Is there *any* decent way to remove viruses and spyware from massively infected PCs?

[gss03]

Blitz it and start again.
Quickest and simplest solution for all usually :-)

[Phil_P]

Is there any, any decent way to absolutely thoroughly remove viruses from an infected machine these days? Virus prevention is easy enough, but I'm finding it increasingly difficult to remove viruses and spyware from PCs. I can't afford to be buying individual pieces of software to run on each PC, and I've considered running the HDDs with the infected files through a USB enclosure plugged into a PC with AV and Anti-spyware software on there, but can't help thinking that's a fruitless excercise. Is it?

Even though I've been doing this job for years and years, I'm struggling to find a successful way to sort these bloody problems out and can't help but think i'm missing something. It sounds a bit embarassing coming from someone whose job it is to fix PCs, but I'm throwing myself at your feet here!

As I can't spend hours and hours and hours on each PC trying to get this sorted, is there a way to hammer out the little buggers, or is it a case of just giving up and reinstalling Windows from scratch, like we end up doing most of the time?

Simple answer - no, there's no easy by the numbers way to 100% remove all infections from a badly infected PC, and the situation is only getting worse.

Accept defeat now and look to other solutions to help you do your job more efficiently...

The first time you do a format/reinstall, set up each PC so that user data is on a separate partition and image the drive with something like Norton Ghost when the install is complete. Then, if/when you see that machine again down the line it's a 15 minute job to restore from image and if user data is on a separate partition you won't even need to worry about lots of user data to backup and restore. It's a lot more efficient than attempting to clean a badly infected PC or reinstalling from scratch.

To stand a fighting chance of cleaning a badly infected PC you'll need detailed knowledge of each individual infection and manual procedures for removing it. Mounting the infected HD in a clean system is almost a must to bypass a lot of the protections (rootkits, ADS streams, illegal filenames etc) that many modern malware use. Then there are certain polymorphic infections such as Sality/Virut etc that append their code into all running processes making it almost impossible to clean - it's going to take a very determined person to rebuild that system without reformatting.

[badass]

In my experience, I will only ever bother trying to use an antivirus program to disinfect a PC and maybe ad aware aswell. If those cant remove it, its format time. You can spend hours cleaning the system and 2 weeks later its just as bad as it was before.
Mind you, I have setup WDS at work so a reformat/reinstall is actually a 5 minute job for me (and appx 1 hour wait for the user)

[Mike Fishcake]

Glad that everyone's pretty much agreed with me. What do these places that do "PC Health Checks" actually do? I can't see somewhere like PC World spending hours and hours trying to remove all different kinds of malware with the chance it's going to happen again sometime soon.

[iranu]

Glad that everyone's pretty much agreed with me. What do these places that do "PC Health Checks" actually do? I can't see somewhere like PC World spending hours and hours trying to remove all different kinds of malware with the chance it's going to happen again sometime soon.

I reckon in PCW they will spend x amount of time trying to rectify the situation then after that time give up and phone the customer. Charge them for the time x, then reinstall. After that they point them in the direction of the shelf containing Norton Antivirus.

[RedStone]

I usually reach for the DBAN.


Failing that, it's the usual time-consuming process of going through Spybot, Ad-aware, Avira Antivir, with Sysinternal's Process Explorer and Autoruns.

Latest addition to the toolkit is Xblock's Xclean Micro utility. Small, quick and free. Google for it.