You need these things on a CD

HijackThis - free download.
ComboFix - free download - expires, download fresh every week.
MalwareBytes Anti-Malware - the free download is fine.
SmitFraudFix - free download - take the "Clean-up" selection in safe mode.
AVG Antivirus - free is fine for cleanup - run it last after the other tools.

You need to run ALL OF THESE or you don't stand a chance (I do 3 to 5 a week right now). I start with HijackThis and may run it again last. First thing I do is disable any Norton products - they'll prevent cleanup.

Doing cleanup on-site isn't practical and I only do it in the shop. I just tell them if they want to pay $90/hr for 4 to 8 hours I'll do it there - much cheaper in the shop.

Hourly doesn't make much sense. I charge a flat rate depending on difficulty, anywhere between $50 and $250 since I go about other stuff while scans are running.

For businesses I generally sell them a licensed AVG which gets the root kit module. I see a lot of root kits protecting the infections now - ComboFix can generally disable them.

You also need Keyfinder - free download - to recover license numbers for Windows, Office and some other programs.

Keep in mind - if they have a brand name machine and you have to do either a repair or full Windows install you need the disks that came with the machine - a generic XP won't do because neither the license number on the label nor the one keyfinder finds will work except with that company's disks. Every time I get my hands on one of those disks I copy it and label what machine it was for so I can fix machines of that type when the disk isn't available.

A couple of weeks from now new tools will be needed for new infections.

Post #302,046 by Andrew Grygus 1/7/09 12:23:57 PM Reply	You need these things on a CD HijackThis - free download. ComboFix - free download - expires, download fresh every week. MalwareBytes Anti-Malware - the free download is fine. SmitFraudFix - free download - take the "Clean-up" selection in safe mode. AVG Antivirus - free is fine for cleanup - run it last after the other tools. You need to run ALL OF THESE or you don't stand a chance (I do 3 to 5 a week right now). I start with HijackThis and may run it again last. First thing I do is disable any Norton products - they'll prevent cleanup. Doing cleanup on-site isn't practical and I only do it in the shop. I just tell them if they want to pay $90/hr for 4 to 8 hours I'll do it there - much cheaper in the shop. Hourly doesn't make much sense. I charge a flat rate depending on difficulty, anywhere between $50 and $250 since I go about other stuff while scans are running. For businesses I generally sell them a licensed AVG which gets the root kit module. I see a lot of root kits protecting the infections now - ComboFix can generally disable them. You also need Keyfinder - free download - to recover license numbers for Windows, Office and some other programs. Keep in mind - if they have a brand name machine and you have to do either a repair or full Windows install you need the disks that came with the machine - a generic XP won't do because neither the license number on the label nor the one keyfinder finds will work except with that company's disks. Every time I get my hands on one of those disks I copy it and label what machine it was for so I can fix machines of that type when the disk isn't available. A couple of weeks from now new tools will be needed for new infections.
Post #302,047 by malraux 1/7/09 12:47:16 PM Reply	What do you recommend for protection? My in-laws are constantly complaining how slow their machine gets "after a while". I think they're running McAfee right now. Regards, -scott Welcome to Rivendell, Mr. Anderson.
Post #302,050 by Andrew Grygus 1/7/09 1:13:53 PM Reply	Well, so far my clients have been doing fine . . . . . with AVG - preferably the paid version (I'm registered as a dealer with them). The current version 8.0 has one of the top anti-spyware programs fully integrated. Many of the worst infected machines I see are running Norton so I definitely don't recommend that - it's sole purpose seems to be to slow the machine down and make clean-up difficult (it identifies most of the tools I use as dangerous viruses and tries to remove them).

Welcome to IWETHEY!