• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Dedicated virus scanning computer

K

Korial

n00b
Joined
Oct 7, 2009
Messages
4
Hi,

I work for a smallish computer repair business (5 Techs) and we are looking to upgrade our scanning computers to something a bit more powerful(eg. Athlon X4 620 based). The way we've been using the systems in the past were for getting rid of the main culprits in virus laden computers so that more direct fixes can be applied, data transfers, cloning drives, in addition to the usual researching and browsing HardOCP.

What I would like to know is how other people in similar lines of work use their computers to get the most out of them.

Also, is there a good anti virus that is capable of running simultaneous virus scans on multiple hard drives? I'd like to be able to maximize the amount of drives it can handle at once so we don't have 5 computers being tied up with minimal jobs.

Any help would be appreciated.

Thanks,
Kevin
 
Why not have a series of SATA hot swappable chassis'? I would think that any virus scanner would be able to be configured to scan all local drives.
 
boss99 said:
Why not have a series of SATA hot swappable chassis'? I would think that any virus scanner would be able to be configured to scan all local drives.
Click to expand...

The problem with this is that most of the scanners we've tried don't do simultaneous scans, but instead queue them so when one drive is finished scanning, it goes onto the next.
 
We have a bench rig...utilizing different connection types/adapters. We yank the drives from the clients PCs..connect them using whatever interface we feel like at the time....fastest is just using a free SATA connection from the motherboard or a hanging free IDE cable. Also can use USB adapters for PATA/SATA/2.5" laptop drives.

You don't want to scan more than 1 drive at once, you'll bog down things and the net result will be more time spent scanning than if you did them individually.

We also scan them with a bunch of different products...not at once, but one at a time. You don't want different products running scans in real time at the same time, best results..1 at a time.

If you need to speed up your ...assembly line, or...scanning line....since you're a repair shop you would have plenty of old parts around to build a few more rigs to run scans on...have a couple of different bench scanning rigs if you have //that many PCs coming through per day.
 
Why not virtualize the scanning machines, so one host machine has... something like 4 VM's running. Then just map a connected drive to the VM and scan.

The VM's could be slimmed down - all they need to do is run the A/V software, so they have a small memory footprint.
 
We have a similar setup to YeOldStonecat. We have 2 bitch machines in the office that we use for our clients HDs we need to pull out of the boxes.

Typically we don't even run scanners on the bench machines with the HDs, occasionally run a full scan using MalwareBytes, most of the time we manually go through the HDs in the hot spots that most virus and spyware like the hide and delete them from there... I feel you kind of waste time running the scans on the bench machines. I like to get the infected computers to the point they can install MalwareBytes or run ComboFix on their own.

Machine setups are both older P4 whiteboxes with an additional dual channel IDE and dual channel SATA. The machines double as Imaging computers using Acronis and Paragon to take backups of upgrades and format jobs which write to a separate NAS server we have for storage.
 
Do you not do the removal on an OS-level basis? To be honest, I have never found slaving the drive to another computer and doing the removal that way to be as effective as just doing it on the host computer itself. For one, it ties up your bench machine (I work at a place quite similar to yours from what it sounds like.) and another, I've found it won't remove alot of the registry items. A very difficult removal, testing all the hardware, blowing out, Windows Updates, and general cleanup can only take me ~3ish hours if it's a relatively new machine and it's nice and clean afterwards. With a KVM, you can do 4 (or more) at once. I suppose if you can't get it to boot into Safe Mode or Windows, but then you should fix that problem. Could be an infected ATAPI or userinit file. I really enjoy virus removals, especially the tough ones where you are digging around for hours finding the problem. Once you do lots of them, you can quickly sit down at a machine and remember from that past how you fixed the same problem. It helps develop onsite removal skills. Just my 2 cents ;).
 
With every tool I've used for removal (super, malwarebytes, combofix, mse, etc) running an external scan or slave scan almost never removes everything. I only use it when the computer can't run or boot into safe mode.
Posted via [H] Mobile Device
 
/usr/home said:
Do you not do the removal on an OS-level basis? To be honest, I have never found slaving the drive to another computer and doing the removal that way to be as effective as just doing it on the host computer itself. For one, it ties up your bench machine (I work at a place quite similar to yours from what it sounds like.) and another, I've found it won't remove alot of the registry items..
Click to expand...

After years of doing many of these, myself and others generally feel the opposite....antivirus scanners are able to remove more because the AV program is running from a health OS, and it's reading a slave drive outside of open files, so it's able to more thoroughly disinfect files. Once a few programs have swept through the slaved drive, the drive goes back into the clients machine and the scans are run again, as it'll get the registry this time.

"Ties up bench machine"..well, that's what our scanning bench machine is for.

Since the scans are running from a health machine, we can go leave and do other things...tackle other jobs, since obviously you don't want to stand their picking your nose watching scan progress bars....go out and bill other things. Multi task. Come back a few hours later and kick off another scan, wash, rinse, repeat.
 
YeOldeStonecat said:
After years of doing many of these, myself and others generally feel the opposite....antivirus scanners are able to remove more because the AV program is running from a health OS, and it's reading a slave drive outside of open files, so it's able to more thoroughly disinfect files. Once a few programs have swept through the slaved drive, the drive goes back into the clients machine and the scans are run again, as it'll get the registry this time.

"Ties up bench machine"..well, that's what our scanning bench machine is for.

Since the scans are running from a health machine, we can go leave and do other things...tackle other jobs, since obviously you don't want to stand their picking your nose watching scan progress bars....go out and bill other things. Multi task. Come back a few hours later and kick off another scan, wash, rinse, repeat.
Click to expand...
This.
 
YeOldeStonecat said:
After years of doing many of these, myself and others generally feel the opposite....antivirus scanners are able to remove more because the AV program is running from a health OS, and it's reading a slave drive outside of open files, so it's able to more thoroughly disinfect files. Once a few programs have swept through the slaved drive, the drive goes back into the clients machine and the scans are run again, as it'll get the registry this time.

"Ties up bench machine"..well, that's what our scanning bench machine is for.

Since the scans are running from a health machine, we can go leave and do other things...tackle other jobs, since obviously you don't want to stand their picking your nose watching scan progress bars....go out and bill other things. Multi task. Come back a few hours later and kick off another scan, wash, rinse, repeat.
Click to expand...

Agreed. Nothing like having malware take out a scanner in the last 10% of the scan either, rendering the time it took totally wasted.
 
YeOldeStonecat said:
After years of doing many of these, myself and others generally feel the opposite....antivirus scanners are able to remove more because the AV program is running from a health OS, and it's reading a slave drive outside of open files, so it's able to more thoroughly disinfect files. Once a few programs have swept through the slaved drive, the drive goes back into the clients machine and the scans are run again, as it'll get the registry this time.

"Ties up bench machine"..well, that's what our scanning bench machine is for.

Since the scans are running from a health machine, we can go leave and do other things...tackle other jobs, since obviously you don't want to stand their picking your nose watching scan progress bars....go out and bill other things. Multi task. Come back a few hours later and kick off another scan, wash, rinse, repeat.
Click to expand...

This is exactly what I do, too. The machine may be on the bench for 3-4 hours, but I only touched it for probably 15-20 minutes total.
 
Thanks for all the input guys.

Stonecat has our reasoning right on. But with the large amount of computers hosed by those damn "Rogue Anti-malware", even with multitasking we'll end up with several computers at a point where there is nothing to do on them besides wait for an available scanner.

The hope was to find a solution by splurging on up to date hardware and software (anything better than our ancient P4 2.0-2.6s on XP) that may allow us to get the job done quicker using fewer computers (and thus more room and time to fix customer's PCs) and get us onto other broken pieces of shite.

Now if only we could get our customers to throw out better parts than their P3s and we would be set with more and better computers to work with ourselves.

Thanks again.
 
Another option is to boot to something like the Trinity Rescue Kit and scan from there.
 
I use the same setup as YeOldeStonecat sorta..
I have 2 monitors looked up to 2 4 port KVM's with Network's and also have 2 Copy/Ghost Boxes one on each side of my bench. Some of the times i hook the customer pc's up and scan away at them with all the goodies. Sometimes i have to remove HD's and scan them in my copy boxes. These boxes are loaded with tool's and every time on connection you can think of. We scan the HD in one of those with all the goods as well. Usually this cleans them without any problems. Then we install some free A/V Programs on the PC, do windows updates and set it on its way.
I am having all sorts of fun with Internet Security 2010 right now, some of the PC's wont let me do anything. I have to pull the HD or run a live disk. Scan it, then repair windows, then updates. Its a real pain the butt.
 
You must log in or register to reply here.
Back
Top