Virus Removal Techniques

merkat106

Geek
Member
During my days working as an in-store PC tech at Circuit City, these were techniques I developed for cleaning heavily infected computers.
This is what I did if the client's computer won't boot, freezes during startup, or constantly crashes.
1. Remove hard drive and connect it to a clean, anti-virus protected computer.
a. Run a virus scan on infected drive
b. Physically delete known virus files/folders
c. Run a checkdsk to correct any file system errors, which was done though command prompt> chkdsk /r
2. Reinstall hard drive in client computer
a. Boot computer into safe mode
b. Used CCleaner & MSCONFIG to disable any viruses/malware from starting during boot
c. Run an antispyware program such as AdAware or Spysweeper (run portably through flash drive)
d. Scan for viruses with client's AV program, if present
3. Reboot client computer normally
a. Run CCLeaner to delete temporary files, cookies, etc
b. Defrag client's computer, I used Auslogics Disk Defragmenter (on flash drive)
c. Check for internet connectivity then update client's AV program, if it hadn't already.
d. Scan for viruses with client's AV program to ensure computer is cleaned

And if all failed, or the OS was damaged too much, then we reinstalled/recovered the OS
 
Last edited:

My Computer

System One

  • Manufacturer/Model
    Custom mATX
    CPU
    AMD Athlon X2 5600+ Brisbane 2.9Ghz (dual core)
    Motherboard
    Asus M3N78-VM Green
    Memory
    Kingston 8 GB DDR2 PC-6400
    Graphics card(s)
    PNY NVIDIA GeForce 9400GT 512MB PCIe
    Monitor(s) Displays
    Samsung 22", Samsung 24"
    Hard Drives
    WD RE3 320GB (WD3202ABYS), Samsung SPINPOINT F1 640GB (HD642JJ) External Drives: WD MyBook Essentials 500GB, WD 120GB, an old Maxtor 80GB. Portables: Simpletech 160GB, WD Passport 250GB.
    PSU
    Corsair 620W modular
    Case
    CoolerMaster Elite 341 mATX
    Cooling
    Thermaltake TR2-R1
    Mouse
    Microsoft Laser & Logitech Marble
    Keyboard
    HP Elite Keyboard
    Internet Speed
    Cable
    Other Info
    Printers: HP Photosmart C7280, Oki-Data 3400n, HP Officejet 4300
Awesome ..
 

My Computer

System One

  • Manufacturer/Model
    Compaq
    CPU
    intel core 2 duo T 5550 @ 1.83 MHz
    Motherboard
    intel 965 chipset family
    Memory
    2 GB DDR 2 SD RAM @ 667 MHz
    Graphics card(s)
    On board upto 358 MB RAM
    Sound Card
    Onboard
    Monitor(s) Displays
    15"
    Hard Drives
    160 GB WDC
During my days working as an in-store PC tech at Circuit City, these were techniques I developed for cleaning heavily infected computers.
This is what I did if the client's computer won't boot, freezes during startup, or constantly crashes.
1. Remove hard drive and connect it to a clean, anti-virus protected computer.
a. Run a virus scan on infected drive
b. Physically delete known virus files/folders
c. Run a checkdsk to correct any file system errors, which was done though command prompt> chkdsk /r
2. Reinstall hard drive in client computer
a. Boot computer into safe mode
b. Used CCleaner & MSCONFIG to disable any viruses/malware from starting during boot
c. Run an antispyware program such as AdAware or Spysweeper (run portably through flash drive)
d. Scan for viruses with client's AV program, if present
3. Reboot client computer normally
a. Run CCLeaner to delete temporary files, cookies, etc
b. Defrag client's computer, I used Auslogics Disk Defragmenter (on flash drive)
c. Check for internet connectivity then update client's AV program, if it hadn't already.
d. Scan for viruses with client's AV program to ensure computer is cleaned

And if all failed, or the OS was damaged too much, then we reinstalled/recovered the OS

No system File integrity checks from within the RE enviroment?
sfc /scannow

There is a free diagnostic tool for Windows (sysInspector). its color coded, [green good/red bad]. Do not use HJT in x64 Windows as it is not compatable, and will result is "missing" file errors.

For antivirus/antispyware, I would use a 3-star certified product (most have free trials). Most "client" software is ineffective (i.e., that is why they are infected with malware. [Trend Micro/CyberDefender/Vipre/AVG for example]) Polymorphic malware usually requires a specialty scanner/cleaner like Malwarebytes once it is able to establish a foothold.
both spysweeper and ad-aware offer standard scanning and cleaning at best. I would Use Defender and NOD32 4 which is a 3-star Advanced++ in both Hueristic and On-Demand scanning, and is able to utilize a bootable recovery disk for cleaning, and set Defender to notify about running programs that make system changes as this will allow you to block the change, and prevent the program from running.
Using a reg cleaner on a system is not the best of ideas in dealing with malware, as most Malware will just re-install itself. Most reg cleaners/Optimizers cannot distinguish between legitimate and unwanted programs, and more often than not will cause Windows/program corruption necessitating a Windows re-install, but out of all, CCleaner will probably be the safer bet-as long as you know the function of the entries it wants to "clean', and use oversight. Deleting/blocking cookies, and deleting temp files can be done through the Control Panel setting.
 
Last edited:

My Computer

System One

  • CPU
    T7600G Core2Duo 2.66 Ghz
    Motherboard
    Intel 945PM + ICH7 Chipset
    Memory
    4GB DDR2 PC2-5300 667MHz
    Graphics card(s)
    Mobility Radeon x1900 256MB
    Sound Card
    Realtek HD
    Monitor(s) Displays
    WUXGA 17"
    Screen Resolution
    1920X1200
    Hard Drives
    640GB 7200RPM SATA/RAID 0 (2x320GB) and 320GB 7200RPM External
    Mouse
    Wireless Microsoft 3000
    Internet Speed
    10 mbps/2 mbps
    Other Info
    Optical Drive: Panasonic UJ-220 DL BD-RE (Blu-Ray)
During my days working as an in-store PC tech at Circuit City, these were techniques I developed for cleaning heavily infected computers.
This is what I did if the client's computer won't boot, freezes during startup, or constantly crashes.
1. Remove hard drive and connect it to a clean, anti-virus protected computer.
a. Run a virus scan on infected drive
b. Physically delete known virus files/folders
c. Run a checkdsk to correct any file system errors, which was done though command prompt> chkdsk /r
2. Reinstall hard drive in client computer
a. Boot computer into safe mode
b. Used CCleaner & MSCONFIG to disable any viruses/malware from starting during boot
c. Run an antispyware program such as AdAware or Spysweeper (run portably through flash drive)
d. Scan for viruses with client's AV program, if present
3. Reboot client computer normally
a. Run CCLeaner to delete temporary files, cookies, etc
b. Defrag client's computer, I used Auslogics Disk Defragmenter (on flash drive)
c. Check for internet connectivity then update client's AV program, if it hadn't already.
d. Scan for viruses with client's AV program to ensure computer is cleaned

And if all failed, or the OS was damaged too much, then we reinstalled/recovered the OS

---where I bought this laptop, they sold me a 'reset-cd' also, and said that IT would reset my computer to its factory-new format 'if' I ever got a virus or whenever i just felt like resetting my pc to new again---so,is this not the easiest route for me, or anyone else?---
thank you for any info
peace
 

My Computer

System One

  • Manufacturer/Model
    eMachines D620 (laptop)
    CPU
    AMD Athlon Processor 2650e 1.60GHz
    Motherboard
    ACPI x86-based PC
    Memory
    (RAM) 1.00GB
    Graphics card(s)
    Internal DAC (400MHz) - memory: 382 MB
    Sound Card
    Realtek High Def Audio
    Monitor(s) Displays
    ATI Radeon X1250 - 14"
    Screen Resolution
    1280 x 800 (60Hz)
    Hard Drives
    ST9160310AS ATA Device
    Case
    Stealth~graphite
    Mouse
    Synaptics PS/2 Port Touchpad + Microsoft Optical Mouse 500
    Keyboard
    Launch Manager Version 2.0.02
    Internet Speed
    Cable/wireless-router
    Other Info
    NO WEBCAM - (privacy)
Hey Merkat106,
You should talk to Brink or dmex or any system administrator about writing a tutorial about this. I love the post, very helpful and interesting..
Just shoot them a quick email and ask them. I would love to see this in there. It would be very helpful....

Let me know,
Ben

During my days working as an in-store PC tech at Circuit City, these were techniques I developed for cleaning heavily infected computers.
This is what I did if the client's computer won't boot, freezes during startup, or constantly crashes.
1. Remove hard drive and connect it to a clean, anti-virus protected computer.
a. Run a virus scan on infected drive
b. Physically delete known virus files/folders
c. Run a checkdsk to correct any file system errors, which was done though command prompt> chkdsk /r
2. Reinstall hard drive in client computer
a. Boot computer into safe mode
b. Used CCleaner & MSCONFIG to disable any viruses/malware from starting during boot
c. Run an antispyware program such as AdAware or Spysweeper (run portably through flash drive)
d. Scan for viruses with client's AV program, if present
3. Reboot client computer normally
a. Run CCLeaner to delete temporary files, cookies, etc
b. Defrag client's computer, I used Auslogics Disk Defragmenter (on flash drive)
c. Check for internet connectivity then update client's AV program, if it hadn't already.
d. Scan for viruses with client's AV program to ensure computer is cleaned

And if all failed, or the OS was damaged too much, then we reinstalled/recovered the OS
 

My Computer

System One

  • Manufacturer/Model
    Dell
    CPU
    Intel(R) Celeron(R) CPU 420 @1.60 GHz
    Motherboard
    Dell Inspion 530 Default
    Memory
    PNY 4GB 240-Pin SDRAM DDR2 800 (PC2 6400) Dual Channel
    Graphics card(s)
    ATI Radeon HD 2400 PRO
    Sound Card
    Realtek HD Audio
    Monitor(s) Displays
    Gateway PnP Monitor
    Screen Resolution
    1024x768 @ 75 Hz
    Hard Drives
    Seagate 250G ATA SATA-II
    Case
    Dell Inspiron 530
    Cooling
    None
    Mouse
    Logitech EX100 Combo
    Keyboard
    Logitech EX100 Combo
    Internet Speed
    100 MB/s
Back
Top