|
 |
 |
|
|
| Saskatchewan Regional Management Organization |
May 18, 2012 |
|
|
Cleaning Computer Tutorial
Procedure
Specific For Virus Removal AND SPYWARE • System Restore will be turned off on all virus infected computers, however, on system configurations, new motherboards or hardware installs, system restore can be helpful during the installation of questionable drivers. If WIN XP – Disable system restore. This is located in Settings ? Control Panel ? System ? System Restore [DISABLE SYSTEM MONITORING] Reason: Several virus variants will create .cab or archived files of themselves, and these will be backed up along with all other system files integral to system restore. If a user restores their system with these infected backups, the viruses will be brought back. Also, some virus detecting programs will constantly alert the user to the virus's existence, even though, as an archived file it poses a minor threat. • If an outdated Norton or McCaffee exists it should be removed. Past subscription dates, both programs are useless. Install AVG 7.0, a copy of which can be found at www.grisoft.com or on the Desktop of the Technician computer under “Restore Anti-Virus”. AVG as an anti-virus program should be installed and updated. www.trendmicro.com provides online virus detection and removal and should be used also. Certain viruses and variants will be difficult to remove, these will often have specific removal tools which may be downloaded at www.grisoft.com or www.symantec.com , which also has an online detection application. • IF KAZAA EXISTS… www.spywareinfo.com/~merijn/downloads.html Merijin.org is a site with various helpful tech tools including Hijack This. On the site is a tool called KazaaBeGone, which will remove all traces of kazaa as well as the spyware installed by kazaa. Music, Images and file of kazaa will be backed up to the desktop, into a folder named specifically for back up. • MSCONFIG should be used to disable any start up processes that are known to be malicious (viruses and spyware will sometimes appear here, such as GMT.exe. IF a process is unknown use http://www.liutilities.com/products/wintaskspro/processlibrary/ to determine the process risk for infection. WIN Task manager will also display running processes; the amount of running process should be between 20-40 at a maximum, though 30 is appropriate. • HIJACK THIS… shows running processes/Registry keys that are accessing the internet. Use excellent judgement and research the keys or applications to make correct decisions, or back up any registry keys that are removed. Remove Hijack This before giving back to the customer. • IF the computer is still showing problems that neither AVG, TREND, or, ADAWARE find, then run Bazooka Spyware Scanner, Startup List (Merijin.org), Spybot S&D. • BAZOOKA SPYWARE SCANNER – This will tell you if any specific instances of spyware are on the computer. The definitions are not total and only cover a few spyware, but they are often the difficult ones to remove, and Bazooka's detections will re-direct you to their website which will have detailed directions for registry removal of the offending spyware. Remove Bazooka when returned to customer. • StartUp List (merijin.org) will tell you the running process, the wininit backups, registry checks on start up, and initial running processes. This can be used to pinpoint possible malicious programs. Remove this before returning to customer. • SPYBOT S&D – This can be used to immunize the host computer from downloading of spyware in the future. If Spybot is installed, it can be kept in for this reason. This should be used in conjunction with Adaware for best results. Both have slightly different methods of removal. • WINDOWS UPDATES • Report time, labour, and any hardware on work order. Detailed explanations are excellent.
CHECKLIST TO DO | DONE
WIN XP SYSTEM RESTORE DISABLED WIN 98 ASKMARVIN SPEED TWEAK AVG 7.0 INSTALLED (Virus Scans) LAVASOFT AD-AWARE SE INSTALLED (Spyware Scans) MSCONFIG USED [OPTIMIZE RUNNING] DRIVERS/HARDWARE WORKS HIJACK THIS AND NETSTAT –A (Check for hijackers) WINDOWS UPDATES DISK CLEANUP DEFRAGMENTATION BACK UP ANTI-VIRUS UPDATED SCANDISK WIN XP SYSTEM RESTORE ENABLE
NOTES:
TOOLS- SummaryAVG 7.0 – Freeware Anti-Virus program. Reliable. Spybot 1.3 – Anti-Spyware with built in download watcher, to stop .Downloaders from installing malicious programs. TEA TIMER- watches for new registry key additions and notifies the user. Ad-Aware 6.0 – Anti-AD, Anti-Spyware. Very reliable, and removes more than spybot. Bazooka! – Spyware Scanner (not a removal tool). Identifies, and suggests registry key removal procedure. Kephyr.com TweakNow Registry Cleaner – Finds invalid registry keys, and offers removal based on user consent. Make conscious judgements before removal. Provides a restore feature. HiJackThis - Monitors browser registry keys for page hijackers, spyware, and malicious registry entries. Excellent online community to find help. Make conscious judgements before removal. AdsSpy - Browser Hijackers use Alternative Data Streams (ADS). AdsSpy allows you to view and delete these possible intrusions. Do research first before using. Kill2Me - Removal tool for the Look2Me browser hijacker. Cwshredder - removal tool for the incredibly common CoolWebSearch hijacker. BugOff - Disables specific exploits in windows. Provides details for each exploit, and it reversible, with little possibility of long term damage. KazaaBegone - Complete Kazaa removal tool. All 3 rd party software is removed, registry keys, folders, icons. StartUpList - Provides a comprehensive start up list that MSCONFIG can not rival. Excellent tool to see what happens, what processes are being ran on startup. Magical Jellybean Keyfinder – Finds Win OS keys present and used on system. Zonealarm - Software firewall. Moderatly reliable. Suggest a hardware firewall by Linksys instead. TREND MICRO - www.trendmicro.com Online Virus Scan.
READ ANY ATTACHED DOCUMENTS AND HELP FILES IF YOU ARE UNSURE. EULA'S ARE YOUR FRIEND, BUT READ THEM ON PERSONAL TIME.
|
|||