It came up in a discussion on Facebook yesterday and it’s the majority of my tech support business — viruses and spyware. People, even ones who know what they’re doing, keep getting them on their computers. There’s such a large variety of infection vectors that it’s not even something you can (realistically) blame someone for. From email trickery to hacked up PDF files and even “drive by infections” from malformed Web page images, it’s just plain simple to get them.
So, I’m going to tell you the 4 steps I use on an almost daily basis to remove viruses and remove spyware for my home and small office / city government customers.
- Check out their current antivirus program. If they have one installed, run it’s update function to make sure it’s got the latest definition files. If they don’t have one, I download Avast and install it. All my home PCs (and all my friends out this way) use it too. It’s just plain good. Anyway, once it’s installed I schedule a boot time scan. Then it’s time to reboot the computer and let Avast scan through everything.
- If the antivirus scan didn’t find anything, I then download Spybot Search & Destroy. After installing it (or making sure it’s been updated if they already have it installed), I run “immunize”. Once that’s finished, run a scan. Fix any problems it finds.
- On the off chance that we’re still experiencing any spyware symptoms, it’s time to grab Malwarebytes’ Anti-Malware. Install it, update it, and run it’s scan. Once the scan is finished, have it fix the problems that it found.
- If we’ve reached this point (which so far has been very rare), I try to do a system restore to just before the customer began noticing the problem. I do this step last because sometimes there isn’t a restore point to use (some virii and spyware remove the restore points to prevent you from doing this cleanup, other times the user has turned off system restore for performance concerns). Also, some of my customers are frequently installing programs and having to re-install things after a roll back can get annoying. In any case, this usually squashes any issues that snuck by the first 3 steps. It just causes a bit too much collateral damage for my tastes (settings changes, software installs) that I don’t like it doing it as a first step.
There you have it — the 4 steps of my mental checklist to remove virus and/or remove spyware from an infected computers. I’ve yet to run across any malware that makes it all the way past these steps so I haven’t had a need to come up with a Step 5. Although, I guess if I had to, it’d probably just be “repair/reinstall Windows”.
However, that option wipes out a lot of settings changes and customizations which is why I would be hesitant to suggest it for anything but the most dire of circumstances.
What do you do to clean up an infected PC?