Going to maintenance/remove viruses from friends comp. Best practices?

S

Shadowprice

2[H]4U
Joined
Jun 7, 2005
Messages
2,084
I know this seems basic and straight forward, but I'm going to be taking a HP Pavilion desktop tower back home and fix it up. It's my friend and his wife's computer, it seems like its all virus'd up with asking for random virus scans and showing all these errors and stuff, plus they're saying performance is really slow and YouTube performance seems to be crawling.

I guess I've never fixed a friends before so I don't want to seem like a total amateur in front of them and cover all my bases here.

I'm sure its loaded up with viruses and what not. Below in my sig is my first build I've done so I'm still learning best practices. I fix my parents computers all the time, but I'm just wondering how I should go about speeding up the comp. I was thinking running MSE / Malware bytes, maybe CCleaner and Spybot S&D. Also was going to take off the side door and blow any dust out, defrag the hard drive, uninstalling un-used programs, using msconfig and disabling certain programs from starting up. Anything else I should do for increasing performance?

They're also thinking of adding a second HDD in the HP pavilion for storage. I'm sure this can be done? It's a AMD A8 system I think, and runs Windows 8.1. I'm sure its a standard SATA connection.

BTW, it runs Windows 8.1.
 
All of those are good ideas. Microsoft's free one (MSE) is good, maybe also download another free one to just to scan with at least once.

You should consider running a scan of the HDD from another OS (not booting to that HDD), try a thumb drive OS bootup and scan.

Another great tool is ComboFix. It can scan for and remove some rootkits.

Glary Utilities is another popular option as is Advanced System Care but I don't really use these, if I do I uninstall them the second they are done running lol can't hurt anyway.

As for storage, as long as the drive has power and a connection and a place to mount it there's no reason you can't add another drive...
 
I'd pull the hard drive and attach it to another PC and scan it with Malwarebytes. Plug it back in and boot up, disable system restore (to clear out old, infected restore points) and do a disk cleanup or CCLEANER. Then install MB and sweep it again while it's running (MB uses both signatures and behavioral scanning).
 
There's a very well-written sticky on this topic in the Networking and Security forum, and walks you through the steps and utilities.
 
8.1 and its already buggered up?
This person could become a steady income ;)
 
You can use for malware:
- MBAM Free
- Hitman Pro Free.
- Panda cloud cleaner.
- Emsisoft Emergency Kit.

They should be enough to detect and destroy anything.

P.S.: Spybot is obsolete nowdays.
 
kaspersky has an awesome free bootable disc that'll nuke most everything, be sure to run a few other things too though, I'd suggest yumi + a flash drive and just load up several of the bootable a/v's
 
I would NEVER EVER hook up an infected drive to a different computer to do a scan. VERY VERY bad idea.

The best thing I have found to do an initial cleanup is to download Dr. Web CureIT (the free version). It is updated at least once a day.

http://www.freedrweb.com/cureit/?lng=en

Put it on a thumb drive, then run it on the infected computer. There is nothing to install and the executable is randomly named AND the processes it starts are randomly named, so pretty much no malware can block or shut it down.

After the scan and cleanup it should be ok to hook up to the network.

Once hooked up to the network, download Malwarebytes, update, and run a full scan of all attached drives. (You can leave this one on the computer as the free version doesn't run anything in the background on bootup.

http://www.malwarebytes.org/

After that is done cleaning stuff up, download SuperAntiSpyware, update, and do a full scan of all attached drives. You can leave this on there as long as you disable it from running when Windows starts.

http://superantispyware.com/

After that, download and install Spybot S&D, update, and do a scan as well as run the immunization. Uninstall this unless you plan on disabling the horrible "protection" it tries to do which ends up just making the user agree to every single registry change.

http://www.safer-networking.org/

Then update MSE and do a full system scan.

Format your USB stick to make sure nothing spread to it.

You should be pretty good to go after this. Some registry stuff and other settings may still be screwed up. After cleanup, it may be better to just back up their data and do a clean install of Windows to make sure everything is working properly.

It is NOT a good idea to just backup their data without first doing the scans as it is highly probable that infected and/or malicious files are hidden in the files you would normally be backing up.
 
Faethon said:
You can use for malware:
- MBAM Free
- Hitman Pro Free.
- Panda cloud cleaner.
- Emsisoft Emergency Kit.

They should be enough to detect and destroy anything.

P.S.: Spybot is obsolete nowdays.
Click to expand...

Spybot S&D is not really obsolete. It will still find stuff, and the immunization is a must have IMO. It at least blocks a huge number of known bad sites.

It was not updated for quite a while, but that changed a while back and I have used it multiple times since then.
 
cyclone3d said:
I would NEVER EVER hook up an infected drive to a different computer to do a scan. VERY VERY bad idea.
Click to expand...
I've never had an infection jump between computers. But I'm not going to disagree with you that it's not a great idea, you need to be very careful.

Most malware that I've ever encountered is stuff that's buried in a users appdata folder. You can usually clean it manually if the system doesn't boot, but sometimes the computers are so slow you don't have a choice but to do a boot disc or scan the drive on another computer.
 
Offline scanner should be the first place to start. If you're not sure what you're doing you could damage Windows and leave it un-bootable. A lot of viruses can replace system files which can cause issues if they are deleted during the cleanup process.
 
Malware are stealthy these days. Safer to scan and backup data files then wipe the hard drive clean of anything undetected and lurking with fresh install of OS and apps from reputable source. To prevent future infections follow best practices such as not having local admin rights as default, use OpenDNS, avoid opening email attachments and don't install software from questionable sources since majority of torrent downloads contain injected malware.
 
Thanks for all the suggestions. I'll take these into consideration when I take the tower tomorrow.
 
cyclone3d said:
Spybot S&D is not really obsolete. It will still find stuff, and the immunization is a must have IMO. It at least blocks a huge number of known bad sites.

It was not updated for quite a while, but that changed a while back and I have used it multiple times since then.
Click to expand...

By obsolete, i mean, its detection rate is such, that almost nobody in the "enthusiast" security comunity uses it anymore.

http://www.pcmag.com/article2/0,2817,2412372,00.asp

You can ask here too, but already the fact that search shows very little, is telling.

http://www.wilderssecurity.com/search.php?searchid=5515366

This is the most recent discussion:

http://www.wilderssecurity.com/showthread.php?t=336246&highlight=spybot

Also:

http://www.dslreports.com/nsearch?boardlist=18&cat=remark&advanced=1&18=1&p=10&o=r&q=spybot

Immunization is probably the only thing one could keep, but i don't let such messing with Windows. There are other, safer ways to avoid infection (ex. virtualization), that don't involve poking on Windows files.

The domain blocker is a common thing. Most modern antiviruses have one, browsers have one.

Just my opinion (i 've been member in security fora since 2002).
 
cyclone3d said:
The best thing I have found to do an initial cleanup is to download Dr. Web CureIT (the free version). It is updated at least once a day
Click to expand...

I never heard of this before but looking online it gets good reviews...so it's not an antivirus/spyware program like Kaspersky?...it's just a 1 time system checker?
 
polonyc2 said:
I never heard of this before but looking online it gets good reviews...so it's not an antivirus/spyware program like Kaspersky?...it's just a 1 time system checker?
Click to expand...

It's a russian standalone scanner. Like McAfee Stinger, Emsisoft Emergency Kit, Microsoft security scanner, etc. Not as good as Kaspersky, but good. They also have normal antivirus product. The "CureIt" is just the standalone version (on demand scanner).

See here for more:

http://ejaz.me/a.html
 
And here are some suggestions on non-signature approach to security.

Sandboxie
http://www.sandboxie.com/

Shadow Defender
http://www.shadowdefender.com/

Returnil
http://www.returnilvirtualsystem.com/

^^^ Many people run just one of these with no antivirus or other "bloat" running.


Winpatrol (more of a monitor than real protection, but still, good for the purpose):

http://www.winpatrol.com/


Appguard
http://www.blueridge.com/index.php/products/appguard/consumer

Novirusthanks exe radar pro
http://www.novirusthanks.org/

Defensewall (32bit only)
http://www.softsphere.com/

Comodo firewall
http://personalfirewall.comodo.com/

^ For power users, who should understand what they 're doing, any of them (except WinPatrol), plus an on-demand scanner for verification, can be enough to stay virus free. But for average-Joes, a traditional antivirus running is recommended. But any of those, can strengthen a LOT the defence, next to an antivirus.

This is what makes programs like Spybot obsolete, combined to the fact, that Antivirus nowdays detect everything (including trojans and spyware/adware), unlike in XP era, where there was room for "dedicated" programs. In fact, with years, both Spybot and Adaware, once famous, became forgotten, because antiviruses took over their job... Same for the antitrojans, several of which disappeared (Trojan Hunter, TDS3, etc).

I run only with a superlight executable monitor for years, no infections. If i do get an infection, i will restore an image and malware gone. Because as mi7chy said, nowdays, there are stealthy malware samples around (rootkits), that if successfully infect a system, there is NO way of being ABSOLUTELY certain that have been successfully eradicated and the only really secure way to get rid of them is FORMAT or restore a backup image that will overwrite everything (MBR included).
 
after you get done -- get ready to be their new 100% free, english speaking, on site FREE tech support for life.

I only fix my mom and dad's PC's these days... friends? nope... because while I like having friends and all, my time is pretty valuable to be giving away hundreds/thousands of dollars worth of free help when all they are going to do is want MORE help in the future.

I've even learned to dance around the fact I fix computers, example: out on a date "what do you do for work and fun" and I mention anything with a computer I've gotten more than a few "ooooo I'll have to let you look at my computer it's running really slow and doing all this weird stuff". Fuck that.
 
Skillz said:
Reformat.


/thread
Click to expand...

agreed. I always ask them what's important. Save photos, save documents, and re-download programs. Reformat and reinstall than put on AV for prevention. It's very often I find the files infecting key system files so removal isn't possible without more headache.

If you always reformat, it'll also deter the issue cb69 said above. They'll only come to you when necessary. I don't fix issues, I restore. lol
 
Last edited:
save clean data, nuke it from orbit
rebuild.

I've done intensive AV removals, scanning multiple times with tons of utilities. Combofix by far has been the most powerful useful tool. But in the time it takes to do one thorough scan with any program you could have reinstalled windows and all apps already.
 
You must log in or register to reply here.
Back
Top