Tips For A New Computer Technician

[Artanis0]

So, I just started my new part time job as the resident computer tech for a large office supplies store.

I am curious what are the procedures and methods used by my fellow techs when the cliche virus + spyware infested computers need repairing.

As it stands right now, I feel it takes me way to long to restore a computer from virus and spyware infections.

My typtical process for restoring a computer is as follows:

0. Get computer to work with office internet connection - if at all possible
1. Install Ad-Aware and update (smart scan)
2. Install Spybot S&D and update (full scan + immunize)
3. Install Microsoft Anti-Spyware and update (standard scan)
4. Install AVG Anti-Virus and update (full scan - I don't trust AVG to find most viruses though...)
5. Boot to save mode, run all four programs and remove everything they find.
6. Use HijackThis and/or MS Anti-Spyware to restore browser settings and limit startup programs.
7. Uninstall all all the software I installed and contact client.

Entire process takes between 3-6 hours (6 is there is mad problems)

Is there any procedures that would speed up my fix? or provide better fixes? automate some of this repetitive process?

Second question,

Is there an alternative place online to the windows update site? I've ran into a few computers in my time that refuse to work with the windows update site and will not auto-update using the windows xp scheduler. A package that contains bundles of windows xp security updates would be pure gold for my tech work.

 

[OmegaSpade79]

Greetings,

To your first question... If there is no critical data on it, I just format. If there is critical data, I put the drive into another computer as a slave extract the critical data then format. Once you encounter a Torrent Zombie you'll give up trying to fix them.

I always try and work from the simple and quick fixes to the long and tedious.

Your second question...

open regedit and do a search for NoWindowsUpdate if the value is set to 1 change it to zero and your golden.

Good Luck and have fun.

 

[mavalpha]

TrendMicro's HouseCall & Windows Safe Mode make a great combination, at least as a first step. HC is mostly against viruses, but it also gets rid of a lot of miscellaneous malware. You also want to clean the computer as much as possible BEFORE installing an antivirus/antispyware, just because many viruses are actually programmed to mess up installations of new software- especially stuff like Norton.

 

[mosin]

Install CCleaner on the machine to run at startup, and get yourself a copy of jv16 Power Tools.

 

[DigitalMP]

a) make a master image (if all PCs are the same), with locked-down policies so users can't fcuk the machines and Spysweeper installed, and store it on an accessible network volume
b) instruct all users to save all files on their respective home drive
c) reimage infected PCs, as it's not worth the time as hassle

 

[zev8910]

Ask the store for a usb thumb drive for repair purposes. If they are stingy, find a cheap one really doesn't need to be larger than 128mb. But that gets into personal preference.

Download all your software tools and copy them to the thumb drive.
At the beginning of the week (or your shift if you have time to check this often) check lavasoft's web page for the ref list, spybot's web page for the include files.

Also grab cwshredder and kazzabegone from the hijack this webpage.
WinsockXPFix.exe (great for resetting the winsock files and tcp stack) fixes an amazing number of internet connection related problems left after spyware removal.
xcleaner_free version. this is good for removing all of the various temp files, also has a built in spyware checker.
Stinger - trojan scanner, free from macaffee I think.

By having all these on a thumb drive it saves the time used to get an internet connection and download the programs for each repair.

Also if you can multitask, burn the tools off to cd, date the cd with a sharpie (so you know you're using the ones with the lastest defs). And run the tools on 3 computers at a time.

I normally start with spybot and make sure to enable the tea timer. Check out the advanced tools in spybot, there are some useful utilites there. Then move to hijack this.
Then xcleaner_free. Followed by a trendmicro scan, followed by ms antispyware.
Patch the system. (Again, you can download winXP service pack 2 to cd and have it ready to go instead of downloading the entire sp each time)

Really from there it depends if your shop is looking for quantity or quality.
Quality, stick with the problems, research, use google, read message boards, edit registries.

Quantity, backup my documents, any office type files, pictures. Restore system.

 

[Ice Czar]

My normal proceedure

disconnect the computer from the internet
(generally its taken to my house and not attached to the LAN)

install processguard trial
(I often encourage customers to foot the full install license, instead of just the trial, which offers additional options)

install it, reboot, rightclick on the taskbar icon (or desktop icon) > Main Tab uncheck learning mode > security tab remove all > protection tab remove all > close reboot and start approving processes your sure of, deny (without a rule) and note down processes your not. (If you can't install Processguard thats a sure sign your in for one serious battle)

Default Processes

run HijackThis
run RootkitRevealer
Install trial of NOD32

(all installations are done to non-default directories)

assess the level of infection and try to ID the malware

you eventually develop a list of legitimate entries in HijackThis, Rootkitrevealer and Processguard, but till you do you have to research them individually.


by disrupting the malware from loading, and identifying what your dealing with you get a quick idea of what its going to take, sometimes its simple, and sometimes its a new CWS varient that you'll have to fight tooth and nail to uninstall
the scary part is the rootkits that are now common, they aren't actually malware, they just hide the malware from your scanners


Rootkit Battle

Although rootkits have been threatening various platforms for years, only recently did a major battle develop between the rootkit creators and eradicators: Holy Father's Hacker Defender vs. Sysinternals' Rootkit Revealer. Microsoft's Kurt Dillard describes the match up and how it's helped further evolve this highly destructive form of malware.

http://itmanagement.earthweb.com/columns/executive_tech/article.php/3512621

Im currently fumbling through IceSword
which is in Chinese, and seems very powerful, but since I have to figure out what all the little buttons do by trial and error
I need a few sacrificial installs to muckup, and Ive yet to get around to that
(Its worth downloading and installing just to see all the features

it has running processes, TCP connections \ ports, sys, dll and exe in physical memory w\ address (I think), registry keys for startup, running services, Winsock 2 SPI, Browser Help Objects, System Service Descriptor Table, loaded exe?, a built in registry editor, and what looks like Windows Explorer for "hidden files" (some files are still hidden even when you uncheck hidden files in folder options, like .lnk extentions, though you can reveal assorted hidden files in the os)

You do have to turn ProcessGuard off to run it however.

 

[mrgulabull]

its almost funny how similar ur spyware removal rutine is to the one i used when i worked as a tech at a retail store. The one thing I did differently was to pull the HD out of the computer and connect it via USB to one of our shop machines and do a norton scan from there. This made the scan process a little faster, and helped to clean the system a bit before trying to install the spyware removal software.

Spyware removals became so incredibly rutine and monotonous (spelling?) that I did a lot of research on ways of automating the process. I came along a simple script language called auto IT which was designed to automated any process you might find yourself doing too often on a computer.

Anyways, I spent a solid 3 days working on a long script that automatically installed all of the spyware removal software, updated all of it, and started the scans. At first it worked on only about 1 of every 4 machines I used it on, but after a couple more weeks of tweaking I got it to about 75%+ efficiency.

My solution, titled "Auto-Spy" wasn't perfect, MS Anti-Spy and spysweeper weren't fully functional with just keyboard strokes, they required clicking certain parts of the screen. This required pixel color tests to find where to click. Then I ran into problems with the script not finding the right color because of different color depth settings on some computers (16bit, 24bit, 32bit). I was also upset that I couldn't find a way to automatically initiate a scan once the computer started in safemode, it required a double click to get it going. (yes I got to be a little OCD about the "fully automated" component)

Well finally, with my "Auto-Spy" close to being completed, probably about 80% done with the new improved version including working pixel testers and automated safemode scanning I quit work on my project. Why? Because I had only 2 months left at that job and didn't see the investment offering a good enough return for the remaining work involved.

I'd be happy to give what I guess you could call the "source code" for my Auto-Spy, to anyone here who may be interested in how it worked or even continuing the progress I made on it. With just a day of messing around any one of you techy guys could pick up Auto IT without a problem.