jump to navigation

NOTE: The spam filter is being unusually aggressive. If you comment does not immediately appear, it has simply been placed in moderation and I will approve it as quickly as possible. Thank you for your patience.

"Murphy was an optimist!"

Get rid of viruses, spyware, malware and other nasties July 28, 2006 9:16 pm

Posted by Doug McCaughan in : Of Interest, Software, Technology
, trackback

One of the things I do that often helps with cash flow is cleaning PCs. That doesn’t mean dusting (although I do that) but means removing viruses, trojans, worms, spyware, malware, popups, and other things that slow down your machine and generally cause you to curse a lot. Busy Mom has found herself in a position to have to clean a machine. It usually takes me 5 hours and I charge $95 but am going to start charging $135 per machine. That is comparable price to BestBuy’s Geek Squad which gives the machine a couple of hours then declares it needing a reformat (which turns their job into a non-labor intensive automated process) removing all your photos, data, banking information, document and other things you probably have not backed up ever and will never see again. I also do not do upsales since that is not my business but I do love your referrals for web applications (web pages, business automation processes, and such).

This was my comment to BusyMom:

More and more of late I have had people ask me to clean their machines. It usually takes me 5 hours to make the machine presentable enough that I feel confident the viruses/malware/spyware and other garbage won’t return in a week.

Here are my trade secrets.
1) Go to http://www.ultimatebootcd.com/ and make a CD from the iso. (I prefer the windows version http://www.ubcd4win.com/ and often use both).
2) Make sure the bios is set to boot from the CD first.
3) Boot to the ultimate boot cd (I’ll assume you chose to use the windows version) and enable networking
4) Run all the virus scanners. When they prompt to update, do so! Not all will work. Skip the rootkit detector.
5) Run Adaware and Spybot.
6) Run EZPCFix, load the hives, delete temporary files, remove downloaded program files, update winsock/winsock2, and very important clear all pending file rename operations.
7) Reboot making sure to remove the UBCD from the cd drive.
8) Within Windows, go to http://housecall.trendmicro.com/ and start a virus scan from your browser.
9) Go to http://safer-networking.org/ and make sure you have the latest SpyBot Search N Destroy. Be wary of anything that is not SpyBot SND, Lavasoft’s Adaware, or Microsoft’s Defender (all 3 do similar things and overlap but one might catch something another missed).
10) Go to http://lavasoft.com/ and make sure you have the latest Adaware. Also get the VX2 cleaner from the addons.
11) Search google for “Microsoft antispy” and get the latest Defender (I hate this thing and often uninstall it when I’m done).
12) Get CWShredder http://www.trendmicro.com/cwshredder/ and run a scan.
13) Get HiJackThis http://www.spywareinfo.com/~merijn/downloads.html When you run it, simply google EVERYTHING that it returns and be certain you understand its purpose before removing something. When in doubt, probably best to leave it and rely on a detection and removal tool.
14) Start->Run->regedit Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and remove any suspicious items. Google and use caution. Do this also for RunOnce, RunOnceEx, RunServices, and RunServicesOnce.
15) Repeat 14 for HKEY_CURRENT_USER
16) Update the virus definitions for whatever virus software you use. Although Norton and McAfee used to be the top dogs, I no longer recommend them because they bog systems down too much with their “good intentions.” I advise people toward Grisoft’s AVG http://www.grisoft.com/ and AVAST http://avast.com/ (free). Run a full, intensive virus scan.
17) Run Windows Update and get all the latest security patches. It amazes me how many people have never run Windows Update or Microsoft Update.

I’m sure I have left some things out. Good luck!

An update was necessary after another user advised BusyMom to remove Adaware and Spybot and to reformat.

Sara’s comment “Oh and Adaware and Spy Bot add lag time as well as blocking certain sites.” is inaccurate.

There are two types of protection. Passive and Active. Active protection is a program that runs in the background all the time. Since it is running, active protection can cause performance issues. This would be akin to a doorman letting people (programs) into a night club. It would be faster if the doorman wasn’t there and just let everyone through but then you get the riff raff. Active protection checks everything as it goes.

Passive protection works only when you tell it to. With active protection you have no doorman at the club and people come and go. Perhaps some riff raff come in and vandalize a bit, steal some information, and when you start to notice the disturbances you run your passive protection. You turn off the music, make everyone stand still, and have the doorman and security sweep the place removing the riff raff.

Adaware and Spybot are passive protection. Adaware Plus (the paid version) has a wonderful piece of active protection called Ad-watch which I run all the time. Ad-watch does some blocking but mostly warns you if something is trying to make an unauthorized change to the registry.

Adaware and Spybot are not blocking applications. They do not block sites. They are scanners that look for and correct problems. They are the most valuable tools in your arsenal against malware. Ad-watch does some popup blocking but it is not a firewall and does not filter sites.

Reformatting to recover a computer is almost NEVER necessary. Sometimes it is easier and it is nice to start fresh but not required. I used to reformat and start a new every 6 months to a year but then again I had regular backups of my data.

Two other topics of consideration are virus protection and firewalls. Using our night club analogy, virus protection can also be active or passive. Software like McAfee, Norton Antivirus, AVG, and Avast are active. They reside in the computer’s memory and run all the time. They are the doormen that stick a tongue depresser into everyone’s mouth as they enter the club and make sure no sickness gets in. The online scanners at Trendmicro (http://housecall.trendmicro.com/) and Symantec (http://sarc.com/) and other are passive. They scan when you tell them to and it would be the equivalent of calling in the doctors after you notice your guests falling ill. I few Norton and McAfee as doctors that have gotten carried away and give everyone an anal exam even if they just came in for a splinter. Norton and McAfee both come with large staffs that consume a lot resources (ie. their Security Centers)

A firewall is like a guest list. That’s the big ugly bouncer who turns people away at the door. When a person tries to enter the club that isn’t on the approved list, the bouncer sends them packing. Some firewalls have VIP lists which are the programs that can run even if they appear on bad lists (this would be called your “exception” list). The firewall might trust most programs (depending on the instructions you’ve given it). These programs are called white listed. And might absolutely refuse some guests based on a blacklist typically maintained by not for profit organizations and the company from which you purchased your bouncer…er, firewall.

Btw, I see your header fine in Firefox.

And lastly:

One final tidbit, I forgot to meantion that you should go to the control panel->add/remove programs and confirm that each program is supposed to be there. There are some nasties out there that install themselves to your system and give names that sound appropriate. By searching google on each program name you will find out its purpose and may be surprised by some that should be removed.

Now you all know my secrets to cleaning a machine! Well, a lot of them.

Comments after advertisement


1. Atomictumor - July 29, 2006

We agree on a number of things. I find the Spybot/Adaware tag team takes care of a number of things. However, safe browsing has been better than any of it with regards to adware, etc. I’d imagine that most of these people who spend 100 bucks to get you to do 5 hours of work end up in the same boat within 6 months.

2. djuggler - July 29, 2006

Undeniably. And I don’t really do it to profit. Often working on someone’s machine detracts from my programming. I have had people come back 6 mths later to do it again.

As the Internet reflects the real world, we give people antibotics and medicines to cure them but if we don’t teach them about hygiene they’ll get sick again soon.

3. tim - August 1, 2006

sometimes you have to reformat – especially if you want to remove the doorman – norton internet security. if this application has been completely installed then the only way to get rid of it is to reformat – there is no uninstall option that actually will remove it.

4. finally Friday - April 4, 2008

[…] computer is still messed up. Doug posted this handy link for cleaning a computer, but I don’t have five hours to do it. Looking over the list I see […]