The aim is to show you how to save a computer infected with viruses, spyware, Trojans, etc. so that you can properly use it and then tune it up to boost up performance.
This presentation is rather to introduce you to theory and concepts, there will be no demonstration. The reason is that the exact tools that you will use will most likely change every couple of months. That is, the pieces of software that you may use today to clean up an infected computer may not be the same as that you will use in future. That is, if I am to give you a whole bunch of presentations, they are going to be obsolete next month, so this presentation will need to be redone.
The main thing to learn now is how to plan a cleanup of affected computer, a thought processes. It is not about the tools to use, it is about a thought process of planning.
The first thing is that you need to think over a situation you are actually in before proceeding to cleaning an infected computer. If you are a consultant, if you are running in the world with your little toolbar, and you bill hourly, the suggestion is that you NEVER clean viruses on an infected computer (if you are an IT consultant).
So, if you run out with a toolbag, and you bill hourly, and they have a virus, just do Wipe-and-Reload. The reason is that nowadays it is very hard to get rid of the viruses and guarantee that you have completely gotten rid of a virus.
As and IT consultant, I see that people do not feel bad about giving me 200 dollars to get rid of a virus, but they really do not like to call you next week and ask how to eliminate another piece of malware or virus. If they pay you 200 bucks, they want the problem solved, if it is not, that is going to be horrible. As you try to remove spyware and viruses remember that people who have created this are on the level of programming, engineering skills that enable them to create QuickBooks and Windows OS. They are very good at programming.
You can do a lot, you can do two days of work on the computer, and the virus is going to hide itself and come back later. So, if you are going to clean viruses on your personal computer or on the computers of the network you manage, that can be worthwhile, because you have the time to work on these computers; if it takes two or three days, it may not be a bad thing.
If you are an employee, if you are an IT person in a company, you work 40 hours a week and get paid for forty hours a week regardless, it may be reasonable to try to clean viruses for you; or if you have a system and for whatever reason you do not have operating system, or you do not have OS setting, software settings anymore, etc., you simply cannot do Wipe-and-Reload, then you can try to clean the infection out.
What is to be noted, again, is that you should all be consultants billing 50 to 100 bucks hourly. If you do that and your client has a virus, just do Wipe-and-Reload. When you do this, you ensure the PC will be fixed when you leave.
With these viruses, there are many hackers amazing in what they do. Unfortunately, what they do is they create viruses. That is, from my experience, we are running a shop and having 1800 work orders per year. When my employees try to be nice and get viruses out, we do a lot of work and viruses are going to come back after a week; more work – and then they are going to come back after a week, again. At the end, you have a client returning for the same issue four or five times, and you are just super, super pissed off about that.
As stated above, this presentation is about the theory and concepts. One of the things that you want to do as a professional is you want to come up with your own checklist for how you are going to clean infection out of the computer. Please remember that we are doing engineering here. When you do things like clean-ups, tune-ups, it is better to come up with a checklist, so you know all the steps you will take while cleaning up a computer. So you can say that the first thing I am to do is system cleaning, cleaning temporary files, then I am going to do this, etc. That is, you have a nice little checklist.
Again, these viruses could be really a pain in the butt. If you forget what you have done first, you may need to redo your steps and that will take you a long time.
Another thing to consider when opting between Wipe-and-Reload and cleaning viruses is that, even if you are a 40 hours employee and have all time in the world to do a cleanup, there are some things that are just impossible to get rid of, these rootkits, viruses. You really need to be a software engineer to be able to rip every little piece of the virus out of your computer.
Even if you are an employee in corporate world, you cannot say when you are going to kill this thing, one day, two days, a week, five weeks… You are an employee, you are going to get paid anyway. But nobody can tell you how long that will take. But you should have an idea in your head: if you do not have this computer cleaned up in 3 days, you will do Wipe-and-Reload regardless.
As we are going to consider steps and talking about uninstalling software, installing antimalware, antivirus software etc., one of the problems you have as you boot up your computer is that, if you normally boot it up, it may be so overloaded with crap so that you cannot really do anything with it. So many processes start up that the computer comes to a grinding halt.
One way that you can try to interact with a computer, if it is bogged with spyware and viruses, is to use something called Safe Mode. Safe Mode has been around since Windows NT, so it has been around for fifteen years. Basically it boots up an OS with absolute minimum number of services. It does not have startup items, a lot of stuff. It just boots computer with just enough to give you nice little GUI so you can do stuff.
How you get into Safe Mode is after you turn on your PC, BIOS screen bleeps off, you hit F8. That is, between BIOS screen and Windows logo, you start hitting F8, just keep tapping on it. You do that and you get a menu that says Safe Mode or Safe Mode with Networking, and depending on Windows you use there might be ten other options.
This presentation only considers Safe Mode. As you press it, this gives you two options, whether you want to go to System Restore or to Safe Mode. You choose Safe Mode and boot with minimum amount of resources so that you may do things. In this mode, you may be unable to delete files, rename folders, uninstall software etc.
Another tool that you can use is when you boot in Safe Mode you go to Start, Run, and then you type in the Command line MSConfig. This brings up a tool that allows you to say what services, drivers etc. you want to get started when the computer gets started normally.
So, there are some things you can do in Safe Mode, sometimes you can uninstall software, install software, so if you type in MSConfig you can disable all these startup items, programs that start up when the computer starts. You reboot the computer, go to normal mode and then sometimes you have a chance, as it would not load so many pieces of software, so you may be able to begin your work on the computer.
That is, a basic suggestion is that you do not do any of this cleanup as long as you are consultant, it is too academic. Cleanup of an infected Windows PC makes sense only if you are an employee or you clean your own PC, so that you have your employee’s time or your own time to waste.
If time is free for you, then clean an infected Windows PC; if time is valuable, just do a Wipe-and-Reload.
And again, make sure you come up with a checklist, what tools you are going to be using etc., and, as I have explained with all the stuff, data recovery, fixing computers etc.
No way to say when, even if you work 40 hours a week and have plenty of time, you just do not know how long it would take – 1, 2 days, a week, 5 weeks etc. It is not that I am going to tell you how long you are going to clean the viruses, but make sure you have it in your mind that you need to fix it no later than [given time], otherwise you just give up. The point is that some viruses are so nasty and evil that you absolutely never will be able to get rid of these. So, again, this is about cleaning an infected Windows OS, the next section will dive us into it.