Jump to content
Sign in to follow this  
Grazopper

High Volume System Cleanups

Recommended Posts

Hey guys!! I have been a long time visitor to these forums, but just recently became a member. I manage a computer repair store, and I handle the majority of the repair as well. We get many computers in for repair (average 10 computers a day), and most of that is spyware related. We have changed our methods quite a few times over the last few years, and have done a decent job of cleaning out the infection in a timely matter. Currently, it takes roughly 1.5-2 days to repair a virus/spyware infection. However, with the changes in the malware infections becoming more and more complex, I wonder if our current method is the best.

That's where I need your input. Here is our current method of cleanup on Windows XP:

1. Pull the customer's hard drive and slave into lab computer. Run AVG Anti-Virus scan, followed by Norton Anti-Virus scan.

2. Return hard drive to customer's computer. Boot Safe Mode.

3. Install, update, and run Malwarebytes' Anti-Malware Scan. (Reboot to remove threats as necessary, returning straight to Safe Mode)

3.1 If program will not run, boot Normal Mode and run AVG AntiRootkit, removing any rootkits. Reboot in Safe Mode and continue.

4. Install, update, and run Spybot - Search & Destroy (Immunize user account)

5. Install, update, and run Spyware Doctor Starter Edition

6. Run HijackThis

7. Run SDFix, allowing system to reboot into Normal Mode

8. Install, update, and run ComboFix (installing Recovery Console)

9. Clear all System Restore points.

10. System File Checker (sfc /purgecache, followed by sfc /scannow)

11. Install, update, and run CCleaner (deleting Temp Files, and Registry Cleaner until no items appear)

12. Reboot.

13. Address any errors, or any issues not fixed by the above.

14. Update Flash, Java, and Shockwave.

15. Perform Windows Updates, including any service packs.

On Windows Vista, we skip SDFix. If there are multiple admin accounts, we run 3,4,5, and 6 on each account.

Using this method, we are able to clean up multiple customer computers in 1.5-2 business days. We have thus far avoided any programs that require Normal Mode to install and run, due to the fact that we can't always get into Normal Mode.

So there it is. If there is anything that anyone else is doing, I definitely appreciate any advice. When replying, please bear in mind that these methods have been chosen because they address the majority of concerns - it maximizes time efficiency for our high volume.

Thanks in advance!!

Share this post


Link to post
Share on other sites

On machines that have an optical drive, you could save a lot of time by having your cleanup tools on a bootable CD - instead of pulling the hard drive/slaving it to a lab computer, just put in the disc, boot it up, and run scans.

Check out The Ultimate Boot CD 4 Windows. It's Bart's PE preconfigured with a lot of AV, antispyware, cleanup, diagnostic, and recovery tools. Several that you already use are included by default.

Share this post


Link to post
Share on other sites

I forgot, you can also put UBCD4Win on a USB stick, so you can use it on machines that don't have a CD/DVD drive.

Also, I'd use GMER instead of AVG Anti-Rootkit; Rootkit Unhooker is also quite effective.

I tried Spyware Doctor Starter Edition for a while, I wasn't impressed with it - kind of a pig, and way too many false positives.

Share this post


Link to post
Share on other sites

UBCD 4 Windows is one of my staple CDs (as well as UBCD, ERD Commander, Knoppix, and others). There are two advantages to pulling the hard drives and scanning on one of our lab machines (we have 6 dedicated for this):

1. Scanning speed --> Some computers are VERY slow, so updating and scanning locally can take considerably longer.

2. Time --> We can pull hard drives out of computers waiting in line to be worked on and scan in advance.

I do appreciate the suggestion though. It is one that we have definitely considered.

I thank you for your response greenknight, but I am very surprised I haven't gotten more feedback. Where is everyone?? ;)

Share this post


Link to post
Share on other sites

I'm surprised that you've gotten no other replies myself. Maybe all the techs are swamped with work.

The developer of UBCD4Win has a discussion of this subject on his blog you might want to check out: http://www.bendburrows.com/?p=317

One other point: I don't think AVG Antivirus is the best choice, either. I used it for years, but no longer do - it's slow, and not the most effective in tests I've viewed. In AV-Comparatives last on-demand test, G Data was best, with Avira extremely close - but many were better than AVG.

Share this post


Link to post
Share on other sites

I thank you for your response greenknight, but I am very surprised I haven't gotten more feedback. Where is everyone?? ;)

I'm surprised that you've gotten no other replies myself. Maybe all the techs are swamped with work.

Right first time. Monday started at 7am, finished at 10pm and from then on it just got worse.

The standard Lunarsoft instructions are on the Wiki: PC Cleanup

I'm surprised by the number of programs being used in this case. Does every single one of them find something each time?

If Windows won't run I would probably do a repair install, rather than use SFC. If you use /purgecache and /scannnow, you're going to need an install CD or image anyway.

I would remove all the old Java's, using JavaRa, before installing the latest Java.

And I would make sure Adobe Reader is up-to-date too.

.

Share this post


Link to post
Share on other sites

Run AVG Anti-Virus scan, followed by Norton Anti-Virus scan.

I was wondering about your choice of AV's. AVG is bloated since they added LinkScanner and Norton has become so slow that checking the files by hand would be almost as fast as running the program.

Why don't you use avast plus Kaspersky or NOD32?

Share this post


Link to post
Share on other sites

Maybe you should stop managing a computer store, if you run Norton Antivirus.

Norton Anti-Virus is the pre-installed bul***** for whitebox oem computers shipped to Joe Sixpack.

Nobody would knows anything about computers, would touch Norton because it sucks.

Norton - When the cure is worse than the disease.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×