Tuesday
2024-03-19
11:26 AM
CATEGORIES
E-BOOKS [31]
VIDEOS [16]
TECH NEWS [86]
CLICK ON DIS(MUST WATCH)
TEST [1]
PLEASE WATCH THIS
SCIENTIST BIOGRAPHY [4]
PLEASE READ
BUISINESS DETAILS [13]
movies [0]
watch movies ol nd u can download
Curriculum Vitae Overview [7]
Interview Questions [3]
LATEST TECHNICAL IMPORTANT NEWS [27]
Block title
CHAT
BlomMe
Statistics

Total online: 1
Guests: 1
Users: 0
FOLLOWERS
Login form
Calendar
«  May 2011  »
SuMoTuWeThFrSa
1234567
891011121314
15161718192021
22232425262728
293031
$TOp It
RATE MA BLOG
Rate my BLOG
Total of answers: 71
Search
LOGIN
Block title
dictionary
POST COMMENTS
SHARE
VISITORS
A HEARTY WELCOME TO MA VISITORS 4R ENTERIN MA BLOG THNX 4R VISITIN MA BLOG
STUDENTS QUEST
Main » 2011 » May » 10 » Five Tips For Removing Viruses And Spyware From Client Machines
12:57 PM
Five Tips For Removing Viruses And Spyware From Client Machines

By Erik Eckel

It's inevitable that clients will infect workstations, PCs, and laptops with spyware and viruses. 

Regardless of preventive steps, from gateway protection to automated scans to written Internet use 

policies, malware threats sneak through even layered defenses. What makes the situation worse is that 

many clients aren't willing to invest in standalone anti-spyware software, even though they understand 

the need for minimal antivirus protection.

Some IT professionals advocate simply wiping systems and reinstalling Windows, while others suggest 

that's akin to giving up and letting the bad guys win. The truth lies somewhere in between. After 

making an image copy of the drive (it's always best to have a fallback option when battling malicious 

infections), here are the measures I find most effective.

1: Isolate the drive

Many rootkit and Trojan threats are masters of disguise that hide from the operating system as soon as 

or before Windows starts. I find that even the best antivirus and antispyware tools -- including AVG 

Anti-Virus Professional, Malwarebytes Anti-Malware, and SuperAntiSpyware -- sometimes struggle to 

remove such entrenched infections.

You need systems dedicated to removal. Pull the hard disk from the offending system, slave it to the 

dedicated test machine, and run multiple virus and spyware scans against the entire slaved drive.

2: Remove temporary files

While the drive is still slaved, browse to all users' temporary files. These are typically found within the 

C:\Documents and Settings\Username\Local Settings\Temp directory within Windows XP or the 

C:\Users\Username\App Data\Local\Temp folder within Windows Vista.

Delete everything within the temporary folders. Many threats hide there seeking to regenerate upon 

system startup. With the drive still slaved, it's much easier to eliminate these offending files.

3: Return the drive and repeat those scans

Once you run a complete antivirus scan and execute two full antispyware scans using two current, 

recently updated and different anti-spyware applications (removing all found infections), return the 

hard disk to the system. Then, run the same scans again.

Despite the scans and previous sanitization, you may be surprised at the number of remaining active 

infections the anti-malware applications subsequently find and remove. Only by performing these 

additional native scans can you be sure you've done what you can to locate and remove known 

threats.Five tips for removing viruses and spyware from client machines

Page 2

Copyright © 2011 CNET Networks, Inc., a CBS Company. All rights reserved. TechRepublic is a registered trademark of CNET Networks, Inc

For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html

4: Test the system

When you finish the previous three steps, it's tempting to think a system is good to go. Don't make that 

mistake. Boot it up, open the Web browser, and immediately delete all offline files and cookies. Next, 

go to the Internet Explorer Connection settings (Tools | Internet Options and select the Connections 

tab within Internet Explorer) to confirm that a malicious program didn't change a system's default 

proxy or LAN connection settings. Correct any issues you find and ensure settings match those required 

on your network or the client's network.

Then, visit 12 to 15 random sites. Look for any anomalies, including the obvious popup windows, 

redirected Web searches, hijacked home pages, and similar frustrations. Don't consider the machine 

cleaned until you can open Google, Yahoo, and other search engines and complete searches on a string 

of a half-dozen terms. Be sure to test the system's ability to reach popular anti-malware Web sites, 

such as AVG, Symantec, and Malwarebytes.

5: Dig deeper on remaining infections

If any infection remnants persist, such as redirected searches or blocked access to specific Web sites, 

try determining the filename for the active process causing the trouble. Trend Micro's HijackThis, Microsoft's 

Process Explorer, and Windows' native Microsoft System Configuration Utility (Start | Run and type msconfig) 

are excellent utilities for helping locate offending processes. If necessary, search the registry for an 

offending executable and remove all incidents. Then, reboot the system and try again.

If a system still proves corrupt or unusable, it's time to begin thinking about a reinstall. If an infection 

persists after all these steps, you're likely in a losing battle.

Other strategies

Some IT consultants swear by fancier tricks than what I've outlined above. I've investigated KNOPPIX as 

one alternative. And I've had a few occasions in the field where I've slaved infected Windows drives to 

my Macintosh laptop to delete particularly obstinate files in the absence of a boot disk. Other 

technicians recommend leveraging such tools as Reimage, although I've experienced difficulty getting 

the utility to even recognize common NICs, without which the automated repair tool can't work.

What methods do you recommend for removing viruses and spyware from clients' machines? Post 

your suggestions in the discussion below.

Related TechRepublic resources

10 ways to avoid viruses and spyware

10 ways to avoid IT security breaches

10 faces of computer malware

E-mail links and attachments: Help stop malware from spreading

Virus & Spyware Removal Checklist

Category: TECH NEWS | Views: 749 | Added by: kc | Rating: 0.0/0
Total comments: 0
Only registered users can add comments.
[ Registration | Login ]