What should you do when someone hands you a computer, tells you they think it has a virus, and asks you to clean it?
Proceed carefully, that’s what. You don’t want to infect your other computers with whatever it has.
To get it gone safely and effectively, you really need two things: an antivirus live CD, and a spare router.
Several antivirus vendors offer free live CDs. These boot into a Linux-based environment, then scan the Windows installation on the computer. This is more thorough, since it has free reign over every file on the drive. And theoretically it can be faster, since the antivirus software doesn’t have to compete with viruses and spyware for computer power. I still hesitate to call any virus scan “fast,” however. The last scan I did took about a minute per gigabyte, so if you’re scanning a system with a large drive that’s nearly full, expect it to take a while.
There are lots of live CDs out there. I like Bitdefender, since it’s been around a long time. You can even load the Bitdefender CD onto a USB flash drive, for greater portability and boot speed.
Bitdefender will boot up, connect to the Internet, download signature updates, then scan the drive and ask what you want to do about its findings.
I strongly suggest having a spare router for the next step. Configure this router to work on straight DHCP, and to use a non-routable network different from your regular home network (if your home network is 192.168.1.x, configure the router to use 192.168.2.x). Plug this router’s WAN port into an available Ethernet jack, then plug the suspect computer into one of the router’s ports. This safely firewalls the suspect computer off from the rest of your network.
Now, boot the computer into Windows and see if you can figure out how it got infected in the first place. Why firewall it now that it’s been cleaned? As effective as Bitdefender is, I don’t want to bet that it found everything. Not when my network is at stake. Your goal is to get the system healthy enough to be usable again, and let the natural course of antivirus updates catch anything you can’t catch immediately. The only way to absolutely, positively guarantee it’s perfectly clean is to do a total rebuild, which you probably don’t have time to do.
So, now that you’re safely firewalled off, boot the computer, and let the antivirus software (if any) download updates. If the software is expired, uninstall it and install Microsoft Security Essentials. If there’s no software installed, install Microsoft Security Essentials. (If you’re going to be doing this a lot, it’s a good idea to keep the installation files for MSSE handy on a USB drive.)
Do whatever you have to do to get current, functioning antivirus software installed, then let it do its own scan. It’s probably a good idea at this point to install and run a couple of antispyware utilities like Ad-Aware and Spybot Search and Destroy. When it comes to viruses and spyware, it’s a good idea to get a few opinions, since nothing cleans absolutely everything.
While you’re at it, be sure to configure Windows Update to automatically download updates, and let Windows Update apply all of its patches.
If you’re going to do this a lot–there are plenty of infected computers out there, and people are understandably nervous about the repair services offered at consumer electronics stores–I suggest you keep the following on a flash drive to save yourself time and effort:
And, especially during the holiday season, there’s always a very good chance you’ll be asked to look at relatives’ computers. Be sure to keep people’s expectations in check. It takes a minimum of an hour to clean an infected computer based on the conservative assumption that it has about 40 GB of data on it. That’s 20 minutes to download and burn a live CD, and 40 minutes to clean it. It can take several hours to actually clean an infected computer properly.
If you expect you’re going to get bombarded with these sorts of requests as you travel for the upcoming holidays, you may want to head it off by burning a few copies of live CDs, then handing a CD to anyone who asks you the question.
You may not be able to cure everyone’s computer issues that day. Just like my dad, who was a radiologist, couldn’t cure everyone’s medical maladies before and after Christmas dinner. Of course people asked him questions, but most people also understood he didn’t carry his office with him, and that being a radiologist didn’t make him an expert in every field of medicine. Dad spent a lot more time watching football on holidays than he did practicing medicine. On the holidays where he wasn’t actually working in a hospital, that is. And while my uncle, who’s a carpenter, undoubtedly will field a few questions about tools and woodworking, he doesn’t spend his holidays doing odd jobs around his relatives’ houses. So I don’t necessarily think it’s bad form to hand a relative a CD if they think they have a virus. It’s better form than writing a URL down on a napkin and saying “Download and burn this.”
And if you’re looking for a little work on the side, here you go. It would be easy to give faster turnaround and better prices, not to mention better quality work, than the consumer electronics stores for this service. And there’s more than enough of this kind of work to go around. Do a dry run on a couple of junker PCs to get your process down, then put an ad on Craigslist and wait for your phone to start ringing.