Removing Viruses
154 views
Skip to first unread message
Matt T
Jul 12, 2015, 10:42:11 PM7/12/15
to after-hours-c...@googlegroups.com
I know how to remove viruses but what would be the most efficient way to do so? I didn't think it was acceptable to scan a computer for viruses and let it sit for 3 hours and charge them all the money until the scan is complete. I was thinking using the HDD dock to plug the hard drive into my field laptop to run scans on. I also have the kaspersky rescue disk on my flash drive box with all my other tools.
Also is there a way to pause the service call? Lets say I need a certain tool to do my job and I have to get it, how would I go about doing that? I am gearing up to be ready as soon as possible for field service. I like to know and have everything I head out.
Also is there a way to pause the service call? Lets say I need a certain tool to do my job and I have to get it, how would I go about doing that? I am gearing up to be ready as soon as possible for field service. I like to know and have everything I head out.
John-Paul Damico
Jul 13, 2015, 8:52:19 AM7/13/15
to after-hours-c...@googlegroups.com
Personally - I run ccleaner first. Most of the time on a scan is processing temp files. CCleaner can make a 3 hour scan 15 minutes.
There is no way to pause a service call but you can always let dispatch know what is going on. We will adjust the time at the end of the service call.
Roger Hopkins
Jul 13, 2015, 11:02:27 AM7/13/15
to after-hours-c...@googlegroups.com
Usually when I'm fighting against viruses, a virus scan is the last thing I run. I manually try to find and remove them. A virus has to find a way of starting up, usually when the system boots. There are several places a virus can do this, some of the most common are:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup (Depends on the OS, but this is the "All Users" startup folder in general)
C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup (Once again, depends on the OS, Current User startup folder)
\\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
\\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
\\HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run (Only on 64-bit systems)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup (Depends on the OS, but this is the "All Users" startup folder in general)
C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup (Once again, depends on the OS, Current User startup folder)
\\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
\\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
\\HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run (Only on 64-bit systems)
\\HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run (Only on 64-bit systems, rare)
Scheduled Tasks
Luckily, there's a free program from Sysinternals called AutoRuns that allows you to check all of these places and more: https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx . This will save you lots of time from having to look in different folders and registry keys. Just be careful that you don't remove anything important from startup.
Other viruses might attach themselves to the web browser instead. Make sure to check the browser's extensions for any entries. If you've checked all the places above and still haven't managed to get rid of the virus, you may be dealing with a rootkit. Thankfully, due to Windows System File Protection, this is becoming less of an issue, and can usually be fixed by running sfc /scannow.
Once I've figured out which executable file I believe is the virus, I'll usually send it to VirusTotal.com, which will tell me which virus it is. I can then do a google search on the virus to find out more about it and what damage it might have done (moving or hiding system files, changing registry settings, etc.)
After I'm pretty sure I've finished getting rid of the virus, I'll usually go ahead and run a "Threat Scan" with MalwareBytes just to be on the safe side. Usually it doesn't find anything after I'm done, or if it does, it's a file that was just left sitting on the hard drive and wasn't actually running or causing any further problems. If you've removed the temp files first like JP describes, a MalwareBytes threat scan really doesn't take that long to complete.
Scheduled Tasks
Luckily, there's a free program from Sysinternals called AutoRuns that allows you to check all of these places and more: https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx . This will save you lots of time from having to look in different folders and registry keys. Just be careful that you don't remove anything important from startup.
Other viruses might attach themselves to the web browser instead. Make sure to check the browser's extensions for any entries. If you've checked all the places above and still haven't managed to get rid of the virus, you may be dealing with a rootkit. Thankfully, due to Windows System File Protection, this is becoming less of an issue, and can usually be fixed by running sfc /scannow.
Once I've figured out which executable file I believe is the virus, I'll usually send it to VirusTotal.com, which will tell me which virus it is. I can then do a google search on the virus to find out more about it and what damage it might have done (moving or hiding system files, changing registry settings, etc.)
After I'm pretty sure I've finished getting rid of the virus, I'll usually go ahead and run a "Threat Scan" with MalwareBytes just to be on the safe side. Usually it doesn't find anything after I'm done, or if it does, it's a file that was just left sitting on the hard drive and wasn't actually running or causing any further problems. If you've removed the temp files first like JP describes, a MalwareBytes threat scan really doesn't take that long to complete.
Matt T
Jul 13, 2015, 12:29:45 PM7/13/15
to after-hours-c...@googlegroups.com
Ok that was my only question. I know how to remove viruses, but I wanted to know the time optimized one for service calls. I have the portable CCleaner on my tools flash drive stick, I will definitely add AutoRuns on there as well.
Randy Lee
Oct 4, 2015, 2:02:14 AM10/4/15
to After Hours Computer Repair
Another place is if the virus is profile specific, it will be in the C:\users\username\appdata\local\temp folder for windows 7/8/10. If you sort the items in this folder to "type" and see anything that is listed as an application type, it's probably a .exe application that will constantly run to re-install the virus in question no matter how many times you remove it.
hbel...@afterhourscr.com
Sep 29, 2016, 6:00:29 PM9/29/16
to After Hours Computer Repair
If its pre Win8 MSCONFIG is your friend.
I also like to run ccleaner, but at the end of service, to get rid of registry entries of viruses. That way, if the virus makes a call to the registry, it wont see that the entries are removed, and re-write the entry.
Reply all
Reply to author
Forward
0 new messages