Virus Removal

We recognize that virus removal can get expensive. Below is a reasonably detailed description of how we go about cleaning up your machine. If you feel comfortable doing it, we encourage you to try it yourself. Alternatively, you can call us at 707.829.3793 and have us do the dirty work.

Please note that virus removal work is not covered by our Satisfaction Guaranteed policy. All virus work is performed on a Best Efforts basis.

Viruses are just one type of unwanted guests that can appear in your computer. There are also worms, trojans, key loggers, etc., etc. The one thing they have in common is that someone deliberately created a program to make your machine do what they want it to do, instead of what you want it to do. Professionals use the term malware to refer to all of these nasty beasties.

techbuddy uses several programs to clean up your machine. All are available for free (or free trial) and, when used together, they can give a high degree of confidence that your machine is back under your control.

There are a lot of anti-virus programs out there; some of them are good and some of them are horrible. Interestingly enough, price is not a particularly good indicator of quality.

Possibly the best anti-virus program (in terms of detection) is from Kaspersky Lab. It is also one of the most expensive, somewhat slow, and, unfortunately, can have problems installing correctly on your machine. In particular, it can interfere with your connection to the net. (Should this happen, you need to go to Start>Settings>Control Panel>Add & Remove Software and completely uninstall it.) It costs $50 per year, but the first 30 days are free, so it may be worth a try.

My favorite free anti-virus product is AVG from Grisoft. It comes in both a free and for-pay version ($39.99/2 years); both versions give the same level of protection, with the for-pay version having a few more options (which you probably don't need, but Grisoft are good guys, so you might want to pay them anyway). It is much faster than Kaspersky and is nearly as good at detection.

I use two anti-spyware programs because they find slightly different groups of problems. Ad-Aware SE Personal is a good, free spyware scanner. They also have a Pro version. Spybot - Search & Destroy is a good (and free) spyware scanner.

A slightly different tool is HijackThis. It checks for a number of home-page hijackers, BHOs (Browser Helper Objects) and other things, which may, or may not, be dangerous. HijackThis simply tells you that things are there, but does not pass judgment. Use with care!

What We Do

The first thing we do is uninstall any anti-virus programs from Symantec (e.g., Norton Antivirus) and McAfee. I have zero respect for the Symantec products and not much more for the McAfee line. If you insist on keeping either of these, you will want to work with someone other than techbuddy.

Next, we disable the System Restore facility because it can be used to hide viruses where the scanners can't reach them. Go to Control Panel>System>System Restore. Check the box "Turn off System Restore on all drives." Click OK or Apply. It normally takes some time for it to finish.

Next, we install the anti-virus we are going to use; normally this means AVG. We run the AV program repeatedly until it returns a clean scan or it runs into a wall. We do the same with Spybot and Ad-Aware. Although this process can take several hours if your machine has a large disk, we only charge for the time we spend looking at the results and dealing with things that the programs can't. (In particular, sometimes they can identify a nasty, but then have trouble deleting it. Often, we can delete it by hand.)

Next, HijackThis is run and the log file sent to HijackThis log file analysis to see what actually deserves to be removed. There are a lot of value judgments to made here and an overly enthusiastic approach (i.e., let's just delete everything) is to be avoided at all costs.

Next, we take a look at which programs think they should run at system start. Go to Start>Run>msconfig and peruse the list of things under the Startup tab. Some, like iTunesHelper or realsched, are annoying things that commercial companies install that help them, but don't do you any good and they slow down your startup. Others, you won't recognize, so check each of them against a Known Process List. If it doesn't show up there, try googling for it and see if you can figure out whether it is desirable or not. Again, you need to exercise some judgment here, don't just do a slash and burn.

Special note: Some companies are notorious for installing poorly written software that can make your system act strangely or lock up. Particular offenders include Nikon and Canon auto-download programs that come with their cameras. There are better ways (and better programs) to get pictures off your camera. Hewlett-Packard also has a tendency to garbage up your system launch with (mostly) unnecessary crud when you install one of their printers.

Finally, we use a variety of tools (most from SysInternals) to poke around and see if there is anything that is unusual or doesn't pass my personal 'smell test.' It is hard to describe what that means, because sometimes I can't tell you why something doesn't feel right, it just doesn't. Anything like this gets special attention.

No Guarantees

I really wish we could guarantee the results of a virus cleanup, but we can't. The complexity and sophistication of malware is truly frightening. We do promise to do our best at cleaning up your system, but the sad fact is that sometimes we can't. In those cases we will offer you a number of options, the most common being to back up your critical data and then reinstall your operating system and applications. This, too, can be time consuming, so we are happy to give you some pointers and let you do it yourself.

Help! I Can't Even Connect to the Net!

1. Find a friend's computer which has a CD burner.
2. Download all of the programs mentioned above into a single directory, but do not install them. Actually, your friend might want to install them, but you need the original files you downloaded.
3. Burn the directory to a CD.
4. Restart your machine. Keep tapping the F8 key about once a second while it is starting up. You should end up with a menu offering, amongst other things, the ability to start in Safe Mode. Choose that and continue.
5. Once your system is up in Safe Mode, insert the CD.
6. Install AVG (or Kaspersky) and let it do a full system scan. Note: this can take a long time on a system with large disk drives. You may be horrified at all of the garbage it finds on your system. Severely infected machines can have thousands of copies of multiple nasties. (One of my nephews came home from college and had over 18,000 copies of dozens of different malware – I was amazed it could even start up.)
7. Remove the CD. Restart, still in Safe Mode, and run AVG or Kaspersky again. Keep doing this until (a) you get a clean scan or (b) your anti-virus program finds the same problems two runs in a row. The latter means that there is a problem they can see, but not fix.
8. At this point you can try restarting your system normally, and there's a good chance you will be able to connect to the net. If you can connect, have your anti-virus program update its virus database. Do a full system scan again. (I know, this gets really boring, doesn't it?) Again, lather-rinse-repeat until clean.
9. By now there's a good chance the main infection(s) have been cleaned up. If they aren't, things may still be good enough that we can connect to your system and help you finish.
10. If you want to continue doing this yourself, next use Ad-Aware and Spybot, then HijackThis and the log analysis. Be careful using HijackThis! It's a great program, but you can do serious damage if you just delete everything it finds.