What are the steps to efficiently scan & remove viruses & spyware?

[MMAUY]

How do you do this and what are the steps?
I am trying to learn as much as I can.

Are there any common viruses/spyware, that most infected computers get?

What do you do when a infection disguised as a anti virus/anti spyware, keeps popping up and cannot be un-installed? Ive tried spy doctor, ccleaner, hijackthis, AVG,ad-aware but it just does not go away. Im ready to re-format.

 

[gunslinger]

I had this problem a while back with a customers pc. I tried everything you tried and still got the pop up at the lower right telling me that the computer was infected and I needed to install their "special software". This is what I did to get rid of this:

first run spybot s&d in safe mode after thats done:
Be carefull here
Open regedit (start run regedit press enter)
expand the branches untill you are at this location
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdservice
Hilight cmdservice rightclick choose delete in the context menue

If you have trouble deleting a key. Then click once on the key name to highlight it and Rightclick > Permissions.
Then make sure you are Administrator and give yourself Full Control of that key. place a check next to allow full control (if its not there already)
You might need to click advanced and place a check next to [x] inherit from parent the permissions that apply to child objects.
Click Apply then ok untill your back at the suspect service key , right click and delete the key, Close the registry editor when done.

Do the same for this key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService

This fixed it for me.

 

[nonchalant]

For the viruses I'd run Kaspersky. They have a free trial version on their website. For the spyware I'd run Advanced windows care and Windows Defender (both free).

If all that fails I'd format and be done with it. Some of this crap is just impossible to remove and its getting worse.

Or you could try www.aec.cz

 

[Laptop Repair]

For viruses get any of the good antivirus software and for spyware get spyware doctor rest of the work software will do.... so enjoy

 

[SuperStuff]

Rootkit

I use an old version of AVG's Anti-Rootkit to remove a virus like this. They no longer upgrade the Anti-Rootkit software because it is part of the paid versions of AVG. A combination of virus removal tools are needed in one's arsenal to remove them.

 

[greggh]

You can get 99% of them by hand with no scanners. Scanners should not be used as a crutch. They should be used at the end to finish the job by scanning for all the random junk that doesnt matter and getting rid of it.

 

[NYJimbo]

I use an old version of AVG's Anti-Rootkit to remove a virus like this. They no longer upgrade the Anti-Rootkit software because it is part of the paid versions of AVG. A combination of virus removal tools are needed in one's arsenal to remove them.

You use an outdated and no longer updated anti-rootkit program to remove new rootkits ?.

 

[sys-eng]

Wow, I never knew it was that easy!

For viruses get any of the good antivirus software and for spyware get spyware doctor rest of the work software will do.... so enjoy

Finally!! Now I know how those "techs" advertise that they remove viruses and all sorts of infections for $40 or less.

 

[Cambridge PC Support]

strip unnecessary startup items with CCleaner
remove temp files to speed scan process
MalwareBytes AntiMalware
then Spybot S&D
then online Trend HouseCall

 

[Catch]

Since I'm trying to differentiate myself from the big box stores, I rarely wipe and reinstall (unless the person has practically nothing on their computer).

My clients usually are having problems because they not only click on the wrong things, they (1) have no antivirus or let it expire or (2) are having problems because they're running too many AV/malware programs. As part of the cleanup process, I usually have to uninstall a few programs.

I make sure that the hidden files are viewable, then almost always run ccleaner, malwarebytes, and Hijack This. (I usually forget to do this, but I've read that it's good to enable all programs in startup/msconfig.)

Then, depending on what it is, I try fixes specific to the problem (googled):

Two good sites for such fixes are Bleeping Computer and MajorGeeks.

For example, I got the following from Bleeping Computer on how to remove
Windows Police Pro that's worked very well for me:

[unable to post URL!]

Sometimes removal tools, such as Combofix (which I understand is no longer available), are the only things that do the trick--not to mention fix damage to Windows/connectivity problems. (FYI: Combofix can be dangerous, if you're in a hurry . . . )

I finish with an online scan (usually either Bitdefender or Symantec) in safe mode to be sure I got everything, and then toggle system restore to wipe out old restore points that might harbor bugs.

The before I give the computer back, I make sure they have some kind of protection, even if it's only AVG free.

This probably isn't as efficient a system as the other answers, but I rarely get a call back to fix the same problems.

 

[iisjman07]

Phase 1:
I run a quick scan of the system32 directory with DrWeb to cure any infected drivers (******* rootkits) (ETA 5-10 mins)
Use tools on the avast BART cd to:
-Scan for viruses using avast! (ETA XX mins (depends on ammount of files,etc))
-Remove temp files (ETA 1min)
-Remove infected registry autostarts/drivers/services/etc (ETA 1min)

Phase 2:
Next I do manual removal from the host operating system which involves:
-Suspending/killing/removing infected process' with Process Explorer (ETA 1min)
-Run a couple of passes of HiJackThis on the machine removing anything bad (ETA 2 mins)

Phase 3:
Now I run a spyware scanner:
-Quick scan with MalwareBytes or SUPERantispyware if MBAM won't load (ETA 10 mins)

Phase 4:
Restart and make any finishing touches (change IE home page, reset wallpaper, flush system restore, remove registry restrictions, etc) (ETA 5 mins)

I don't always do it in this order, sometimes I skip unnecessary bits out.

What do you do when a infection disguised as a anti virus/anti spyware, keeps popping up and cannot be un-installed? Ive tried spy doctor, ccleaner, hijackthis, AVG,ad-aware but it just does not go away. Im ready to re-format.

These infections are all based on pretty much the same thing, they're mostly variants. Therefore it is difficult for the antivirus vendors to keep up, so it's a good idea to brush up on manual removal. Good programs to use are: Process Explorer (by SysInternals), Autoruns (by SysInternals) and HiJackThis (by Trend Micro), however you'll need to learn how to use them effectively.

 

[layoric]

Remove the drive

I generally remove the offending drive from their system, hook it to my scanning system, then throw many scanners at it. Eliminates MANY problems due to their system, and is much quicker and more efficient.

Layoric

 

[joemessman]

If you remove the drive and hook to another PC and scan ,you still have to hook back to original PC to remove remaining malware when booted into Windows. Some malware has to be running to remove.

 

[iisjman07]

If you remove the drive and hook to another PC and scan ,you still have to hook back to original PC to remove remaining malware when booted into Windows. Some malware has to be running to remove.

True, but usually (if done well) the left over infections will not actually pose much (if any) threat. Things like redundant registry keys pointing to files that don't exist or services that can no longer start without their files. This is usually fixed with a quick scan of the registry

 

[Catch]

Layoric: Never thought to slave drives routinely to scan for viruses. I only do that on my worst cases (and learned the hard way that you have to delete any files in quarantine before you remove the drive).

What do you scan with? (Since you said "many" what are the top 5 or so?)

iisjman07: Sounds lean and mean. I'm going to try your way on an infected computer I'm getting tomorrow.

You said."Good programs to use are: Process Explorer (by SysInternals), Autoruns (by SysInternals) and HiJackThis (by Trend Micro), however you'll need to learn how to use them effectively."

Autoruns is amazing. Very familiar with HJT. Any tips/website to help me learn to use Process Explorer effectively? Found this video:

microsoft.com/emea/spotlight/sessionh.aspx?videoid=359

 

[Catch]

avast BART is $300.00? Holy <expletive deleted>.

 

[onetech4all]

Re:

First of all, have a backup of the hard drive.
Secondly, hook it up externally to your tech laptop or desktop, if you are at your garage/shop/home, scan it with 2-3 antiviruses, some spyware/malware removal software tool (e.g. Malwarebytes, etc).
I found in several cases that this last step eradicates about 70% of "crapware" on the computer, maybe more.

Hook up the hard drive to the computer it came from and do some more scanning for "crapware" on it.

It's not an easy process, time consuming and expensive.

If really bad cases, forget the whole removal, backup the stuff you need and wipe it clean. Before you put your stuff back on it, install an Antivirus first.

 

[lgtechcomputers]

I generally remove the offending drive from their system, hook it to my scanning system, then throw many scanners at it. Eliminates MANY problems due to their system, and is much quicker and more efficient.

Layoric

This is a great way to deal with stubborn infections or systems that are very unstable.

I usually boot in safe mode and run "Malwarebytes Antimalware". However other difficult infections might take several passes.

I cannot post URLs yet but do a search on Elite Killer and look for John's Malware Guide. I have read it several times and sometimes come back to consult. I think it is a great resource.

 

[Cambridge PC Support]

I generally remove the offending drive from their system, hook it to my scanning system, then throw many scanners at it. Eliminates MANY problems due to their system, and is much quicker and more efficient.

Layoric

me too if it's a really slow PC

 

[Cambridge PC Support]

Phase 1:
I run a quick scan of the system32 directory with DrWeb to cure any infected drivers (******* rootkits)

anyone else use this? any good?