Is there *any* decent way to remove viruses and spyware from massively infected PCs?

[Mike Fishcake]

I'm getting really, really frustrated with viruses and spyware. I've come across several PCs now that I've done the following on:

- Installed AVG, ran it, deleted viruses, uninstalled it
- Installed AntiVir, ran it, deleted viruses, uninstalled it
- Installed AVG anti-spyware, ran it
- Installed Spybot S&D, ran it
- Installed Ad-aware 2007, ran it

In the last case, the user had Norton installed, but that's worse than useless.

THEN booted from Ultimate Boot CD for windows, which means that no viruses should be resident in memory and...

- Ran AVG
- Ran AntiVir (with manually updated definitions)
- Ran Spybot S&D

And after ALL THAT, they've STILL been infected, coming up with popups and other spyware/virus like symptoms.

Is there any, any decent way to absolutely thoroughly remove viruses from an infected machine these days? Virus prevention is easy enough, but I'm finding it increasingly difficult to remove viruses and spyware from PCs. I can't afford to be buying individual pieces of software to run on each PC, and I've considered running the HDDs with the infected files through a USB enclosure plugged into a PC with AV and Anti-spyware software on there, but can't help thinking that's a fruitless excercise. Is it?

Even though I've been doing this job for years and years, I'm struggling to find a successful way to sort these bloody problems out and can't help but think i'm missing something. It sounds a bit embarassing coming from someone whose job it is to fix PCs, but I'm throwing myself at your feet here!

As I can't spend hours and hours and hours on each PC trying to get this sorted, is there a way to hammer out the little buggers, or is it a case of just giving up and reinstalling Windows from scratch, like we end up doing most of the time?

(anybody telling me to use MacOS or Linux doesn't get the point, and will be beaten with a stick )

[Mike Fishcake]

Also tried running the AV programs in safe mode, tried running them after disabling all the startup items in MSconfig etc... still often ends up not much better.

[aidanjt]

Format.. reinstall.. lock down permissions... don't install shareware/p0rnware/dodgy freeware. Some worms might still creep in through badly designed core services or whatnot. For a true piece of mind, you need an OS that doesn't have the virus feature built in.

[Fraz]

I hardly ever experience the problem of viruses on my windows machines, but I think the best solution is just regular backups. I take a regular image of my OS partition, and just do normal-style backups of my documents drive. Then, if anything goes wrong, I just push a clean image back onto the PC.

I'm not really sure what your job is, so this solution may or may not apply to you... do you get PCs brought in from random idiots to fix? If so, then this really isn't applicable...

[killie99]

Take the drive out of the infected machine and install it as a slave in another machine and then run AVG/Spybot/adaware

[aidanjt]

That's no use for mass infestation. They clobber Windows in ways you can't imagine. The only way to completely eradicate them and restore system sanity is a reinstall of the Operating System.

[stytagm]

To quote the Simpsons:
Homer: Is there anything you can prescribe, doctor?
Hibbert: Fire -- and lots of it!

[Mike Fishcake]

A small part of my job is to fix PCs that already have viruses on them. I can advise people on how to prevent it, (using examples that aidanjt specified) but really I need to know if anyone has actually come across a sensible and effective way to remove viruses and spyware without a complete re-install of the OS.

Here's a question; it it viable these days to provide a "Virus and Spyware Removal Service" or should techies just bite the bullet and provide a "File backup and re-install service"?

[godsdog]

There is no fix all solution for it. You just have to have a well equipped and diverse toolbox which include HijackThis / Revealers / Process explorers + the products you mentioned + plus a shed load more.

Here's a question; it it viable these days to provide a "Virus and Spyware Removal Service" or should techies just bite the bullet and provide a "File backup and re-install service"?

You should be able to accomodate both depending on what circumstances you are presented with, I guess would be an answer.

[Colossous]

We have similar problems to you Mr Fishcake in the shop i work in part time ! We've tried removing hdd's and running them through the shop server using Nod 32 with varying amounts of success, theres a tool you can download (allthough last time i looked there appeared to be a daunting array of different ones !) called the Smitfraud removal tool which works sometimes but by and large the bad ones seem to self replicate when you restart the pc so we resorted to nuke and re-installing most of the time too !! Sorry if this is'nt much help !!

[Mike Fishcake]

There is no fix all solution for it. You just have to have a well equipped and diverse toolbox which include HijackThis / Revealers / Process explorers + the products you mentioned + plus a shed load more.

Yeah; I've no doubt it's *possible* to do it, but it depends on the amount of time it takes. If it's the sort of things that's going to take several hours then not many people are going to want to pay the cost of several hour's labour when they could just pay 1-2 hours for a backup/reinstallation/AVG install/Windows update depending on how much stuff they need doing.

You should be able to accomodate both depending on what circumstances you are presented with, I guess would be an answer.

Good point. What we need to define though I suppose is how long we spend attempting to fix it before we say "oh sod it" and recommend a reinstall.

[mycarsavw]

I presume you've uninstalled all the cack in Add/Remove Progs like SearchAssistant etc

[Mike Fishcake]

Yep - any dodgy programs that leave nonsense in there all uninstalled...

[roddines]

Here is my take Mike. The answer is basically there is nothing to easilly solve your immeidtae problem/issues beyond what you already do. As most people say the best approach is a fresh install.

Prevention or planned avoidance is the best option....

Since the majority sources of PC problems today are bots, spyware and malware most of the time coming from drive by Browser vulnerabilities (and no longer from viruses per se). Running a modern secure browser like IE7 or Firefox 2 helps a lot. The best option is to run it in a virtual PC environment so it can be rolled back every time you use it and then the operating system is not altered either. The other source of problems are "FREE" software and likewise "Hacked" illegal versions of real software.

The best solution these days is to setup PC's with a rugged operating system. These are Windows XP x64 and Vista x64 (and I guess OSX). When you run these on a new Quad Core Q6600 with 4Gb of RAM (both of which are affordable now) you can afford to setup a few virutal PC's with UNDO disks that allow you to have rampant sessions of unbridled web browsering or experimenting with the latest "FREE" software etc. Then when you have problems or just want to start over you can just undo the virtual PC system. Or alternatively go back to the host PC operating system and copy the virtual PC file so you can try new things on several versions of it.

This way if your disciplined and run AV/Spyware on the host while avoiding installing any "free" or hacked software and web browsing altogether on it you will always have the host as a safe haven to get your main business done.

I personally would always run my key systems, email and Office in another completely seperate virtual PC session that way you can easilly undo problems in there too. Plus I can migrate it form PC to PC should I have any problems with the Host.

Unfortunately due to all these "technical" issues along with understanding the sources and problem symptoms the realm of safely managing a PC basically comes down to the expert hobbyist level and professional level or higher.

Which leaves a lot of people with problems the rest of us (like you) have to constantly fix.

Here is a hardware based option that might be useful and I'd be interested to know if anyone reading has used these before:
Sorry I cant paste urls yet :-( Instead search google for "E-Soft Virus Protection Card"

The best solution to most families problems is to NEVER let your kids use your trusted PC always get them something else. Or you could just shoot them or not have them in the first place. But then were would we all be ;-).

Ultimately I think we are baiscally going to see a bigger adoption of home networks with files servers (or at least network storage) and maybe some home or internet based backup system. This way we can more easilly seperate data from the "its always gonna hapen eventually" problematic PC. Alongside this will be the ability to somehow easilly rebuild a PC operating system to a recovery point.

Essentially a small business network in every home. How great is that for the environemnt and gloabl warming. Bloody hackers and spammers have a lot to answer for!

[Mike Fishcake]

My main reason for asking the original question was whether anyone else has this problem when trying to remove malware. Malware prevention is a piece o' cake. But we very rarely get people coming in saying "I want to make sure my computer is safe so it doesn't get any viruses"

Anyway, hi Roddines, thanks for your contribution!

Unfortunately due to all these "technical" issues along with understanding the sources and problem symptoms the realm of safely managing a PC basically comes down to the expert hobbyist level and professional level or higher.

Who, ironically aren't the type of people that install every single free application under the sun

Here is a hardware based option that might be useful and I'd be interested to know if anyone reading has used these before:
Sorry I cant paste urls yet :-( Instead search google for "E-Soft Virus Protection Card"

An interesting idea; not one I've used before but I'm a bit cynical over how that's going to be effective really.

Prevention advice isn't a problem. I give that out all the time, and most of the time (although certainly not all the time) once someone's had a virus and has had to shell out their own money to fix it they're usually willing to accept and follow advice on how to stop it happening again, but the thing is, we're never, ever going to be without people that have viruses on their machine - people will always find a way to infect their computers with nonsense, despite what you tell them. It's like despite all the laws in place and the safety devices in cars, people still drive recklessly and crash their cars!

Anyway, I don't want people to look after their PCs *too* much otherwise I may be out of a job

[fuddam]

am assuming you run all those anti malware progs with system restore turned off?
also, running some sort of reg cleaner after running antimalware progs?
and those rootkit removal kits?

just throwing balls you prob juggle in your sleep