I use the following malware removal procedure in my repair business on a daily basis:

1) Boot into safe mode.

2) Run CCleaner. This will remove all the crap from IE, including any malware files in the IE temp folder. It will also reduce any malware scanning time, as well as reduce the size of any malware logs.

3) Go to Add/Remove and remove any programs that are malware in disguise.

4) Run msconfig and disable all startup items.

4) Reboot into normal mode and run one or more of the following online scans: Ewido, Trend, BitDefender. EDIT: Depending on what Ewido or Trend find, I may also run other anti-malware programs from safe mode. If the system seems really infected, I don't use online scanners, I just run onboard scans from safe mode.

5) Run HijackThis to check for any leftover rogue entries. EDIT: Create a new restore point by disabling then enabling System Restore. Also return Msconfig to an appropriate state.

That's it! 90% of the time this will completely clean a system. The other 10% of the time, I'll need to do a manual search and remove the malware file from the hard drive or the registry.

There's almost always no need for endless logs. Check this link out (I agree with it completely)

http://poptech.blogspot.com/2005/02/overuse-of-hijackthis.html

Hmmm, I have a formatting problem. I can't insert links into a word, or insert a smilie. I'll further investigate my posting options.

Seth wrote: 2) Run CCleaner. This will remove all the crap from IE, including any malware files in the IE temp folder. It will also reduce any malware scanning time, as well as reduce the size of any malware logs.

Okay, dumb question of the day: Will CCleaner clean the same things in Firefox as it does in IE?

I plan to install CrapCleaner. I use Firefox almost exclusively.

Thanks.

Lina

Actually, that's a good question, and I should have been more clear.

Yes, CCleaner will clean out Firefox.

Lina,

I thought you were already running utilities to keep out pop-ups, malware, and viruses/trojans? ? ?

Why do you want to add MORE sluggishness to your machine?

You need to go through your list and REMOVE what you don't want to have anymore BEFORE you install something that duplicates what you are all ready running.

So since you seem to be running most of the top of the line utilities at the present time WHICH one of these TOP OF THE LINE products do you want to remove?

Lina,

I thought you were already running utilities to keep out pop-ups, malware, and viruses/trojans? ? ?

Why do you want to add MORE sluggishness to your machine?

You need to go through your list and REMOVE what you don't want to have anymore BEFORE you install something that duplicates what you are all ready running.

So since you seem to be running most of the top of the line utilities at the present time WHICH one of these TOP OF THE LINE products do you want to remove?

Hi Dan,

What do you mean by adding "More sluggishness to your machine"? Ccleaner is a highly regarded drive cleaner.

I'm also unclear as to why you think Lina is going to remove "Top of the line products".

Am I missing something here?

Seth,

Lina has utilities that stop all the intrusions that you are referring to with your cleaning process. To add another utility WITHOUT removing one would have multiple apps "battling" one another.

So what I was saying is that IF she wants to add ccleaner, she should decide to remove one of the utilities she already has running to do the same thing.

Advising someone to install a program without knowing what they are already running can, and usually IS, a BSOD waiting to happen.

"We" (RichM, Doug, Larry, and others) have already walked down this path before with many users - so BEFORE we advise someone to load a utility, we ALWAYS ask what they are running FIRST. Usually they have something running that is just as effective or superior (maybe because they bought the paid version and not the shareware one) to the one advised. And not to cause a bigger problem, the prudent thing is to let well enough alone. If they don't have or are using something that really needs to be replaced, then "we" advise them to uninstall that utility BEFORE installing the recommended one.

By the way, I personally don't use ccleaner and don't use it for cleaning corrupted systems - but have no problem delivering back a perfectly good system to my clients. I do have an arsenal of other utilities that work just fine.

One you might want to look at is JV16 - I don't have to worry about hijackthis except in a VERY few rare occassions.

Lina has utilities that stop all the intrusions that you are referring to with your cleaning process. To add another utility WITHOUT removing one would have multiple apps "battling" one another.

I never suggested any utilities to "stop intrusions", in fact, I never suggested anything at all. I merely posted what I found to be a very effective technique to remove most malware from an infected system. As far as utilities go, drive cleaners in no way "battle" one another. However AV software can.

Advising someone to install a program without knowing what they are already running can, and usually IS, a BSOD waiting to happen.

As stated, I never suggested installing anything. Nor will Ccleaner cause any conflicts.

By the way, I personally don't use ccleaner and don't use it for cleaning corrupted systems - but have no problem delivering back a perfectly good system to my clients. I do have an arsenal of other utilities that work just fine.

Again, your reading something that I didn't say.

Ccleaner is a drive cleaner...one of many. It's not designed to remove malware. It's designed to remove file congestion from the browser and the hard drive. The added bonus is that it will delete the browsers temps, where some malware resides.

One you might want to look at is JV16 - I don't have to worry about hijackthis except in a VERY few rare occassions.

I'm familiar with JV16, and also made it quite clear that HijackThis is overused and often not needed. I also stated, that I only use HijackThis as a last step to remove any leftover rogue entries.

Sorry, guys. :peace: It looks like my curiosity inadvertently led to another heated discussion. I asked Seth if CrapCleaner performed the same tasks for Firefox as it did for IE. I did not take his response as a suggestion to install CrapCleaner.

Years ago, the trial version of RBL's Space Ace markedly speeded up my old Acer / W98 computer. I was impressed, but for various reasons I do not want to purchase Space Ace.

During a recent KH PalTalk session, I was advised that CrapCleaner is a good free alternative to Space Ace and would eliminate the need for me to check and possibly have to run Disk Defragmenter and Disk Cleanup every week and delete temporary internet files and lingering residue.

Would installing and using CrapCleaner be overkill for any of the following I have installed?

- Kaspersky PAV
- SpywareBlaster
- Spybot-Search&Destroy
- Win Patrol v7.0.l.0
- JV16 Power Tools (rarely check this)
- Spider V1.16 (rarely check this)
- HijackThis - v1.97.

Sometimes it's difficult to decide whose advice to take. For a computer-savvy user it would be okay to wait until there is a problem. For me, it's best to avoid any problem I can't easily fix.

Lina

Lina, Dan and Seth,
As Seth says, CCleaner is a hard drive cleaner, and very much like Space Ace 1V, just newer with newer safer code at this point. If Lina is using Space Ace then ccleaner would be a duplicate effort but has nothing to do with malware, and Seth never said it did. I know him from *** and while we disagree on virus protection, he is a Pro, but with different experiences is all.
I use crap cleaner and yes Lina you can configure what it removes in IE and Firefox. I personally do not let it touch cookies on either and it cleans a lot more than Space Ace does safely.

For more info on Ccleaner (including reviews), click here (http://www.download.com/CCleaner/3640-2144_4-10534487.html).

Rich, why don't you delete cookies? Keep in mind that Ccleaner can be configured to ignore cookies from specific sites.

Anyway....the only reason I wrote the original post, was to compare my techniques to other techs.

Ok Seth, Nice post!
I'll quote & comment below where I do things a bit diferent.
Overall, I do a very similar routine as you.

First thing, if I'm at the customer's home, I'll do some scans to
demonstrate to them how bad their problem is and for me to get
an idea whether it's better to clean or to wipe & re-load.

First I shut off the System Restore and reboot to clear it out.
Then I open IE and quickly delete all cookies & temporary internet files.
I'll then run Spybot or Adaware or both to get an idea of badly infected
it is. As the scans are running I use that time to educate the customer
about malware and what they need to do to keep safe.



1) Boot into safe mode.

2) Run CCleaner. This will remove all the crap from IE, including any malware files in the IE temp folder. It will also reduce any malware scanning time, as well as reduce the size of any malware logs.

3) Go to Add/Remove and remove any malware causing programs.

4) Run msconfig and clear everything from startup other than the security software.

All the above sounds good, except I do most of the bulk cleaning
manually. I'm very careful at what I leave enabled in msconfig. I
often go over the startup list with the customer and we decide
which items they actualy use and leave them enabled.

By manually deleting key areas such as \Temp or \Temporary Interent Files
I can get an idea as to which ones are stubborn and not likely to be cleaned
automatically by any anti-malware product.


4) Reboot into normal mode and run one or more of the following online scans: Ewido, Trend, BitDefender.

5) Run HijackThis to check for any leftover rogue entries.


I basically run an Anti-virus scan and rerun Spybot & Adaware.
Then I might have to boot to the windows recovery console to
manually delete the more stubborn files that could not be
automatically removed.

At this point I might run Hijackthis and remove items using the
knowedge obtained from the scans and just my general knowledge
of what items to eliminate.

After all scans report nothing found, I restart windows and exercise
the Windows Explorer and Internet Explorer as those can reactivate
a virus. Then I repeat all scans.


That's it! 90% of the time this will completely clean a system. The other 10% of the time, I'll need to do a manual search and removal of the malware file from the hard drive or the registry.

When all is clean, I edit the registry to clear out all the junk
from MSCONFIG startup.

Last things to do...
Run HijackThis and save the log file a a reference to what is normal & clean.
Turn the System Restore back on.

That's mostly how we differ.
No two jobs are ever the same but that's mostly how I do it.

---pete---

For more info on Ccleaner (including reviews), click here (http://www.download.com/CCleaner/3640-2144_4-10534487.html).


Thanks, Seth. Interesting reviews. Seems to work better on older computers, but that may be because older computers have more crap on them. A few complained that CrapCleaner messed up their computer-- I suspect some of this could have been due to user error. Makes me wonder if I'd
screw it up.

Lina

Seth,
I guess I never noticed the choice of cookies...I use Excite home page for one thing and I am sick and tired of having to always set back up from Spybot and Spywareblaster...an cccleaner takes out the addresses I save in Mapquest and so many other things, too numerous to list. Cookies are never a problem, there is no reason to remove any really, they are a helper.

Thanks for the critique Pete:)

I actually do go over Msconfig with my customer, as well as show them the "Nasties" on their computer. I just didn't post that much detail in my original post.

Also, I still occasionally use Spybot and Ad-Aware, but I find the malware scans from Trend Micro and Ewido to be far superior. Especially in the area of trojans, worms, and keyloggers.

Thanks again!

Seth,
I guess I never noticed the choice of cookies...I use Excite home page for one thing and I am sick and tired of having to always set back up from Spybot and Spywareblaster...an cccleaner takes out the addresses I save in Mapquest and so many other things, too numerous to list. Cookies are never a problem, there is no reason to remove any really, they are a helper.

Most cookies are from obnoxious advertisers. I just configure Ccleaner to ignore cookies from the main sites I visit. I suggest removing the advertising cookies, and have the benefit of a "Peppier" browser.

BTW Rich, In my replies, how do I quote multiple paragraphs separately?

"BTW Rich, In my replies, how do I quote multiple paragraphs separately"

With VBulletin we are new as of only a few months(one reason why I show with 600 posts when I really have 4000 if we could get the archives to work from the old software. I have yet to figure out how to quote multiple paragraphs...

Thanks, Seth. Interesting reviews. Seems to work better on older computers, but that may be because older computers have more crap on them. A few complained that CrapCleaner messed up their computer-- I suspect some of this could have been due to user error. Makes me wonder if I'd
screw it up.

That comment about working better on older computers is from an uneducated user. It doesn't matter if the computer is 5 months old or 5 years old. The buildup of needless files isn't determined by the age of the computer.

The other comment about Ccleaner deleting his word documents is so ludicrous...it's laughable. No drive cleaner has anything to do with document files.

Then there was the bad review from a user who claims that he went to install Ccleaner, and it tried to access a porn site. This is simply another comment from an uneducated user. Any freeware program should be obtained from the vendors site, or from a reputable site such as download.com. When you get programs from peer to peer sites, or from questionable sites, then you stand a chance for any program to be bundled with malware of all kinds.

Ccleaner is not only one of the most popular downloads, but it has a very high average rating of 4.5 out of 5. If it wasn't for the few non-sensical negative reviews, it would rate a perfect five.

Pete,

I just noticed that you utilize msconfig as a last step. I'm interested in hearing why you do so. I run it as an opening step for the following reasons:

1) If there is malware in the startup (which there usually is), I certainly don't want it running in the background during the removal process.

2) The average user has far too many needless startup programs that can eat up the cpu and ram. Therefore, cleaning up startup at the beginning will allow the malware scans to run faster. An added bonus is higher system stability and less potential for errors while cleaning out the system.

Also, I still occasionally use Spybot and Ad-Aware, but I find the malware scans from Trend Micro and Ewido to be far superior. Especially in the area of trojans, worms, and keyloggers.


I agree that the online scans find a few more items but I'm beginning to
wonder if it's absolutely necessary to get every last file. To give you an
example, I recently had a system infected with over 250 spyware and 90+
virus infected files. After doing all scans with NOD32, Spybot, & Adaware
and all my manual cleaning, I ran the ewido.com online scan and it found
2 more trojans; 1 in \Windows and another in \System32. HOWEVER, I'm
pretty sure that those two trojans had been rendered disabled by all
the previous actions I took before running the online scan. So in this
particular case, ewido.com appeared to clean out 2 trojans that NOD32,
Spybot & Adaware missed, but in reality, the trojans were already rendered
disabled and useless.

---pete---

BTW Rich, In my replies, how do I quote multiple paragraphs separately?

Whatever edting mode I'm currently in here (I forget the mode name), I
can see at the very beginning and at the very end of the quoted text
the HTML tags of QUOTE and /QUOTE with brackets.. [ ] surrounding
each of them.

To make multiple quotes I simply surround each quote with the HTML tags
of QUOTE and /QUOTE (remember to use the brackets on each of them.)

Another way to do it, is to select the text you want to quote and click
the Icon (4th from the right) on the toolbar. Hover mouse to identify the
Icon as "Wrap QUOTE tags around selected text"

---pete---

Pete,
I just noticed that you utilize msconfig as a last step. I'm interested in hearing why you do so.

Seth, you misunderstood what I was saying. Allow me to clarify.
At the begining of the cleaning process I disable items in MSCONFIG
startup tab by unchecking the items. Then at the very end of the
cleaning process, I use REGEDIT to actually clear out the entries
so that you no longer see the unchecked items when you run MSCONFIG.

Run REGEDIT and do a search on... msconfig
and you will find the place where all the disabled items are located,
then just delete the ones you know you never want enabled in the
future.

---pete---

Pete,

I just noticed that you utilize msconfig as a last step. I'm interested in hearing why you do so. I run it as an opening step for the following reasons:

1) If there is malware in the startup (which there usually is), I certainly don't want it running in the background during the removal process.

2) The average user has far too many needless startup programs that can eat up the cpu and ram. Therefore, cleaning up startup at the beginning will allow the malware scans to run faster. An added bonus is higher system stability and less potential for errors while cleaning out the system.

In addition to all that think of yourself. IT's absurd to sit there all that time everytime the system needs to reboot to wait forever for all those screwed up posts and all those unnecessary programs to load. I always sell them ram right away too, because by putting it in right away, it saves me sitting there listening to endless cranking and waiting for every program on their system to be ready before I can do anything.

Seth, you misunderstood what I was saying. Allow me to clarify.
At the begining of the cleaning process I disable items in MSCONFIG
startup tab by unchecking the items. Then at the very end of the
cleaning process, I use REGEDIT to actually clear out the entries
so that you no longer see the unchecked items when you run MSCONFIG.

Run REGEDIT and do a search on... msconfig
and you will find the place where all the disabled items are located,
then just delete the ones you know you never want enabled in the
future.

---pete---

Wow I would never charge a customer time to take entries out of startup that don't even matter anyway. What a huge waste of time, they affect nothing and the client does not even know how to look at them anyway in most cases.

Seth, you misunderstood what I was saying. Allow me to clarify.
At the begining of the cleaning process I disable items in MSCONFIG
startup tab by unchecking the items. Then at the very end of the
cleaning process, I use REGEDIT to actually clear out the entries
so that you no longer see the unchecked items when you run MSCONFIG.

My apologies.

Thanks for the all the replies. I'll be back later to comment.

Wow I would never charge a customer time to take entries out of startup that don't even matter anyway. What a huge waste of time, they affect nothing and the client does not even know how to look at them anyway in most cases.

Rich, it really doesn't cost them extra because I don't charge like that.
I can be doing registry edits while scans are going on. Scans can be going
on for hours but I don't charge for all that time unless I'm at their site
and have to sit there. In my workshop I can have a PC being worked on
for 10 hours but I'll only charge a reasonable amount of time I actually
tended to it.

Cleaning out the entries in MSCONFIG is a huge service to the customer
that is savy enough to run MSCONFIG. I teach my clients about that
so that they may turn items on or off in the future. By me deciding which
items to clean out, it helps them a lot to simplify things when they need
to go in there. Besides that, it only takes a few minutes to clean it.
No big deal, really. :)

---pete---

Rich, it really doesn't cost them extra because I don't charge like that.
I can be doing registry edits while scans are going on. Scans can be going
on for hours but I don't charge for all that time unless I'm at their site
and have to sit there. In my workshop I can have a PC being worked on
for 10 hours but I'll only charge a reasonable amount of time I actually
tended to it.

Cleaning out the entries in MSCONFIG is a huge service to the customer
that is savy enough to run MSCONFIG. I teach my clients about that
so that they may turn items on or off in the future. By me deciding which
items to clean out, it helps them a lot to simplify things when they need
to go in there. Besides that, it only takes a few minutes to clean it.
No big deal, really. :)

---pete---

Sorry I reread what I wrote and it was a bit caustic...unintentional....
I guess a bit of Dan R is rubbing off on me and I do not want my clients in msconfig either. I install Win Patrol and make them buy it, and that's the end of startup getting "crudded up", trust me! I also don't worry about browser hijack or changed services by crap like "Realcrap" player or "Slowtime" player that want to change the ownership of the pc everytime you turn them on to play something.I don't want Google toolbars or worse yet Yahoo toolbars being installed etc...without anyone knowing it.
And leaving those entries in msconfig does nothing tothe system and I guess I believe there are more meaningful things to address in system that cause problems. I do the same thing which is work on one thing while a scan is in progress etc...didn't mean to suggest overbilling, sorry!

I do the same thing which is work on one thing while a scan is in progress etc...didn't mean to suggest overbilling, sorry!

No problem Rich. I appreciate your response above.
I have a thick skin and have learned not to over react or get
offened by what gets posted on public forums. Besides that,
you gave me a platform to express how honest & fair I operate
my business. :)

A wise man taught me...
Speak without OFFENDING
Listen without DEFENDING

I'm not perfect, but I try to live by that and
it seems to pay in dividends.

There's also nothing wrong with a good debate as
long as it's done in a professional manner. ;)
That's what I strive for.

---pete---

I agree that the online scans find a few more items but I'm beginning to
wonder if it's absolutely necessary to get every last file. To give you an
example, I recently had a system infected with over 250 spyware and 90+
virus infected files. After doing all scans with NOD32, Spybot, & Adaware
and all my manual cleaning, I ran the ewido.com online scan and it found
2 more trojans; 1 in \Windows and another in \System32. HOWEVER, I'm
pretty sure that those two trojans had been rendered disabled by all
the previous actions I took before running the online scan. So in this
particular case, ewido.com appeared to clean out 2 trojans that NOD32,
Spybot & Adaware missed, but in reality, the trojans were already rendered
disabled and useless.

Very interesting.

A couple of months ago I posted on *** that I believed Trend's online spyware scan was showing some false positives. For example, I just ran some tests on my daughter's computer...who loves the dreaded pretty screensavers and cursor art. I removed 180 Search Assis, Zango, and some other hotbar with Spybot. I then scanned with Ad-aware, Ewido, Windows Defender, and Trend. Ad-aware showed nothing of significance, nor did Ewido or Defender. Trend still showed 180 and Zango. Although other times, Trend and Ewido would detect serious (confirmed) malware that Spybot, Ad-Aware, and Defender missed.

So what it comes down to, is no scanner is 100% accurate, or 100% trustworthy for that matter. I just use personal judgement and run a combination of scans as necessary.

Then I open IE and quickly delete all cookies & temporary internet files.

I used to do that...but not by opening IE. I went into IE's options from Control Panel. However, IE is slow to delete cookies and temps, often locks up, and isn't very thorough. Ccleaner fixed all that for me.

No problem Rich. I appreciate your response above.
I have a thick skin and have learned not to over react or get
offened by what gets posted on public forums. Besides that,
you gave me a platform to express how honest & fair I operate
my business. :)

A wise man taught me...
Speak without OFFENDING
Listen without DEFENDING

I'm not perfect, but I try to live by that and
it seems to pay in dividends.

There's also nothing wrong with a good debate as
long as it's done in a professional manner. ;)
That's what I strive for.

---pete---

Well said Pete, and I couldn't agree more.

This is exactly how I run my business and my life. Give all you meet more than they expect. It's the best way to show gratitude, and the most effective way for "Universal Law" to meet your requested needs.

one of the reasosn I stopped using Adaware, is that I am convinced that everything it finds that Spybot doesn't, is a false positive.

one of the reasosn I stopped using Adaware, is that I am convinced that everything it finds that Spybot doesn't, is a false positive.

Rich I think you have to re-evaluate.
Just this week I had a PC infested with spyware & viruses.
Here's the story straight from my customer log...

Troubleshoot PC at customer's home. Installed Spybot and NO32 programs. Cleaned approx. 115 spyware (mostly in registry) and 90 virus infected files. This initially fixed the internet connection problem but then it stopped working again. NOD32 would not update. Took computer and all the original disks back to my workshop to troubleshoot further.

Installed Adaware anti-spyware program and did manual updates. Performed full scan and deleted 119 more spyware. Reinstalled NOD32 and removed 3 more viruses with 2 viruses still remaining. Manually deleted 2 remaining viruses and manually cleaned out system using various methods. Rerun all virus & spyware scans to clean out the last few virus & spyware until all scan reported nothing found.

Rich, running Adaware was the key to getting the system clean.
I have a feeling that you use Spywareblaster where I'm using Adaware
and we both use other tools such as Spybot, NOD32, etc...
I've just had good luck with the combination of Spybot & Adaware
used in conjunction with varous Anti-virus programs. Spybot & NOD32
alone won't do the cleaning, that's for sure.

---pete---

Actually Pete, I don't use either to scan for virus or spyware on a "nasty system". I always run eWido online scannerfor spyware, which is far superior to any of the ones we have mentioned, and Bit DefenderAv, which does a more thorough scan than Nod without setting Nod for speacial scan. I also have seen the online scanners do a much better job of cleaning these systems possibly because whatever programs were on the system, already let the "crud" in, so I do not have the faith they will remove it!

Maybe an "online" scan is working better because it is not relying on an already infested OS.... similar to removing the hd and scanning it from a clean machine.

If doing this on a regular basis, maybe the idea of that true "bench" machine I posted a link to may be the best route to go ... plug the infested HD into the "bench" machine where all the tools and scanners reside.

Actually I do that as well DB as I got the idea originally from Dan and ya know when he and I agree on something, everyone should do it!

Maybe an "online" scan is working better because it is not relying on an already infested OS.... similar to removing the hd and scanning it from a clean machine.

If doing this on a regular basis, maybe the idea of that true "bench" machine I posted a link to may be the best route to go ... plug the infested HD into the "bench" machine where all the tools and scanners reside.

I've done that a couple of times but I won't do it again. If the system is so infected that you have to pull the drive, slave it and perform exhaustive malware removal, reinstall the drive...then you might as well do a clean install. In addition, serious malware removal can often cause file corruption.

So if it's that bad, I clean install. At least that way the customer has a fresh start (customers love fresh starts), the system will be faster, cleaner, and more stable, and hey...you make more money too!

It's all good!

I've enjoyed reading all the posts. Lots of good points. One thing that I didn't see (maybe I missed it) is protection from deleting the wrong file. First thing I do is boot with Acronis True Image CD and an external HD connected via USB and make a full backup of the drive. It takes a while, but if there's a problem, I can recover. If there's a lot to backup, I start it before going to bed and it's done in the morning.

Sometimes, I just work on the imaged disk and then re-image back to customer's machine after it's fixed.
-td

Actually Pete, I don't use either to scan for virus or spyware on a "nasty system". I always run eWido online scannerfor spyware, which is far superior to any of the ones we have mentioned, and Bit DefenderAv, which does a more thorough scan than Nod without setting Nod for speacial scan.

More recently when I get called to fix a malware infested PC, the main
problem is no internet access so online scans are not even an option.

Here's what I often do...
I bring Spybot & Adaware & AVG with the latest updates all on flashdrive
or CD. I install the applications and manually insert the updates.

Now that I'm using NOD32 more these days, does anyone know
how to manually update NOD32?

---pete---

Here is another thing you have to be careful of that I have been saying for years. Many of our spyware removal programs can find the vermin and remove the vermin, but not with a lot of finesse and in doing so some like Adaware can cripple your system creating worse damage than the spyware did.
http://www.opentechsupport.net/forums/archive/topic/20552-1.html
Part of the reason I no longer recommend Adaware. I have read things like this about the "touted" "Spy Sweeper" and many of the others...never Spybot.

Here is another thing you have to be careful of that I have been saying for years. Many of our spyware removal programs can find the vermin and remove the vermin, but not with a lot of finesse and in doing so some like Adaware can cripple your system creating worse damage than the spyware did.
http://www.opentechsupport.net/forums/archive/topic/20552-1.html
Part of the reason I no longer recommend Adaware. I have read things like this about the "touted" "Spy Sweeper" and many of the others...never Spybot.

Ok Rich, I hear what you are saying about Adaware and I'll keep that
in mind if I do some cleaning and end up with excessive collateral damage.
Adaware has a quarantine feature that I could try to use to retore deleted
items in case I get into a jam.

Hey, with so many anti-malware tools and so many different approaches,
there has got to be hundreds of combinations that work or don't work
well together. We each find a combination that works well for the process
we use to clean a system. This thread, is good because we can compare
our various techniques and learn from each other. My intention is not
to persuade anyone to use my techniques. All I'm saying is that this
is what works for me. :)

---pete---

Ok Rich, I hear what you are saying about Adaware and I'll keep that
in mind if I do some cleaning and end up with excessive collateral damage.
Adaware has a quarantine feature that I could try to use to retore deleted
items in case I get into a jam.

Hey, with so many anti-malware tools and so many different approaches,
there has got to be hundreds of combinations that work or don't work
well together. We each find a combination that works well for the process
we use to clean a system. This thread, is good because we can compare
our various techniques and learn from each other. My intention is not
to persuade anyone to use my techniques. All I'm saying is that this
is what works for me. :)

---pete---


Pete,
Absolutely true...that is what makes this board so great is we really don't have any animosity or personality disorders or egomaniacs amongst us, we have left them in the dust at other places. So we are free to talk and listen, much as we do on the Paltalk Chatrooms Wednesday nights.
one of my favorite "learnings" form Dale Carnagie is "you never really convince anybody of anything, you only may think you did", and convincing anyone is never my goal, just to get the fram of refernce and opinion out there!

Pete,
one of my favorite "learnings" form Dale Carnagie is "you never really convince anybody of anything, you only may think you did",

Hey, Dale Carnagie is one of my heros.
I read a couple of his books years ago and I'd say they had a major
impact in my life and how I deal with people. Highly recommended
reading! ---pete---

I think we can all agree that the steps we take to remove malware are very similar. For example, before any scans are run it makes sense to:

1) Use a drive cleaner to clean out the browser. Not only does this result in a faster browser, but it will clear out adware cookies, clear out any malware from the temp files, allow scans to complete faster, and make for shorter scan logs (if a log is required).

2) Use Add/Remove to remove any programs that are malware in disguise. It's just a lesson in futility to try and "scan out" malware without removing installed malware causing programs.

3) Clear msconfig of needless entries and malware entries.

After the above is completed, only then would I consider a system "ready" to be cleaned with scanners. Yet, time and time again, so called "Malware Removal Experts" from other sites either don't suggest these steps, or might suggest one of these steps after dozens of posts and getting the poster to post log after log ad nauseam.

"I think I have spyware" the poster proclaims. The experts:confused: respond with, "Post a HijackThis log"...this usually continues with dozens more mindless logs. The expert, doesn't even get the poster to perform the above fundamental steps, or run a malware removal program. That's ludicrous!

For example, on the other board I belonged to, this kind of thing goes on constantly. There was one thread that spanned weeks and had over 60 back and forth posts between the poster and the "expert". Not once did the expert (a mod at that) suggest any of the above three steps. He was basically trying to fix the problem using HijackThis and a couple of other logs. All he was accomplishing was system file corruption in his endless requests to get the poster to edit or remove registry entries. The system now had so much system corruption that it was virtually unusable. I posted with:

"With all due respect, isn't it time to perform a repair install, or even a clean install?" I was politely told to "Butt Out".

So after dozens of more logs in that thread...and about a week later, the expert finally concedes that a repair install needs to be done! Little did he know that just prior to him admitting this, the poster PM'd me and asked for my assistance.

I then posted a topic titled "Interesting Malware Article", in the forum that is supposed to be for discussion and removal of malware. I didn't say anything in the post, nor did I break any rules. I just posted a link to an article that discusses the overuse and misuse of HijackThis (Link is in the original post of this thread). The post was immediately deleted by a mod and I was told to not post in that particular forum any longer.

So why do these pseudo experts continue to do this? They must have some sort of vested interest to warrant such lunacy.

Seth wrote: 1) Use a drive cleaner to clean out the browser. Not only does this result in a faster browser, but it will clear out adware cookies, clear out any malware from the temp files, allow scans to complete faster, and make for shorter scan logs (if a log is required).

Seth, please tell me what you mean by "drive cleaner." Do you mean something like CrapCleaner?

Thanks.

Lina

I think we can all agree that the steps we take to remove malware are very similar. For example, before any scans are run it makes sense to:

1) Use a drive cleaner to clean out the browser. Not only does this result in a faster browser, but it will clear out adware cookies, clear out any malware from the temp files, allow scans to complete faster, and make for shorter scan logs (if a log is required).

2) Use Add/Remove to remove any programs that are malware in disguise. It's just a lesson in futility to try and "scan out" malware without removing installed malware causing programs.

3) Clear msconfig of needless entries and malware entries.

After the above is completed, only then would I consider a system "ready" to be cleaned with scanners. Yet, time and time again, so called "Malware Removal Experts" from other sites either don't suggest these steps, or might suggest one of these steps after dozens of posts and getting the poster to post log after log ad nauseam.

"I think I have spyware" the poster proclaims. The experts:confused: respond with, "Post a HijackThis log"...this usually continues with dozens more mindless logs. The expert, doesn't even get the poster to perform the above fundamental steps, or run a malware removal program. That's ludicrous!

For example, on the other board I belonged to, this kind of thing goes on constantly. There was one thread that spanned weeks and had over 60 back and forth posts between the poster and the "expert". Not once did the expert (a mod at that) suggest any of the above three steps. He was basically trying to fix the problem using HijackThis and a couple of other logs. All he was accomplishing was system file corruption in his endless requests to get the poster to edit or remove registry entries. The system now had so much system corruption that it was virtually unusable. I posted with:

"With all due respect, isn't it time to perform a repair install, or even a clean install?" I was politely told to "Butt Out".

So after dozens of more logs in that thread...and about a week later, the expert finally concedes that a repair install needs to be done! Little did he know that just prior to him admitting this, the poster PM'd me and asked for my assistance.

I then posted a topic titled "Interesting Malware Article", in the forum that is supposed to be for discussion and removal of malware. I didn't say anything in the post, nor did I break any rules. I just posted a link to an article that discusses the overuse and misuse of HijackThis (Link is in the original post of this thread). The post was immediately deleted by a mod and I was told to not post in that particular forum any longer.

So why do these pseudo experts continue to do this? They must have some sort of vested interest to warrant such lunacy.


Seth at the same time that was going on with you on ***, Rainbow32 is being chased out of there for the identical reason, and comes over to Tech Guy, which is actually a bigger forum, and has the same problem there with being threatened for banning by a "cyber nazi" security "expert"
there as well. And you both make a point that is so valid which is that they use hijackthis as a crutch, lke a universal answer. I go blind starting at those endless logs, which most forums would delete and ask you not to post, yet these guys put them anywhere and everywhere.
I have a little standing on tech Guy with 2 Admins so I attempted to persuade them to ease up on Rainbow32 and it all finally blew away for him, but the problem of hijack this being suggested for anything, lives on.

Seth, please tell me what you mean by "drive cleaner." Do you mean something like CrapCleaner?

Thanks.

Lina

Yes, exactly.

The browser in the average computer is bogged down with way too many cookies and temporary files. This can cause numerous browser problems. However, most drive cleaners will clean this out, and I believe you already have a drive cleaner. Some people just manually delete the cookies and temp files from within the browser itself.

With that said, some cookies are beneficial, but most are advertising of some sort. Cookies allow pages to load a bit faster as they store information about that page, as well as some of your information such as a login name. If you delete the cookies, both the "good and bad ones" will be removed, but the good ones will be replaced as soon as you open that particular web page.

Hope that clarifies a bit:)

HijackThis is a great tool ... not for the novice ... to dig down deep for the really well hidden stuff AFTER running all the common cleaners and online scans, and other rational approaches as posted by Seth.

Only after running all the other cleaning tools, that will remove 99% of the garbage, do you resort to the more complex tools to hunt for rootkits and self-installing or self-replicating invaders.

HijackThis logs are not something your 'average' user will be able to comprehend or be expected to do anything with the results. Running it on a heavily infested machine will yield a huge forrest with little chance of seeing the individual trees.

Seth at the same time that was going on with you on ***, Rainbow32 is being chased out of there for the identical reason, and comes over to Tech Guy, which is actually a bigger forum, and has the same problem there with being threatened for banning by a "cyber nazi" security "expert"
there as well. And you both make a point that is so valid which is that they use hijackthis as a crutch, lke a universal answer. I go blind starting at those endless logs, which most forums would delete and ask you not to post, yet these guys put them anywhere and everywhere.
I have a little standing on tech Guy with 2 Admins so I attempted to persuade them to ease up on Rainbow32 and it all finally blew away for him, but the problem of hijack this being suggested for anything, lives on.

Wow, I knew Rainbow was having a problem with the mods there, but I didn't know what it was about.

I still can't get an answer as to why they don't follow some basic common sense malware removal procedures. The Cyber Safety mod won't tell me why my post was deleted, nor does he respond to my query regarding the basic steps that should be taken before scanning.

BTW Rich, did you check out that link about HijackThis?

HijackThis is a great tool ... not for the novice ... to dig down deep for the really well hidden stuff AFTER running all the common cleaners and online scans, and other rational approaches as posted by Seth.

Only after running all the other cleaning tools, that will remove 99% of the garbage, do you resort to the more complex tools to hunt for rootkits and self-installing or self-replicating invaders.

Yes, exactly!

Thanks dbarrow. It's Dan right?

Yes, exactly!

Thanks dbarrow. It's Dan right?

No this one is Doug!

Wow, I knew Rainbow was having a problem with the mods there, but I didn't know what it was about.

I still can't get an answer as to why they don't follow some basic common sense malware removal procedures. The Cyber Safety mod won't tell me why my post was deleted, nor does he respond to my query regarding the basic steps that should be taken before scanning.

BTW Rich, did you check out that link about HijackThis?

Yes I did Seth. I have done 3 pm's to MishY the admin dealing with Murray problems and Spider problems and he never answers me, so I am gone now.

Yes I did Seth. I have done 3 pm's to MishY the admin dealing with Murray problems and Spider problems and he never answers me, so I am gone now.

Me too!

...and hello Doug:)

HJT can be useful in determining which tools to use to remove malware. At a different (non-***) forum I go to, I took training. There, we were told and given links that said that one should use HJT to get an idea of what is on a system. Then, you can find tools to remove it, and use online scans to see what else is on it, after those, ask the user to give a new log and clear up any remnants.

PS: I've been gone from *** for a little while, does anyone mind PMing me with an update? Some great members have left (a lot, but not all came here), a certain member got back from being banned (oddly enough on a certain date)...

HJT can be useful in determining which tools to use to remove malware. At a different (non-***) forum I go to, I took training. There, we were told and given links that said that one should use HJT to get an idea of what is on a system. Then, you can find tools to remove it, and use online scans to see what else is on it, after those, ask the user to give a new log and clear up any remnants.

Pi,

No one has said that HT isn't usefull. In fact, all of the techs in this thread use it.

It's just that there are important steps to take before using HT.

I agree completely.

Pi,
No one has said that HT isn't usefull. In fact, all of the techs in this thread use it. It's just that there are important steps to take before using HT.

Yes I agree, and let me add that HijackThis should be run and a log file
saved as the very last thing after the system is totally cleaned. Having
a HJT log of what is normal/clean can be very beneficial if you ever need to
clean the same system again. ---pete---

Just got back from a typical malware service call. Symptoms were a slow computer, slow internet, and a browser hijacking.

Explained each step to the customer as I did the following:

Removed almost a GB of crap with Ccleaner.

Msconfig had numerous needless entries, unusual entries, and many blank entries. Cleaned all that up.

Removed about 5 "Search Assistants" and the like from Add/Remove.

Ran Ewido's trial version which removed 6 infections. I can't remember what they were. I should have taken notes.

I then ran HijackThis and removed a few BHO's. No other concerns were present.

Rebooted and ran Trend Micro's malware scan. It didn't find anything of consequence.

Deemed the system clean and rebooted. Performance increase was significant and IE was working perfectly now. Reset System restore.
Educated the customer (who by this time was extremely happy) :clap2:.

Everything took about an hour and the customer gave me his daughters phone number to repair her computer.

Simple as that. No need to generate dozens of logs. Now if I tried to remove the malware using the techniques that the "Cyber Safety" experts use, I would have been there for hours in a futile attempt to remove all the nasties. Although by that time I'm sure the customer would have kicked me out and called someone else!

Good going - how long did it take? I no longer do this at a customer's place because it takes a long time sometimes.
-td

Good going - how long did it take? I no longer do this at a customer's place because it takes a long time sometimes.
-td
Hi Kelly,

It took about an hour. I'd say 70 minutes to be exact. Although I have so much experience with removing malware that I'm very fast at it. It's just the scans I have to wait for. Ccleaner reduces the scans times, as it quickly removes thousands of useless files that the scanners now don't have to scan. Cleaning Msconfig will also reduce scan times.

In addition, the customer only had 4 GB of software installed (including XP), so the scans were very quick. Typically, it can take me up to two hours to clean an infected system. If the malware is stubborn and the cleansing is going beyond 90 minutes, or if I think the system is too infected to clean, then I'll educate the customer on the infection and what a clean install will do. I have never had a customer refuse a clean install at this point. And yes, I charge double for that.

Yes - it's the scans that take a lot of time. You got lucky with only 4 GB used. I've used CCleaner only once and it took the machine down. Co-incidence maybe, but I ended up reinstalling the OS (it was 98SE). Since then I've been using JV16.
I don't know if it was mentioned earlier, but I like to do as much as possible in Safe Mode.
-td

Good going - how long did it take? I no longer do this at a customer's place because it takes a long time sometimes.
-td

I am with you Tony...the worst pc's have dialup and it takes forever to loiad up the online scanners on dialup and I go out of my mind with boredom!

About a month ago my nephew called me and said his computer was running like crap.
Never did windows updates,SP1 originally installed from manufacture was the only one.
Had Norton's that came with computer on a 30 day trail basis and wasn't updated for 3 years. Computer was heavily infested with worms, trojans, spyware.
What I did,
1.Uninstall Norton's.
2. Deleted all restore points.
3. Downloaded Ewido and NOD32 and let them clean and remove all they found after I disconnected from the internet.
4. Used CCleaner. I swear it ran for 5 mimutes and cleaned about a Gig of,well, crap.
The only use I had for HJT was to remove a reference for nail.exe that was in the system ini. that kept coming up as an error application can't be found message at startup. Using HJT for finding the error only saved time in looking for the cause.
The only thing the kid wouldn't let me do was trim down his startups. He liked all this windows on the screen for signing in to yahoo, my space, etc. when he first powered up the computer.

I must admit I once hosed one of my systems with crap cleaner so I was reluctant to keep going with it, but I restored back and the damage was none. I have not had that happen in the last year and we have had many new versions.

Kelly,

Just after the above call, I went to another. It was a mini tower HP pavilion. Man I hate these mini towers. I was always end up cutting my fingers when I have to do internal work.

Anyway, he got it used...for free. There was no video output at all, and he had no idea what was installed on the computer.

Turned out the onboard video was shot, so a used video card fixed that. I booted it up to find one of the most infected systems that I have ever seen. Since the infection is so severe (and who knows what else is on it), I'll be clean installing this one.

Wow...replies are coming quick.

Yes, I run whatever I can from safe mode, and I only do the online scans at the customers house if they have high speed internet.

About a month ago my nephew called me and said his computer was running like crap.
Never did windows updates,SP1 originally installed from manufacture was the only one.
Had Norton's that came with computer on a 30 day trail basis and wasn't updated for 3 years. Computer was heavily infested with worms, trojans, spyware.
What I did,
1.Uninstall Norton's.
2. Deleted all restore points.
3. Downloaded Ewido and NOD32 and let them clean and remove all they found after I disconnected from the internet.
4. Used CCleaner. I swear it ran for 5 mimutes and cleaned about a Gig of,well, crap.
The only use I had for HJT was to remove a reference for nail.exe that was in the system ini. that kept coming up as an error application can't be found message at startup. Using HJT for finding the error only saved time in looking for the cause.
The only thing the kid wouldn't let me do was trim down his startups. He liked all this windows on the screen for signing in to yahoo, my space, etc. when he first powered up the computer.

I think the guys from *** know how much I despise Norton. If it's installed, I explain to the customer why I don't recommend it and then I remove it with their consent.

Oh Oh...I saw that Pete recommends norton on his site, so I'm sure he's gonna' have some comments about this!!
:pop2:

I think the guys from *** know how much I despise Norton. If it's installed, I explain to the customer why I don't recommend it and then I remove it with their consent.

Oh Oh...I saw that Pete recommends norton on his site, so I'm sure he's gonna' have some comments about this!!
:pop2:

Well I am the Resident Norton flamer here...and whatever we do let's not start this up again...we have some highly emotional Norton lovers here really don't get it, and we aren't ever going to convert them...

rainbow32: I personally think (although many disagree) that it may be best to disable & reenable System Restore (or remove all restore points) after all malware is removed. It helps in case someone accidentally removes something that should stay (registry key, setting, etc.)

Well I am the Resident Norton flamer here...and whatever we do let's not start this up again...we have some highly emotional Norton lovers here really don't get it, and we aren't ever going to convert them...

No prob.

Since taking in all the opinions expressed in this thread, I think I'll slightly alter my tactics.

For XP: I'll use installed Ewido and Nod32.
For Win98: I'll use Spybot and Nod.

I think the guys from *** know how much I despise Norton. If it's installed, I explain to the customer why I don't recommend it and then I remove it with their consent.

Oh Oh...I saw that Pete recommends norton on his site, so I'm sure he's gonna' have some comments about this!!
:pop2:

Ok Ok, now that you put it that way, I'll have to comment. ;)

Actualy, I'm not a HUGE fan of Norton AV, but certain customers will only be
satified using a highly advertised and widely accepted & familiar product that
they can buy at a local retail store. According to the experts who soley exist
to rate AV products, Norton AV is rated very well, so I have to assume these
same customers are aware of that. I prefer not to bash Norton AV's malware
detection abilities based upon my personal experiences becasue it's just too
small a sampling and too uncontrolled for proper evaluation.

Instead, I warn people up front that NAV can be very problematic to install,
uninstall, or even keep updated, but if it goes in smoothly it will do a good
job if they have a relatively new PC with plenty of power & memory.

At the same time, I usually present people with other options such as
NOD32, but many people can't wrap their mind around the user interface
of NOD32 and the feel more comfortable using NAV instead.

More recenty, I'm pushing more for NOD32 over any other AV product
and I'm waiting to see how people do with it. However, my fear with
NOD32 is that it's basically an unknown product to the masses and the UI
is intimidating and confusing in comparison to other most other AV products.
No AV product is immune to operator error so even NOD32 cannot stop all
malware and when that occurs the customer will naturally blame this
realtively unknown and weirdly named NOD32 product and the person who
recommended it. This is why I feel a need to recommend at least one
widely known AV product in my article that also promotes NOD32.

What is the Best Anti-Virus Program?
April 2006, by High Tech Handyman
http://www.htworkshop.com/freeinfo_best_antivirus.htm

---pete---

Pete,
The best way to handle Nod32 is to accept it is the best most seamless antivirus program, and that the gui really isn't important because for the average user, there is no reason to enter it. I never do. the default settings are where everyone should be using it for optimum performance so it it had no interface, it really wouodn't matter at all. I am tired of hearing people (not necessarily you) beat up the interface on this product when I don't see why it is so bad, and even if I didn't, there is no reason to ever look at the interface anyway.

Pete,
The best way to handle Nod32 is to accept it is the best most seamless antivirus program, and that the gui really isn't important because for the average user, there is no reason to enter it. I never do.


That's what I'm banking on. I'll let you know how it goes after
I talk to my novice type customers who I switched off of
NAV and onto NOD32.

I am tired of hearing people (not necessarily you) beat up the interface on this product when I don't see why it is so bad, and even if I didn't, there is no reason to ever look at the interface anyway.

Rich, don't take it so personally. :)
I think you've just been using it so long that you can't see
why is so intimidating and confusing. If you really want to know
what people are talking about, install it for a novice or intermediate
type customer, and put them at the controls. Tell them to do a manual
scan and watch them struggle.

I found that that I need to provide one on one instruction to
put people at ease with NOD32.

---pete---

Statement:

"If one disables a malware program from msconfig's Startup, malware scanners may have a tough time finding it."

I disagree, but I'm not going to post the reasons just yet.

Comments?

I think a scanner should recognize a malware progran whether or not it's running. Don't they look for the executable name? What difference would it be if it's running or not? I typically do scans in Safe Mode and the scanner better find 'em.
-td

Rich, don't take it so personally. :)
I think you've just been using it so long that you can't see
why is so intimidating and confusing. If you really want to know
what people are talking about, install it for a novice or intermediate
type customer, and put them at the controls. Tell them to do a manual
scan and watch them struggle.

I found that that I need to provide one on one instruction to
put people at ease with NOD32.

---pete


Pete I have used it about 7 times for real novice users in the last year and never explained it to them and never gotten a phone call. I guess it's because I don't see a problem therefore they do not. And I didn't take it personally, though I guess it sounded like it.

Pete I have used it about 7 times for real novice users in the last year and never explained it to them and never gotten a phone call. I guess it's because I don't see a problem therefore they do not. And I didn't take it personally, though I guess it sounded like it.

Rich, I go over NOD32 quickly with a new user. First I explain that
NOD means No Overhead Demanded and compare it to Norton which
demands so much in overhead. That should make them more comfortable
with the odd name and hopefully leave a good first impression.

Next I point out those weird designations of IMON, EMON, etc., and
tell them to just focus their attention to the right window panel to
determine what's going on.

I basically show them how to execute a manual scan and how to
edit the sceduled scan which I set for once per week at a time
their PC is likely to be turned on.

I tell them it just works, and stays out of their way.
If it finds a virus it will pop up and give them some
options to clean or delete the virus.

That's all, no need to go into more detail than that.

Most people would not call me call to voice an optiion
so after a while I'll contact a few of my NOD32 converts
and see if they have any questions or feedback.

One of my recent customers had just purchased and installed
Norton 2006 and I talked him into NOD32 and trying to return
Norton 2006 to Best Buys. Well, Best Buys has since, refused
to refund him so he's using NOD32 for the 30 day trial period
and then he'll decide whether to continue with NOD32 or switch
back to Norton. It will be interesting to see what he does and
what the long term results are.

I'll keep you posted.

---pete---

Statement:

"If one disables a malware program from msconfig's Startup, malware scanners may have a tough time finding it."

I disagree, but I'm not going to post the reasons just yet.

Comments?

I quoted myself! Hee Hee Hee :) (See Lina...I am square!)

I fail to see any reason why a malware scanner would have a tough time finding malware that has been disabled through msconfig. Malware signatures are compared to each file, so it doesn't matter if the file is in use or not. Although a log such as HijackThis may not show it as a running process. Not that this matters though, as the scanners will find it.

Furthermore, I would rather have it disabled as malware is easier to remove when it's files are not active. Which is one of the reasons scans are more efficient in safe mode.

Which is one of the reasons scans are more efficient in safe mode.
That's true. I found that out (the hard way) a few years ago (before I got into computers).

The only thing about unchecking startup items is for people who only do the "quick" scans and scan startup, parts of the registry, and %systemroot%/System32. It might not catch it, but you shouldn't do those scans if you suspect anything whatsoever. It might also be harder to catch through HJT like you said (another reason why one shouldn't solely depend on it).

Greetings.

I've got a customers computer here in my shop that I'm going to run some malware tests on (it's filled with malware). I'll scan with Ad-Aware, Spybot, Ewido, Trend, and Nod32. I'll post back with the scan results.

BTW- Trend has both an online virus scan as well as an online spyware scan...but I think they both use the same signatures. Anyone know for sure?

Greetings.

I've got a customers computer here in my shop that I'm going to run some malware tests on (it's filled with malware). I'll scan with Ad-Aware, Spybot, Ewido, Trend, and Nod32. I'll post back with the scan results.

BTW- Trend has both an online virus scan as well as an online spyware scan...but I think they both use the same signatures. Anyone know for sure?

Seth,
I believe you are right in that...

Greetings.

I've got a customers computer here in my shop that I'm going to run some malware tests on (it's filled with malware). I'll scan with Ad-Aware, Spybot, Ewido, Trend, and Nod32. I'll post back with the scan results.

Nevermind. The system is just too infected to run tests on. I'm running a recovery now. It's a Compaq Presario S5200NX. I like the recovery options, as you have the choice between a repair and full recovery (format).

I love these Compaq's. Whisper quite and easy to work on.

Bonus Round!...the customer didn't even need anything backed up! Woo Hoo! Start the recovery and walk away.

Nevermind. The system is just too infected to run tests on. I'm running a recovery now. It's a Compaq Presario S5200NX. I like the recovery options, as you have the choice between a repair and full recovery (format).

I love these Compaq's. Whisper quite and easy to work on.

Bonus Round!...the customer didn't even need anything backed up! Woo Hoo! Start the recovery and walk away.

I always find it fascinating someone could spend $2000 on a pc and keep it for 4-5 years, crap it up with spyware and virus till it won't move at all, then call for help. You try as hard as you can to save their system, but when you realize you can't, they don't even care and tell you there is nothing they care about saving. How can you work on a pc that long and have nothing of any value on it?

I always find it fascinating someone could spend $2000 on a pc and keep it for 4-5 years, crap it up with spyware and virus till it won't move at all, then call for help. You try as hard as you can to save their system, but when you realize you can't, they don't even care and tell you there is nothing they care about saving. How can you work on a pc that long and have nothing of any value on it?

The funny thing is, the customer only uses the computer for some internet browsing and email. Reminds me of a Simpsons episode where Homer buys a computer.

Homer: "I'd like to buy a computer".
Salesperson: "Ok, what are you going to use the computer for?"
Homer: "Ya' know, email and internet".
Salesperson: "Oh...You'll need a top of the line model for that".

The funny thing is, the customer only uses the computer for some internet browsing and email. Reminds me of a Simpsons episode where Homer buys a computer.

Homer: "I'd like to buy a computer".
Salesperson: "Ok, what are you going to use the computer for?"
Homer: "Ya' know, email and internet".
Salesperson: "Oh...You'll need a top of the line model for that".

Just call me Homer! (Email, internet, Dell Dimension 4550).

Lina

I always find it fascinating someone could spend $2000 on a pc and keep it for 4-5 years, crap it up with spyware and virus till it won't move at all, then call for help. You try as hard as you can to save their system, but when you realize you can't, they don't even care and tell you there is nothing they care about saving. How can you work on a pc that long and have nothing of any value on it?

Rich,
I find that situation often where people create no data. I've even seen it
where business PCs had no valuable data. They would use the wordprocessor like a typewriter and just print what they created and not even save the
documents. Sometimes, these people don't know how to use the computer
effectively and sometimes they just browse the internet and use web-based
email. They never create any data that's worth saving.

I know the "Internet Appliance" concept died but I think there truely
is a market for a dumbed down PC/OS for certain kinds of people that
don't require all the complexity of a Windows based system. My
dad is 84 and a good example of someone who'd need a real simple
system. Unfortunately he couldn't get the hang of Windows and ended
up giving away his PC. Imagine his confusion when he had to follow
3 or 4 paragraphs of instructions on how to shut off the computer;
an instruction set that begins with the START button.

---pete---

Actually Pete, I think there is such a system for your dad and it's called an Imac. Personally I find Mac so confusing because it is too easy to use once you have mastered Windows.
I never work on Mac's because I just don't get the simplicity. I had a corrupted OE one time and spent hours trying to figure how to uninstall it on a Mac and finally gave up. Then a friend of mine after laughing at me told me you drag it to the trash bin and "let go"! That is just too easy.
You mean there is no Control panel Add/Remove Programs, Windows Components, uncheck, hit apply, hit OK and then reboot and this time check it hit apply, put in XP cd.......that is simply too easy for me.

Rich,
. My dad is 84 and a good example of someone who'd need a real simple
system. Unfortunately he couldn't get the hang of Windows and ended
up giving away his PC. Imagine his confusion when he had to follow
3 or 4 paragraphs of instructions on how to shut off the computer;
an instruction set that begins with the START button.

How unfortunate that your dad gave up, Pete. I can understand his frustration and surrender even though he has a computer-savvy son. You could not possibly be at his side to guide him every time he was at the computer.

It would be helpful if Windows allowed users to cut-n-paste or print error messages, explanations about why an update won't install or why a video won't play, etc! How in the heck can we old-timers and even younger newbies remember or have the time/patience to write down all that and have it available when seeking tech support?

Two of my sons helped via email and long-distance phone. There was no KH forum then. Some of the guys now here helped me via RBL's BBS. I drove everybody nuts, including myself. Stubbornness and good typing skills kept me from giving up. And I could not disappoint the son who bought me that first computer.

Lina

How unfortunate that your dad gave up, Pete. I can understand his frustration and surrender even though he has a computer-savvy son. You could not possibly be at his side to guide him every time he was at the computer.


This is off topic so, look for new thread titled... Internet Appliance Concept
---pete---

BUMP

Reason: Made some edits to my original post.

Just a quick note: you have to check for anti-malware tools that may actually block what you are trying to remove, such as MS Antispyware and temporarily disable their guards.

Just a quick note: you have to check for anti-malware tools that may actually block what you are trying to remove, such as MS Antispyware and temporarily disable their guards.

Agreed.

That's why I disable all the startup items from Msconfig. When I originally wrote the thread, I said I unchecked everything other than the security software. I said that because I was tired of hearing the paranoid cry of, "I'm not doing that!, I'll be flooded with viruses and my computer will melt or blow up Blah Blah Blah."

Thanks PI, I'll edit again to reflect this.

Seth, very nice thread. There are so many removal techniques out there, but I find myself in the middle of you and Pete ;) Anyhow, here are the steps I take:

1) Disable System Restore.
2) Run Microsoft Update; install appropriate high-priority / security updates.
3) Reboot into Safe Mode.
4) Use a drive cleaner; check \Temp and \Temporary Internet Files after.
5) If used, set Windows Firewall to NO exceptions, excluding File/Printer Sharing if the computer is on a network and not physically attached to the printer.
6) Remove unnecessary programs.
7) Disable needless msconfig entries.
8) Reboot into normal mode; run internet scans (if the system does not have high-speed internet, I use onboard scanners in Safe Mode).
9) Run HijackThis; remove appropriate items.
10) Restart Windows; use (or as put nicely, exercise) Explorer and the Internet.
11) Rerun scans.
12) Clean up msconfig startup items in the registry.
13) Turn System Restore on and create a new restore point. Shut down and restart.

I'm thinking about using Pete's method of running HijackThis and saving the log file as a reference in the future, which I would do before re-enabling System Restore. Thanks for sharing your methods! Input on mine is appreciated.

Regards!

You're welcome rVidia :)

Thank you for your input and kind words. This site has many members that own a computer repair business, so it's a great place to get help or share ideas.

The only issue I have with your list is this one:

2) Run Microsoft Update; install appropriate high-priority / security updates.

I would never attempt an operating system update on an infected system. Most updates should be ok, but I think this should be the last step.

Once again, I appreciate your input and welcome to KH!

Seth, very nice thread. There are so many removal techniques out there, but I find myself in the middle of you and Pete ;) Anyhow, here are the steps I take:

1) Disable System Restore.
2) Run Microsoft Update; install appropriate high-priority / security updates.
3) Reboot into Safe Mode.
4) Use a drive cleaner; check \Temp and \Temporary Internet Files after.
5) If used, set Windows Firewall to NO exceptions, excluding File/Printer Sharing if the computer is on a network and not physically attached to the printer.
6) Remove unnecessary programs.
7) Disable needless msconfig entries.
8) Reboot into normal mode; run internet scans (if the system does not have high-speed internet, I use onboard scanners in Safe Mode).
9) Run HijackThis; remove appropriate items.
10) Restart Windows; use (or as put nicely, exercise) Explorer and the Internet.
11) Rerun scans.
12) Clean up msconfig startup items in the registry.
13) Turn System Restore on and create a new restore point. Shut down and restart.

I'm thinking about using Pete's method of running HijackThis and saving the log file as a reference in the future, which I would do before re-enabling System Restore. Thanks for sharing your methods! Input on mine is appreciated.

Regards! Hey welcome aboard rVidia and I agree with everything you do except the reference to hijackthis which I reserve for problems not resolved by online scans only...I think it is a much overused "crutch" for the community at large.
I am sure you will enjoy the speed of response at site as well as the surprising number of people with different expertise here to help with many different situations.

:welcome: rVidia! Glad to have you aboard. .... :)

Your suggestions and comments about this relatively new board are encouraged and will be appreciated. Please post them in the Feedback forum. Smokey (our administrator) and our Super Moderators will give them their immediate attention. Thanks!

We invite you to also join us in our KH Computer Help Desk Paltalk chatroom each Wednesday night, from 9 pm until whenever. Here's how to get there:

www.paltalk.com *
Chatrooms
Rooms
Computers & Technology
Computer Help & Advice
KH Computer Help Desk

* you need to download Paltalk messenger 8.3 software first if you don't already have Paltalk on your system.

In the chatroom you can find or give one-on-one, hands-on help for computer problems, teach or learn about new developments in computers and software. Computer subjects get first priority. If there is a lull, then humor, finance, and whatever can be discussed intermittently. We try not to talk about politics or religion .... there's enough disagreement about antivirus scanners. LOL

For more information about the KH Computer Help Desk Paltalk Chatroom, see: http://www.kickenhardware.net/forum/calendar.php?do=getinfo&day=2006-6-14&e=1&c=1

Hope you'll visit us there, too.

Lina

:welcome:

I would probably disable System Restore or clear the restore points at the end (or before running final scans): sometimes people make mistakes and mess something up when removing malware and it is necessary to use it to restore.

:welcome:

I would probably disable System Restore or clear the restore points at the end (or before running final scans): sometimes people make mistakes and mess something up when removing malware and it is necessary to use it to restore.

PI that's a good point too.

Thanks for all the welcomes. The responses really are quick here!

Anyway, I appreciate everyone's suggestions. Based on them, I've jotted down a few things and will use this approach in the future:

1) If not already on, enable Sys Restore and reboot into Safe Mode (thanks Pi, very good point)
2) Use a drive cleaner; check \Temp and \Temporary Internet Files after.
3) If used, set Windows Firewall to NO exceptions, excluding File/Printer Sharing if the computer is on a network and not physically attached to the printer.
4) Remove unnecessary programs.
5) Disable needless msconfig entries.
6) Reboot into normal mode; run internet scans (if the system does not have high-speed internet, I use onboard scanners in Safe Mode).
7) Run HijackThis; remove appropriate items.
8) Shut off Sys Restore and restart Windows; use (or as put nicely, exercise) Explorer and the Internet.
9) Rerun scans.
10) Clean up msconfig startup items in the registry.
11) Now run MS Update (thanks, Seth) - install appropriate high-priority / security updates.
12) Restart.
13) Save HijackThis log file as a reference (thanks, Pete)
14) Turn System Restore on; create a new restore point.

Feel free to point out every problem you find ;)

mylanta: Thanks for your input. You said regarding HijackThis - "which I reserve for problems not resolved by online scans only..." Could you elaborate on this? I would appreciate it.

Hopefully I didn't overdo the 'thanks, appreciate' :)

I only meant I never use hijackthis unless eWido and Bit Defender online scans fail to remove all the problems, it isn't a part of what I do generally, and isn't necessary.
I think in general security forums overplay the usefullness of this program and throw it at every new user on forums, before making any attempt to determine id it is even a necessary step in cleaning the pc.