Ideal approach to virus/malware removal?
Tags:
- Malware
- Computers
- Hard Drives
-
Business Computing
- Virus
Last response: in Business Computing
emax4
August 4, 2014 7:51:35 AM
I am in the beginning stages of starting a computer repair business with the focus of crapware removal. Initially I had created a post here (http://www.tomshardware.com/answers/id-2231275/remote-f...).
(Background):I was asking if I could connect to a client's computer via a hub and Ethernet cable, or if it was ideal to remove their hard drive, hook it up to a SATA dock, then run my utilities on it. The answer was that while it may or may not remove all things, it wouldn't allow changes to the registry on the now connected hard drive. (end background)
However, would it make sense to do this process first:
1. Either connecting via switch and Ethernet or putting their hard drive in a SATA dock connected to my fixing laptop)
2. Restarting their PC or re-connecting their hard drive to their PC and restarting
3. Install and run Mbam and any other utilities I need to run (then consequently deleting them when all is fixed?
Or would it make better sense to simply do everything on the clients own desktop or laptop?
I would like to put an emphasis on speed when it comes to fixing things, but its not an end all / be all to my selling point. Since I would charge by the half hour I want to let my customers know that I'll attempt to fix everything I can within a quick amount of time, not dilly dally while waiting for things to be removed or scanned (which is obviously inevitable in most cases). I'm not concerned about a possible clients hard drive infecting my own fixing laptop's drive, as I can either reinstall the minimum stuff I need or just re-image it from a backup.
If I do the connecting or removing of the hard drive, having the stuff run from my laptop's SSD would definitely make things faster, even when you consider having to reinstall hardware. But if I do everything from the clients computer, it can result in long wait times for booting up and crapware removal. Is one a better approach than the other or does it really make no difference between the two? Thank you very much for your advice and help.
(Background):I was asking if I could connect to a client's computer via a hub and Ethernet cable, or if it was ideal to remove their hard drive, hook it up to a SATA dock, then run my utilities on it. The answer was that while it may or may not remove all things, it wouldn't allow changes to the registry on the now connected hard drive. (end background)
However, would it make sense to do this process first:
1. Either connecting via switch and Ethernet or putting their hard drive in a SATA dock connected to my fixing laptop)
2. Restarting their PC or re-connecting their hard drive to their PC and restarting
3. Install and run Mbam and any other utilities I need to run (then consequently deleting them when all is fixed?
Or would it make better sense to simply do everything on the clients own desktop or laptop?
I would like to put an emphasis on speed when it comes to fixing things, but its not an end all / be all to my selling point. Since I would charge by the half hour I want to let my customers know that I'll attempt to fix everything I can within a quick amount of time, not dilly dally while waiting for things to be removed or scanned (which is obviously inevitable in most cases). I'm not concerned about a possible clients hard drive infecting my own fixing laptop's drive, as I can either reinstall the minimum stuff I need or just re-image it from a backup.
If I do the connecting or removing of the hard drive, having the stuff run from my laptop's SSD would definitely make things faster, even when you consider having to reinstall hardware. But if I do everything from the clients computer, it can result in long wait times for booting up and crapware removal. Is one a better approach than the other or does it really make no difference between the two? Thank you very much for your advice and help.
More about : ideal approach virus malware removal
-
Reply to emax4
KyleADunn
August 4, 2014 8:01:47 AM
I would go with the HUB and ethernet cable myself, as that's what we do at my Help Desk station (at a private university).
However, MBAM makes it difficult for people looking to get into your business. What you want to do with it is against their policy, unless you make each customer purchase their product.
"9. You may not use the Software as part of a service provider or service bureau.
10. You may not use the Software as part of any computer repair, help desk or troubleshooting service, unless you have each customer purchase an individual Full License for each of their respective computers which you repair or otherwise service."
Besides the MBAM issue, which you may already have knowledge of and/or resolved, I think the ethernet method, as there's less of a risk factor (you won't be handling hardware removal) and ethernet provides fast enough speeds to make it quite efficient for your purpose.
However, MBAM makes it difficult for people looking to get into your business. What you want to do with it is against their policy, unless you make each customer purchase their product.
"9. You may not use the Software as part of a service provider or service bureau.
10. You may not use the Software as part of any computer repair, help desk or troubleshooting service, unless you have each customer purchase an individual Full License for each of their respective computers which you repair or otherwise service."
Besides the MBAM issue, which you may already have knowledge of and/or resolved, I think the ethernet method, as there's less of a risk factor (you won't be handling hardware removal) and ethernet provides fast enough speeds to make it quite efficient for your purpose.
-
Reply to KyleADunn
m
0
l
JOHNN93
August 4, 2014 8:20:09 AM
well if you have more than one computer thatrs needed to be worked on having one laptop is not the best aproach.
you have lets say 3 infected hard drives.or you are asuming they are infected.
first things first.i would recomend always scaning the hard drive and seeing if it is faulty before proceeding with a virus scan.
booting seagate tools has hellped me a lot in the past.a quick scan can determine if the drive is faulty or not.
more pcs is better than one.especialy for a virus scan.
what i do to save time i download eset as a trial you have full protection for 30 days.
it wont take more than 10 minuts to set it up.you update it.enter advanced mode and configure everything on full.strict cleaning and you will get it.
and then leave it to scan.nothing else.
you go on a other pc same thing.you can have multiple pc's running with more processing power.and you will have a laptop free if you want to clone a drive or have it for worst case scenario.
a kmv switch is your friend so you do not have multiple monitors and keyboards.
although half an hour. you will find charging with the hour sometimes does not work out to your customers.
running a up to date antivirus arogram on a pentium 3 processor might make you give up before you get started.
just have competitive prices and realy good customer support.
because lets face it if a guy knows that for every half an hour he is paying 10 $ and its past midnight and he hasnt recieved a call he is going to frustrate.and then you will need to deal with him.
go with a trial antivirus and when something is running on one machine leave it and go to the other.when you are finished you can uninstall it and propose him for a recomended antivirus.thats up to you.
you have lets say 3 infected hard drives.or you are asuming they are infected.
first things first.i would recomend always scaning the hard drive and seeing if it is faulty before proceeding with a virus scan.
booting seagate tools has hellped me a lot in the past.a quick scan can determine if the drive is faulty or not.
more pcs is better than one.especialy for a virus scan.
what i do to save time i download eset as a trial you have full protection for 30 days.
it wont take more than 10 minuts to set it up.you update it.enter advanced mode and configure everything on full.strict cleaning and you will get it.
and then leave it to scan.nothing else.
you go on a other pc same thing.you can have multiple pc's running with more processing power.and you will have a laptop free if you want to clone a drive or have it for worst case scenario.
a kmv switch is your friend so you do not have multiple monitors and keyboards.
although half an hour. you will find charging with the hour sometimes does not work out to your customers.
running a up to date antivirus arogram on a pentium 3 processor might make you give up before you get started.
just have competitive prices and realy good customer support.
because lets face it if a guy knows that for every half an hour he is paying 10 $ and its past midnight and he hasnt recieved a call he is going to frustrate.and then you will need to deal with him.
go with a trial antivirus and when something is running on one machine leave it and go to the other.when you are finished you can uninstall it and propose him for a recomended antivirus.thats up to you.
-
Reply to JOHNN93
m
0
l
Related resources
reedo_43
August 4, 2014 9:16:04 AM
I am a full time computer tech working for myself for over 10 years. If I am at a clients house and I realize that a long scan such as avast boot time on a vista laptop, I will bring it home. I do not charge for hands off repairs. A scan such as this can take 3 hours on a slow machine. I charge $75/hr in south Florida. Just my 2 cents. May want to consider a set price for something like that. Good luck. Also some utilities will not let you scan anything but the C: drive (ie tdskiller) so it has to be done on the client machine or local disk.
-
Reply to reedo_43
m
0
l
emax4
August 4, 2014 8:34:26 PM
Thanks for the helpful replies! I figured I could take my laptop on the job and download their latest drivers while the scan is being run. It really sucks that I can't use my own MbAm to fix their computers, but after checking out their site I found their Techbench USB stick:
https://www.malwarebytes.org/techbench/
So I contacted them for a quote and am waiting to see how much they'll charge. I'm sure it'll pay for itself. I just have to check out the same fine print for CCleaner, and I know Spybot S&D has a special tech price.
Not to jack my own thread but another question: what seems to be the majority of anti virus software that doesn't really work? I've handled a handful of computers and had to remove stuff from it, but I thought, " Why isn't that software doing its job??"
https://www.malwarebytes.org/techbench/
So I contacted them for a quote and am waiting to see how much they'll charge. I'm sure it'll pay for itself. I just have to check out the same fine print for CCleaner, and I know Spybot S&D has a special tech price.
Not to jack my own thread but another question: what seems to be the majority of anti virus software that doesn't really work? I've handled a handful of computers and had to remove stuff from it, but I thought, " Why isn't that software doing its job??"
-
Reply to emax4
m
0
l
emax4
August 7, 2014 11:14:30 PM
I hadn't decided which of my services will be in house and which will be on-site, but probably the only thing I can think of are the heavy duty ones that require more space and clean areas, such as a complete cleaning (hardware and software). I also plan to do this only part time so that I can keep my full-time job and benefits and work on my days off.
-
Reply to emax4
m
0
l
jeff-j
August 8, 2014 7:23:55 AM
Here is my 2 cents. I will usually try to uninstall any crap software I can first using programs and features, this will cut down on the time it takes to scan. I try to run all my scanning programs on the computer under their account. If the infection is bad and they have sensitive data I will clone the hard drive before starting anything. I will then run mbam, tdsskiller, and rouge killer to clean everything up. I don't like doing in house because I don't see a need to charge while a scan is running and I can't do much else. Most of the time I have about 2+ hrs in just waiting for scans to complete. So I like to take computers back to our office. I also like to have a live ubuntu CD to have an OS to boot off if I can't get into safe mode.
-
Reply to jeff-j
m
0
l
emax4
August 8, 2014 1:49:24 PM
These are all great answers, and I thank you for the help. Its not critical that I emphasize a short time to clean everything up, but it would be nice. My original method was to do just that, which is:
1. Log on to the users computer in normal mode, delete the crap using Programs and services. While those are running (some take longer to be removed), I could...
2. Investigate any odd services and look those up, see if they're harmful and remove them by going into System Configuration.
3. Once all the stuff is gone under Programs and Services I would run MBAM. On my own laptop I would find and get the latest hardware drivers for their PC and put it on a USB disk
4. Reboot and use CCleaner, install the drivers, then reboot again.
5. Do a final check on performance and functionality, get ok from the customer.
I can still get the drivers and such from my laptop I'll be taking with me on jobs, and i am still considering just using a hub to connect to their machine and running MBAM on it. Whats the point though when I'll be using their machine to remove stuff using Programs and Services first? I'm still debating on that.
OH, and I did check out MBAM for Technicians. They have a USB key that wipes all the malware off ones drive automatically, but they want $400 freakin bucks for it!! There are no used ones on Amazon or eBay either.
I also didn't find any results of those who have it and use it as wel. Because I'm bootstrapping everything and starting on a shoestring budget, I can't afford it right now.
1. Log on to the users computer in normal mode, delete the crap using Programs and services. While those are running (some take longer to be removed), I could...
2. Investigate any odd services and look those up, see if they're harmful and remove them by going into System Configuration.
3. Once all the stuff is gone under Programs and Services I would run MBAM. On my own laptop I would find and get the latest hardware drivers for their PC and put it on a USB disk
4. Reboot and use CCleaner, install the drivers, then reboot again.
5. Do a final check on performance and functionality, get ok from the customer.
I can still get the drivers and such from my laptop I'll be taking with me on jobs, and i am still considering just using a hub to connect to their machine and running MBAM on it. Whats the point though when I'll be using their machine to remove stuff using Programs and Services first? I'm still debating on that.
OH, and I did check out MBAM for Technicians. They have a USB key that wipes all the malware off ones drive automatically, but they want $400 freakin bucks for it!! There are no used ones on Amazon or eBay either.
I also didn't find any results of those who have it and use it as wel. Because I'm bootstrapping everything and starting on a shoestring budget, I can't afford it right now. -
Reply to emax4
m
0
l
jeff-j
August 11, 2014 8:54:06 AM
I do about the same except for number 4. I would check with your client to see if they want their drivers updated because that will take time which costs money which the client might not want to spend, and I only update drivers if there is hardware issue. Also with CCleaner it is not a spyware/malware remover it is more of a reg cleaner and file cleaner. It will clean the registry of any unneeded items but it will also clean out the temp internet files. Some people don't like that because if they have saved passwords for websites set those will be erased.
-
Reply to jeff-j
m
0
l
reedo_43
August 11, 2014 9:23:49 AM
cleaner is very configurable. You can choose what you want to delete. Also in settings, have it run at windows start-up, but you have to turn off user account control to get rid of annoying message. Just un-check user account control in action center settings. Great software. Use it before scan to speed it up.
-
Reply to reedo_43
m
0
l
sarahragan2014
August 13, 2014 1:13:00 AM
emax4
August 17, 2014 10:52:20 PM
I feel like I'm beating a dead horse, but I have a similar question: Can I simply pop out the users hard drive, then pop it in a hard drive dock (eSATA or USB), then run some of the stuff that way? That solution can enable one of two workarounds for the MBAM license, plus there's no way I'm paying $400 for an MBAM USB key per year. Once the main stuff is gone I can reinstall it on the users computer, then use CCleaner and other utilities to remove the dead threads from the registry. Here are other things to consider for my situation:
1. I only plan on working on one PC at a time by going to the user's place (at least until I can make enough to possibly use a storefront, but I'm not planning on things getting that big). So I have no need to work on multiple devices at one time. I did purchase an old Linksys G router, put dd-wrt on it, and reconfigured it as a network switch so I can connect to users computers on the job.
2. I can also simply charge each user for an MBAM license (add $20 or so), have it as part of the junkware removal service but market it such so that the user thinks that the entire charge is solely for the cleaning service, and the software is free. The downside is that the software may work TOO well, thus not generating any more repeat calls. Even if I train the client what and what not to download, there's no guarantee that they will listen. I'd feel comfortable knowing that I can positively educate someone though.
3. If I become a software reseller, I may need to apply for a reseller license for my state. This also may incur more taxes as the end of every quarter. Can anyone in the biz confirm or deny this?
4. By connecting the hard drive to my eSATA/USB drive dock, does that minimize the chances of my own laptop becoming infected with possible junkware, even booting in safe mode? I have no problem reformatting, but the updates and such take time, and right now i have no imaging software (speaking of which, I cant find any that are effective, low-cost ones for technicians). I can always connect via Ethernet cables and my switch, but was still wondering about the risks.
1. I only plan on working on one PC at a time by going to the user's place (at least until I can make enough to possibly use a storefront, but I'm not planning on things getting that big). So I have no need to work on multiple devices at one time. I did purchase an old Linksys G router, put dd-wrt on it, and reconfigured it as a network switch so I can connect to users computers on the job.
2. I can also simply charge each user for an MBAM license (add $20 or so), have it as part of the junkware removal service but market it such so that the user thinks that the entire charge is solely for the cleaning service, and the software is free. The downside is that the software may work TOO well, thus not generating any more repeat calls. Even if I train the client what and what not to download, there's no guarantee that they will listen. I'd feel comfortable knowing that I can positively educate someone though.
3. If I become a software reseller, I may need to apply for a reseller license for my state. This also may incur more taxes as the end of every quarter. Can anyone in the biz confirm or deny this?
4. By connecting the hard drive to my eSATA/USB drive dock, does that minimize the chances of my own laptop becoming infected with possible junkware, even booting in safe mode? I have no problem reformatting, but the updates and such take time, and right now i have no imaging software (speaking of which, I cant find any that are effective, low-cost ones for technicians). I can always connect via Ethernet cables and my switch, but was still wondering about the risks.
-
Reply to emax4
m
0
l
mdd1963
September 23, 2014 7:06:47 PM
As long as the client's computer (laptop or midtower) is still functioning and will at least boot, then it might be easier to simply use one of the Live CD/DVD distros designed for malware/adware/virus removal....
-Kasperski's Rescue
-F-Secure Rescue CD
-Dr. Web Live CD
-Avira Rescue CD
-AVG Rescue
-Zillya Live CD
-ANVI Live Rescue CD
-Bit Defender Rescue CD
-Comodo Rescue CD
MIght want to take a copy of GLary's Utilities with you as well....
-Kasperski's Rescue
-F-Secure Rescue CD
-Dr. Web Live CD
-Avira Rescue CD
-AVG Rescue
-Zillya Live CD
-ANVI Live Rescue CD
-Bit Defender Rescue CD
-Comodo Rescue CD
MIght want to take a copy of GLary's Utilities with you as well....
-
Reply to mdd1963
m
0
l
Read discussions in other Business Computing categories
!