Originally Posted by MadScientist
Almost 90% of the computer repair work I do now is cleaning infected computers. I totally agree that the only sure way of getting rid of a virus is to format and re-install the OS, but I also agree with John's statement from his website.
I take the opposite approach...scorched earth policy
If I do PC work on the side, it's easier (faster) for me to just do a factory re-install. My basic procedure is:
1. Clone the drive using Macrium Reflect & test boot drive with HDtune
2. Reinstall OS/drivers/apps/updates (factory reset + updates basically)
3. Setup MSE, Malwarebytes, CCleaner, and Chrome in Incognito
4. Copy the image clone to their desktop & dump their Desktop/My Docs files back
This ensures that:
1. They have a 100% clean PC install
2. They save 100% of their files (always accessible from the read-only image clone, which mounts virtually like a second hard drive using the Reflect software - people always save stuff in weird places like the root C: \ or some random non-standard folder somewhere)
You can even do a few things to make it easier:
1. Have a USB/eSATA IDE/SATA dock handy for cloning the boot drive
2. Have a small 60gb SSD for doing a fast OS/apps install (then clone back to their drive later)
3. Have an 8GB USB stick with the Windows 7 retail installer on it (saves some time over the disc-based install, if they have a retail key)
4. Setup a WSUS server (VMware works great for a virtual update server) and zap Windows/Office updates quickly (requires a quick non-domain PC mod on the client PC) instead of waiting for the online updates
5. Keep a monthly-updated apps package on a USB stick (7zip, Paint.NET, etc.), which you can make even easier to install if you are willing to invest some time into tools like AutoIT
6. Digitize all of their software to ISO files on a USB stick for faster installs once the OS reinstall is done
The only slowdown comes if their PC has a HDD-based recovery program, in which case I'll make them a free CD/DVD/USB recovery disc set if the recovery program allows for it, otherwise I just have to wait for the partition-to-partition factory reset to do its magic.
From there, I usually install join.me for quick remote support (lets you keep an icon on the desktop). Then I remove all Internet Explorer links (desktop, quick start, Start Menu) unless they have special needs (ex. older banking websites that use ActiveX, although there are some nice plugins available for Chrome for that as well) and put a shortcut to Chrome with Incognito mode enabled (doesn't save history or do autofill, but also doesn't allow loading of junk coupon/search/etc. toolbars or auto-running of stuff that automatically downloads). Then I throw on MSE, which isn't the best AV in the world, but it's zero-maintenance and low-annoyance (auto-updates, auto-scans, only pops up to notify if a virus was found). So they have updates and a basic, free, bug-me-not security package. I also do basic tweaks to speed things up & get rid of popups/annoyances (Classic theme, disable UAC/Action Center, etc.).
Sometimes just cleaning the computer off without doing a fresh OS install can be a bit faster, but if the computer was made in the last 10 years, it usually only takes an hour or two (mostly automated via installers like off the Windows CD) to zap it clean and have the knowledge that the computer is "perfect". If I have the computer overnight, I'll usually clean it out with air & wipes and run Memtest86+ on it overnight to make sure the RAM is good & there isn't anything funny going on with the hardware (overheating, fan issues, etc.).
So it's a bit more work, but it's stuff you already know how to do instead of possibly having to figure out (sometimes for hours or days), so you can speed through every computer pretty quickly. Then the user gets a nice, fresh machine with all their stuff, and a desktop link to join.me if they need some quick remote help over the phone. This is pretty much the only way I do side work these days, because I don't want to hear back from them down the road