[ale] Viruses and Spyware

John Mills johnmills at speakeasy.net
Sat Oct 9 14:52:40 EDT 2004 

George, ALErs -

Far from an expert, but I have done this a few times. Maybe this will
start a list we can share as others contribute. Here are a few ideas (in
no particular order).

On Sat, 9 Oct 2004, George Johnson wrote:

> If anyone has any good suggestions on any "gotchyas" or things to
> beware of when going out to start a business cleaning off viruses and
> spyware from peoples computer systems I would be glad to hear them.  I
> am working on that Bart's PE and will also just take out a cd with
> good freeware like Spybot S&D (if anyone has any ideas in this area I
> would appreciate that also) to do the job.  Seems to be a demand down
> here.

Assuming you will be laundring a MsWin system &8-):

 1. If possible, get enough symptoms ahead of time to refine the choice of
virii, then download MacAfee and Symantec (Norton) utilities to remove the
likely culprit(s). Review and print the instructions - they use a few
"generic" procedures with slight variations, documented on those web
sites. Check Microsoft's support pages for repair instructions (like what
features you should to turn off before using the tools) and for
downloadable updates to fix vulnerabilities. (Removal tools don't usually
do this.)

 2. Watch the prevailing flow of virii and make yourself a collection of 
their removal tools, as in (1). Update the collection frequently. (It 
won't be very big in storage terms.)

 3. Put all these, plus your adware/spyware removers, on a CD; if you know
it will be readable in your customer's PC, a CD-RW minimizes logistics
problems as you update your collection. If not, a CD-R is more compatible 
and only costs @$0.25-$0.50 these days.

 4. Make a bootable CD of 'SystemrescueCD' and/or 'Knoppix Linux' for
cases when your customer's OS is history, to check the basic hardware. Use
generic CD-R's for this - in case the customer's CD drive is marginal.

 5. If you need to recover files, you may be able to use another computer
elsewhere as a backup repository, use a hub and a *nix PC (yours) to
capture the backups locally, or a remote host with SSH login to capture
them if the customer has DSL. I _highly_ recommend such backups before any
OS recovery. (This has saved me and my customers' big-time anxiety: the
value of the computer is really in its contents, or in the time you or the
owner would need to reconstruct it.)

 6. Talk to the customer before going and find out if they have 
installation media for their OS and major application packages. If not, 
try to beg or borrow some to take along.

 7. Include cables, a portable PC, a power strip, basic hand tools, and
maybe a VOM in your kit.

 8. Expect you will have to fix some of their default setup (net accounts, 
printer options, etc.) and prepare a bit so you don't have to fumble 
around on such tasks.

 9. Likewise, don't count on their net access working until the main 
problems in their computer are fixed -- If your portable can connect 
to the net and burn a CD, you have that option if you need something 
unexpected on-site.

 >>-->> 10. TEST ALL YOUR [STUFF] BEFORE LEAVING HOME <<--<< (Don't 
worry: _plenty_ will still ***** up in the field!)

Lastly, making a few suggestions of 'computer hygene' may be in order, so
your clients are more empowered when you leave. I always find it easier to 
deal with a well-informed client (subject to their receptivity and your 
diplomacy).

Best Regards,
 - John Mills
   john.m.mills at alum.mit.edu

More information about the Ale mailing list