, or any issues not fixed by the above.
14. Update Flash, Java, and Shockwave.
15. Perform Windows Updates, including any service packs.
On Windows Vista, we skip SDFix. If there are multiple admin accounts, we run 3,4,5, and 6 on each account.
Using this method, we are able to clean up multiple customer computers in 1.5-2 business days. We have thus far avoided any programs that require Normal Mode to install and run, due to the fact that we can't always get into Normal Mode.
So there it is. If there is anything that anyone else is doing, I definitely appreciate any advice. When replying, please bear in mind that these methods have been chosen because they address the majority of concerns - it maximizes time efficiency for our high volume.
Thanks in advance!!