«
»

[Strategy] Remove Viruses and Spywares From Client Machines

If you are someone who either works as a Sys Admin or Network Security Admin, you must already be aware of the importance of removing viruses and spywares from the client machines on the network.In case, if you are someone planning to make a career in the field of network security, threat removal etc, this article lists down concise steps that you must take in order to remove Viruses and Spywares from network client machines.

Again, as i have often repeated in my previous posts, Backups hold the key to success when you are dealing with crucial and sensitive data. Do ensure that you have taken a backup before moving ahead.

Once you have taken the backup and made images of all the client disks ( for which you wish to adopt virus and spyware removal strategy), follow the steps below. Each step is part of the strategy for removing Viruses and Spywares from client disks.

1.) Isolating the Drive

Modern day viruses, rootkits and trojans have the ability to disguise and hide itself from the operating system as soon as Windows boots. As part of the isolation strategy, You need systems dedicated to removal. Pull the hard disk from the offending system, slave it to the dedicated test machine, and run multiple virus and spyware scans against the entire slaved drive.

2.) Delete all temporary files

While you have the drive slaved, delete all the temporary files from the disk. Temporary files are usually found within the C:\Documents and Settings\Username\Local Settings\Temp directory within Windows XP or the C:\Users\Username\App Data\Local\Temp folder within Windows Vista.

Most of the viruses and spywares hide there seeking to regenerate upon system startup.

3.) Repeat Anti-Virus and Anti-Spyware Scans

Run complete anti-virus scans and also carry out two complete anti-spyware scans using two different anti-spyware applications. Next, you can remove the disk and return it back to the isolated system. Run the same scans again.

4.) Test the System

Once the above listed steps have been completed, you might get a feeling that the system is good to go but don’t make that mistake. Boot the system up and delete all cookies and offline files from all the browsers ( if you have mulitple browsers installed, each browser saves cookies and offline files in different location).

Next, go to the Internet Explorer Connection settings (Tools | Internet Options and select the Connections tab within Internet Explorer) to confirm that a malicious program didn’t change a system’s default proxy or LAN connection settings. Correct any issues you find and ensure settings match those required on your network or the client’s network.

Then, visit 12-15 random sites. Look for any anomalies, including the obvious pop-up windows, redirected Web searches, hijacked home pages, and similar frustrations. Don’t consider the machine cleaned until you can open Google, Yahoo, and other search engines and complete searches on a string of a half-dozen terms. Be sure to test the system’s ability to reach popular antimalware Web sites such as AVG, Symantec, and Malwarebytes.

While the above four steps are crucial, it always makes sense to dig in deeper to find any remaining infections. If any infection remnants remain, such as redirected searches or blocked access to specific Web sites, try determining the filename for the active process causing the trouble. Trend Micro’s HijackThis, Microsoft’s Process Explorer, and Windows’ native Microsoft System Configuration Utility (Start | Run and type msconfig) are excellent utilities for helping locate offending processes.

If necessary, search the registry for entries for an offending executable and remove all incidents. Then reboot the system and try again.

If a system still proves corrupt or unusable, it’s time to begin thinking about a reinstall. If an infection proves persistent after all these steps, you’re likely in a losing battle.

Adapted from TechRepublic.

Also Read: Top 3 FREE Antivirus Applications

[Free] Best Anti-Spyware Software

You can follow me on Twitter at http://twitter.com/vaibhav1981

Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here

Related posts:

  1. Computer Viruses: How do they work?
  2. Download Anti-Virus Mate for FREE (Today Only)
  3. Monitor Applications Connecting to Internet Using NetLimiter 2 Monitor
  4. [Freeware] Remove Unwanted Programs and Traces with Revo Uninstaller
  5. [How-To] Integrate Facebook Chat with any Jabber IM Client

This entry was posted on Monday, August 3rd, 2009 at 8:52 am and is filed under How-To. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “[Strategy] Remove Viruses and Spywares From Client Machines”

  1. At the third step, for a complete running and also carrying two complete anti-spyware scans use two different anti-spyware applications. One of them could be BitDefender Total Security 2009. I’ve been trying it and it prove to be very efficient. It has lots of features which provides comprehensive proactive protection against all Internet security threats, along with system maintenance and backup, without slowing down your PCs.

  2. @Lucy: I wouldn’t really use two different applications, but I would run a complete and comprehensive suite.

Leave a Reply