Security

Five tips for removing viruses and spyware from client machines

IT consultants must regularly remove stubborn, regenerative, and corrupting spyware and viruses from client machines. These pointers will help you return systems to stable operation.

It's inevitable that clients will infect workstations, PCs, and laptops with spyware and viruses. Regardless of preventive steps, from gateway protection to automated scans to written Internet use policies, malware threats sneak through even layered defenses. What makes the situation worse is that many clients aren't willing to invest in standalone anti-spyware software, even though they understand the need for minimal antivirus protection.

Some IT professionals advocate simply wiping systems and reinstalling Windows, while others suggest that's akin to giving up and letting the bad guys win. The truth lies somewhere in between. After making an image copy of the drive (it's always best to have a fallback option when battling malicious infections), here are the measures I find most effective.

Note: These tips are based on an entry in our IT Consultant blog; they're also available as a PDF download.

1: Isolate the drive

Many rootkit and Trojan threats are masters of disguise that hide from the operating system as soon as or before Windows starts. I find that even the best antivirus and antispyware tools -- including AVG Anti-Virus Professional, Malwarebytes Anti-Malware, and SuperAntiSpyware -- sometimes struggle to remove such entrenched infections.

You need systems dedicated to removal. Pull the hard disk from the offending system, slave it to the dedicated test machine, and run multiple virus and spyware scans against the entire slaved drive.

2: Remove temporary files

While the drive is still slaved, browse to all users' temporary files. These are typically found within the C:\Documents and Settings\Username\Local Settings\Temp directory within Windows XP or the C:\Users\Username\App Data\Local\Temp folder within Windows Vista.

Delete everything within the temporary folders. Many threats hide there seeking to regenerate upon system startup. With the drive still slaved, it's much easier to eliminate these offending files.

3: Return the drive and repeat those scans

Once you run a complete antivirus scan and execute two full antispyware scans using two current, recently updated and different anti-spyware applications (removing all found infections), return the hard disk to the system. Then, run the same scans again.

Despite the scans and previous sanitization, you may be surprised at the number of remaining active infections the anti-malware applications subsequently find and remove. Only by performing these additional native scans can you be sure you've done what you can to locate and remove known threats.

4: Test the system

When you finish the previous three steps, it's tempting to think a system is good to go. Don't make that mistake. Boot it up, open the Web browser, and immediately delete all offline files and cookies. Next, go to the Internet Explorer Connection settings (Tools | Internet Options and select the Connections tab within Internet Explorer) to confirm that a malicious program didn't change a system's default proxy or LAN connection settings. Correct any issues you find and ensure settings match those required on your network or the client's network.

Then, visit 12 to 15 random sites. Look for any anomalies, including the obvious popup windows, redirected Web searches, hijacked home pages, and similar frustrations. Don't consider the machine cleaned until you can open Google, Yahoo, and other search engines and complete searches on a string of a half-dozen terms. Be sure to test the system's ability to reach popular anti-malware Web sites, such as AVG, Symantec, and Malwarebytes.

5: Dig deeper on remaining infections

If any infection remnants persist, such as redirected searches or blocked access to specific Web sites, try determining the filename for the active process causing the trouble. Trend Micro's HijackThis, Microsoft's Process Explorer, and Windows' native Microsoft System Configuration Utility (Start | Run and type msconfig) are excellent utilities for helping locate offending processes. If necessary, search the registry for an offending executable and remove all incidents. Then, reboot the system and try again.

If a system still proves corrupt or unusable, it's time to begin thinking about a reinstall. If an infection persists after all these steps, you're likely in a losing battle.

Other strategies

Some IT consultants swear by fancier tricks than what I've outlined above. I've investigated KNOPPIX as one alternative. And I've had a few occasions in the field where I've slaved infected Windows drives to my Macintosh laptop to delete particularly obstinate files in the absence of a boot disk. Other technicians recommend leveraging such tools as Reimage, although I've experienced difficulty getting the utility to even recognize common NICs, without which the automated repair tool can't work.

What methods do you recommend for removing viruses and spyware from clients' machines? Post your suggestions in the discussion below.

Related TechRepublic resources


Check out Five Tips... the newsletter

Get a concise roundup of solutions and techniques that will make your IT job go more smoothly. TechRepublic's Five Tips newsletter, delivered every Tuesday, gives you instant access to the information you need. Automatically sign up today.

About

Erik Eckel owns and operates two technology companies. As a managing partner with Louisville Geek, he works daily as an IT consultant to assist small businesses in overcoming technology challenges and maximizing IT investments. He is also president o...

87 comments
tommydigital
tommydigital

I used lots for antivirus and anti malware tools. We've used symanted antivirus ce and endpoint protection on all of our desktops for years. When I'm really in a jam I use Ultimate Boot Disk for Windows. It has a bunch of useful tools to remove viruses and malware. It has tools to repair the MBR, reset passwords, etc. I suggest you give it a try. I'd to know what you think.

MuhammadUmar
MuhammadUmar

First of all i try to show all super-hidden files by using tools such as USB Disk Security / RRT (www.sergiwa.com) or by using ACDSee program where i use to see hidden files to remove viruses etc After ^^ these steps, "Hijack this" tool is used to remove / delete viruses. Registry Cleaner program like "Tune up utilities" to clean registry as well as temporary files. In last i create new user and delete the previous one if necessary Last one

MuhammadUmar
MuhammadUmar

First of all i try to show all super-hidden files by using tools such as USB Disk Security / RRT (www.sergiwa.com) or by using ACDSee program where i use to see hidden files to remove viruses etc After ^^ these steps, "Hijack this" tool is used to remove / delete viruses. Registry Cleaner program like "Tune up utilities" to clean registry as well as temporary files. In last i create new user and delete the previous one if necessary Last one

Gis Bun
Gis Bun

Here's a few things to at least curb any problems: 1) verify the host file 2) reset IE's settings [full reset preferred] 3) empty all temp folders [note that malware may make itself hidden, use DOS' attrib] 4) use Microsoft/Sysinternal's Autorun to see what is getting loaded Malware will attack on any browser. The weakest "point" is the individual. If they are novices or not notified of the malware out there, they will believe in anything - just like the people who keep on forwarding hoaxes that are 7+ years old. Most AV products won't even detect the fake AV "software" at all. I've seen this with Avast Pro.

blackmaleya41
blackmaleya41

All sounds good except taking the hard drive out.

DKeith45
DKeith45

Agree Erik. I always pull the drive, slave it, save out what files I can, doc's, pic's, email files, address book etc... then try to fix the infection... if that doesn't work, then it's total reinstall time...

jmarkovic32
jmarkovic32

You can't dismount and scan an encrypted drive! So I'm forced to install Malwarebytes and SuperAntiSpyware in Safe Mode and scan that way.

johnpall
johnpall

2 Quick easy steps to be rid of virus and spyware: 1. Throw PC AWAY. 2. Get a Mac to replace it. Problem Solved

slconsultingsvc
slconsultingsvc

For you folks that are working for a company with spare drives or on a corporate helpdesk formatting is an option and often the smart thing to do. But when you are an independent consultant and the customer calls you and says that they absolutely have to have this computer back up and running in its pre virus state, its not that easy. I had one customer that got one of the advanced rogue antivirus deals on his PC. This PC is the center of his universe and literally would have taken me over 20 hours to rebuild and install all of his 20+ programs back to their custom configurations. Before everyone jumps on it; he now has a comprehensive backup solution running on the machine after this incident. Bottom line however is that you can't charge a customer 20+ hours at nearly $70 an hour to rebuild his PC. You need to be able to fix the problem without rebuilding the machine. Any high school kid can do that. If there is little configuration or special programs on the PC then the reformat is the answer but not in the case of a business owner who has 20+ business apps installed and configured on the machine. Especially when the malware is stopping you from being able to see what all these custom configurations are.

demiwebman
demiwebman

Normally what works for me is a Live CD boot from, first, AVG Rescue then second, F-Secure. Then I use Ultimate Boot CD to run EzPcFix looking closely at registry entries. Any randomly named files in the Docs directory are obvious malware infections. Plus EzPcFix allows me to look at the Hosts file. Be sure to remove both the Hiberfil and Pagefile files off the C: root too. Finally, booting to Windows I install HitmanPro 3.5 then MalewareBytes. If that doesn't do it, it's time to backup and reformat.

Mr. Fix
Mr. Fix

Haven't we all heard it: "But I have an antivirus program. How could my computer get infected?" How do you explain that they got the virus because they were CARELESS - visited that porn site, clicked on that pop-up, downloaded that neat free app, opened that attachment from someone they don't know from Adam... How do you convince someone that having an anti-virus application will NOT PROTECT them from their own stupidity, when vendors tout invincibility?

davebrik99
davebrik99

I like to check out the Windows\System32 folder for any recently added DLLs or any that have gibberish file names. Safemode helps a lot!

Jon Bush
Jon Bush

Can somebody tell me if Windows is a virus, or was I infected from outside? My two computers, a laptop with XP Pro and a desktop with W 7: the laptop has developed a habit of making whatever external drive, USB Flash Drive, SD card, whatever, as Read Only, therefore making it very difficult to move a file from the laptop C: drive to my other computer. The Win 7 computer does not do this, I have the permissions set correctly on it. Why do I need the permission of my operating system in the first place? This is very annoying...

wilbrian
wilbrian

So just look at all the suggestions for scanning/cleaning different areas and different experiences with what not to overlook in the process. When you add up all the hours it takes to cover all of those bases you've already spent the equivilent time of a full reformat. And with the full reformat you get a fresh, updated install and the latest drivers as well as the latest versions of commonly used utilities like Adobe Reader, Java and Flash.

Coss71
Coss71

At our company, we have a very simple solution. We have a number of spare drives for our systems (we're an all Dell house at all 21 locations). We'll spend about an hour cleaning, and if it begins to look like it will take longer, we pull My Docs, Favorites, and the PST files, pull the infected drive out, stick one of the stock units in, config for the network, push the off loaded files back to the new drive, done. Usually takes about 45 min to an hour. Infected drive is taken back to office, formatted and reloaded, then set on the shelf for future use. Simple, quick, and 100% good to go. In some cases, we won't even save the personal files, and just go with a clean setup. Sorry about your luck losing all of your email and pictures.

juliette.fister
juliette.fister

We don't have enough resources to spend that much time on a drive. Grab any .pst files and reimage from your secure source is the most efficient method.

SteelTrepid
SteelTrepid

What a waste of time. If you techies out there don't already know this or have better methods, then you have problems. The "shameless" plug right at the beginning puts the icing on the cake. I figure this article probably helped about 1/2 of the members here.....which is a sad statistic. There are so many better methods out there it is sick and I'm not going to do Tech Republic's work and list them. Good luck!

leo8888
leo8888

When we have tools like BartPE bootable CD's available. I have not found anything I could not accomplish using various plugins for virus and spyware removal, drive partitioning, drive imaging, file backups etc that would require me to remove the infected drive. Boot from the CD, backup or image the infected system to an external disk and then make repairs to the infected drive. That method has worked very well in my experience.

alwova
alwova

you can remove the viruses and spywares if you know there names or suspect them by running a linux live cd like (mint,nimblex,austrumi enev ubuntu) and mounting and accessing the drives and then deleting the virus .

tmargulis
tmargulis

I am constantly running into virus problems because most of my clients are retired older folk who just don't understand what harm a virus can do to their machine and open up every attachment they receive without due consideration. The first attempt I try is to use a program such as Advanced Systems Care which will usually tell me what type of virus I am facing. If that doesn't remove the virus, I than will try to do a restore to a much earlier date. And if that doesn't work, than I'll start using the various programs you have already suggested. Only once recently have I had to resort to a new install. Ted Margulis

Frostyone
Frostyone

I have found Trinity Rescue Kit to be one of the easiest to use to scan a machine. It uses Clam and you don't have to do anything to the box, just load the CD and connect the network cord (so the database can update) then let run.

JohnMcGrew
JohnMcGrew

Long ago, I came to the conclusion that relying upon loading anti-virus or removal software on a computer that has already been compromised is akin to a surgeon attempting to do open-heart surgery on himself. You just can't have confidence in the effectiveness of the surgeon, or the results. I keep a dedicated XPC-form computer on standby for these situations loaded with all the usual tools. It's portable and I can easily interface all types of drives (SATA, IDE, SCSI) and can clone drives before surgery. (just in case) But most importantly, I can be confident that my malware tools are operating in an unhindered and uncompromised state. After the subject drive has been cleaned and removed, I sanitize my rig by re-imaging it to a pre-test "clean" state just to make sure that nothing could have possibly jumped aboard during the cleaning process. The $600 or so I spent on this setup years ago has paid for itself dozens of times over.

devshop
devshop

Just worked on "one of those" yesterday, so this is fresh in my mind... I didn't isolate the drive by slaving it into another system, but booting up in Safe Mode (this was an XP system), does the trick, too. After that I was able to clean everything using MalWareBytes, AntiSpyware and once back in normal mode, the system's own anti-Spyware from CA. All three utilities found some "leftovers", so the bottom line is you have to work it over and over until every utility comes up clean.

chris.wright
chris.wright

It's a good idea to clean the registry after removing all malware etc, ccleaner or registry mechanic will do the job, or which ever tool you prefer.

perulous
perulous

best way to remove Virus is as above mentioned, make the infected HDD as slave and scan the same.

khiatt
khiatt

and 90% of the personal computers were MACs, then the virus attacks would be focused there, and Windows PCs would be the safe haven.

SmartAceW0LF
SmartAceW0LF

Was wondering when the obligitory Mac fanboy would pipe up with his 2 cents worth!

wilbrian
wilbrian

OK, I understand this problem completely. I've faced it myself. What did you do?

SmartAceW0LF
SmartAceW0LF

If you use the drive on both systems, XP may not be able to properly negotiate the permissions you have set in Windows 7.

xc7c6e3
xc7c6e3

Agreed! Might as well go for the "full Monty" right off the bat, as you're likely to end up reformatting anyway --- after you've spent all that time trying to "repair".

JCitizen
JCitizen

just store that stuff on a NAS; even homes are doing this now. Then all you got to do is nuke the drive.

mla_ca520
mla_ca520

Gee...Thanks...SteelTrepid, for adding that though! It was really...um useless!

rcaraway
rcaraway

Recently, I had the Anti-virus "virus" on my personal XP machine, and was near the point of a complete format. With a bit of patience and time, I was able to "build" a copy of the Ultimate Boot CD 4 Windows. There are also helps for creating the USB version, though I was not successful with it. As you are creating the CD you can chose which utilities you wish to include, and have them download the latest updates before you "burn". It took a couple of attempts before I realized I didn't need everything (capacity limit of CD), and removed some goodies that weren't related to the task at hand. When time permits (ha ha), I will build multiple CD's specific to varying tasks. My system had reached the point of MalwareBytes and Spybot either no longer finding problems or failing to remove them after discovery. After booting from the CD, I believe I used A Squared, located and removed the offending garbage, then ran one of the other apps as a backup. After the initial cleanup, I booted into Safe Mode and ran all applications again, finding, and subsequently removing a few more stragglers. This was approximately 3 months ago, and I have not experienced any additional trouble. I keep Spybot updated and run in Paranoid Mode. I also use Malwarebytes, and am currently using Avira for anti-virus protection. This is my experience, your mileage may vary. I believe there is no such thing as "too much information", and if I don't have the information, I want to know how to find the person that does, Shameless plug or no. I like having options. Thank you for granting a space to list and find those options...stepping down from soap box.

butkus
butkus

Two free programs will auto update and auto scan: AVG free and Avagast (new version) and that one will scan E-mail and kick out anything. Even works on dial-up

butkus
butkus

I've had two PCs go to a blank screen after login. I tried scanning the HD using another PC, on-line scans, boot CDs. Finally did a over-install on one laptop (user opened a Zip file), another PC: after 3 days of stuff I think Combofix and Spybot in safe mode got it. I know it's an Explorer.exe exploit, but those really kill the PC and any attempts to run anything.

peacock_eric
peacock_eric

there's a few things left out of the main article: CCleaner is an excellent tool to be used in removing malware/virus'. You have to get ALL the system temp files cleaned: don't forget to look in the All Users temp folder, and (in Vista/7) the locallow temp folders. Also, I've been seeing that fake antivirus plant itself in %user profile%\local\application data. I usually go thru the user profile folders manually in safe mode and delete anything suspicious looking (these usally stand out pretty well files or folders with random character naming; bh0tfx43st or something) then run malwarebytes scan in safe mode. check startup items with ccleaner, reboot into normal mode and run another malwarebytes scan. Important: In whatever scanning program you use, make sure that you scan for rootkits and PERFORM A FULL SCAN! A quick scan or short scan almost NEVER removes everything. and like devshop says; keep running scans with multiple programs until they all come up with no results. contrary to the original article, there are several boot Cd's that can be helpful; the Kaspersky free boot CD works well, and I haven't had it be unable to update yet. The KAV cd and many other Linux based boot cds are freely available. There is even a free boot cd to edit the windows registry. (A google search will find these quickly) Here's one last thing; Check the registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon and look at the shell and userinit values. They should be explorer.exe and %windir%\system32\userinit.exe respectively.

Gis Bun
Gis Bun

Many computer "experts" including Mark Russinovich [sic?] say that registry cleaners do little to improve things. I've seen some myself where after "cleaning", it removed a serial number for software that was installed!

XT John
XT John

Was anything posted about signing into an infected machine using Safe Mode? In my experiences, this is a MUST to make sure the malware isn't running. It's not foolproof, but sure helps a lot in rooting crap out.

y.a.botha
y.a.botha

in my experience, scaning from slave hdd makes most antiviruses fail to reverse virus effects such as blocked regedit, task manager etc.

gharlow
gharlow

By the time a client calls me to get rid of a virus, chances are very good they are infected with a nasty rootkit. The only tool with currently seems capable of rounding these up is Combofix, followed by Malwarebytes. For defense, Norton Antivirus seems to be most effective, although I run into infected machines here too. A BIG part of the problem is the sales pitch from Anti-virus companies which make the user feel invincible. I explain to customers who are indignant that they were protected that the anti-virus tools are sort of like wearing a bullet proof jacket when the bad guys are firing 50 caliber rounds. They help, but you are definitely not 100% safe.

slconsultingsvc
slconsultingsvc

I cleaned the rogue antivirus off. But it was not easy. This one of those ones that I had to connect the drive to another machine cause it was not having any part of me installing anything on it to eradicate it. I backed up all the data to another drive and then crossed my fingers and ran malwarebytes three times, Microsoft security essentials once and then brought it back up again crossing my fingers. Got it back up and scanned again using the Symantec product that was installed. Had about 6 hours in it when it was all said and done but I saved the machine and implemented a solid backup program using Symantec Backup Exec system recovery. I LOVE BESR!!! Ever killed a domain controller on a RAID 5 array and recovered to a workstation with an IDE drive in it??? It was just a test but it worked and knew it was a domain controller.

PurpleSkys
PurpleSkys

I've sometimes weighed the options...wipe and reload or spend three days trying to clean it out...most of the time, it can take less time to backup documents and whatnot then reinstall than trying to clean some nasties out.

Harry44Callahan
Harry44Callahan

UBCD4Win is the way to go and they recently came out with a new release which I built with XP Pro x SP3. These things have tons of fix utilities and just want to add; you are not limited to the CD. I burnt a DVD with all the tools, as long as the sys. you're working on has a DVD drive, works great.

khiatt
khiatt

A quick clarification... "They should be explorer.exe and %windir%\system32\userinit.exe respectively." with no additional parameters. Many times I've found other programs referenced after explorer.exe and userinit.exe

QAonCall
QAonCall

Using these cleaners then create your restore points. This can save much time and headaches.

ultimitloozer
ultimitloozer

You can still have malcode running even booting into Safe Mode. You need to be booting from another machine (ok solution) or a recovery disk (better). That is the only way to ensure that the garbage is not already running on the machine you are trying to clean.

JCitizen
JCitizen

about not being fool proof; unfortunately many of my clients, that won't listen, end up with malware that logs into the hidden Windows Home administrator and takes over everything. Running in safemode won't help after something like that either. For almost all my clients I password protect that account and disable it - providing they are using another for administration.

JCitizen
JCitizen

rescue method first; like some posted here. Kaspersky and Avira seem to be popular.

gabriel.tate
gabriel.tate

Normally Malware Bytes is great but..... On machines where the users have Admin Rights and click the cute little Malware popups the and let it unleash the fury of root kits....you get the point. Kaspersky has a Linux Boot Disk that allows the program to scan files normally in use or blocked by the virus/ malware. If you got it plugged into a network connection it updates its definitions first. Good Stuff. Hope this helps. Gabe

ron
ron

I second using Combofix & Mbam. I tried using gmer, but didn't really know how to do anything with it other than look at processes and hidden files. The fact that Combofix uses gmer component makes it a good choice. Generally I first boot to Hirens boot disk for the Mini XP shell (used to use an old winternals ERD, but the lack of SATA drivers makes it useful only for older boxes w PATA drives.) Hirens is also nice because I can run chkdsk as well-- specially if the hive is corrupt.

Monty Palmer
Monty Palmer

I agree. Combo fix run in safe mode with networking is first. Then MBR for good measure because it is quick. Then either MBAM or SuperAntiSpyware. In the very rare case that something is there I use UnHackMe. Repeated boots/scans. Also, telling the client how utterly dangerous it is to continue using IE also helps prevent future exercises like this.

JCitizen
JCitizen

but I haven't the patience to compile the disk. I guess I'll just have to buy something similar and probably inferior.

PurpleSkys
PurpleSkys

I personally like Avast http://www.avast.com/free-antivirus-download (nothing wrong with AVG Free, I just don't use it anymore) and haven't used spywareblaster in years. My little bag of goodies includes Avast Free 4 Home, malewarebytes, ccleaner, spybot S & D, and superantispyware. All these programs install and run quite nicely on a Win7 64 bit machine :) Edit: for spelling

butkus
butkus

Search for AVG free.. there is a free version with auto update. Then use Spywareblaster (with manual update) again free.

husserl
husserl

Given your location you may just know of Frankie Howerd, who would undoubtedly have said that his Ghast had never been so Av. Up Pompeii! (Oh no, Missus, nOOOOOO)

Mr. Fix
Mr. Fix

System Restore points may reverse, to some degree, damage caused by a virus but they won't eliminate the cause. Don't forget, System Restore doesn't touch user files.

ron
ron

Sure it's a great idea to clone your HD, but I'm trying to get average customers in and out the door in a couple hours including manual virus removal [ERD or Hirens] dump temp files; reboot into windows and run combofix; mbam; and AV (usually Nod32 or MSSE.) Chkdsk comes in handy when the virus froze the machine and the customer has shutdown numerous times by pulling the plug or switching off the power (bad move!) If the drive is too screwed up, I boot Ubuntu and back up the data for reinstalling to new HD. It's not worth wasting any more time. Then, afterwards we'll discuss whether a drive image or user data replication makes more sense. VM too, but that's a little esoteric for most of my customers. (don't need those Monday a.m. calls where "I can't find my VM!")

JCitizen
JCitizen

technology. I've never had a chance to use it, as it seems to nail anything coming in; what it misses, Prevx catches, and MBAM blocks by IP entirely. I haven't caught anything interesting on my honeypot for quite a while. It is getting boring! Thank God for clients, they get hammered all them time, until they start listening to me! HA!

JCitizen
JCitizen

as that is where some of the worst malware hide now. I've been looking for something that will ignore sectors flagged as bad, and low level format them anyway.

Spexi
Spexi

Is'nt it a bit overated trust Windows check disk feature when dealing with malwares? Or do I missed something here? Alright, hives has connections with almost everything as it belongs to the registry. I have only one simple solution that always work and everyone can trust 100% Forget make the mistake by believe it is possible to clean a system totally. The logic tells for it self, we can never trust the tools and software we use in this purpose. But by make backups and cloned images from a new installed or newer "clean" version from your installed OS it is much safer. And before you reinstall your backups, be asured that always overwrite the damaged disk or partition completely with KillDisk or similar software. Then you can be sure that the threat is totally terminated. That pc users comes into this dilemma are mostly that they was not prepared for it. Really unnecessary and remember using HIPS together with virtualization solutions. That has the ability in prevent these things.

ultimitloozer
ultimitloozer

a setting that will allow me to pick and choose the scripts and flash elements that are allowed to run on a page. You either get all or nothing so a page will work or it won't. The only way to adjust for potential problem pages (and the ads on them) is to keep changing your settings for allowing scripting or not or enabling and disabling the flash plugin. That doesn't help the situation at all for most end-users. At least with FireFox, you can use NoScript, AdBlock+, and other add-ons to give much better control.

ilyab
ilyab

Win 7 with security essentials is pretty tight and you do not need ie to download and install updates as it is done through the operating system. For all the talk about insecure MSFT machines I find have a preventative antivirus/mal/spyware software that provides real-time as well as scheduled scan protection is just that ounce of prevention that is necessary. Formatting machines is not such a bad option either. If data has been or can be backup and software was purchased legally then the reinstall will deliver a clean and fresh usable PC to the client. Most customers want to use their computers to make money, they don't care that you "BEAT" this virus.

Spexi
Spexi

This happen because all browsers has to be managed from the same "Internet platform" which is attached and connected to your system and installed OS. Yes it may be correct that alot of threats are made for affect on IE but in the other hand when it's possible see that something happened with IE, you can also be sure that the problem exist in the background for the other browsers as well. That's not the worst thing when a browser begin behave odd. Important is what's going on inside the system! Perhaps other brosers are developed better in hide the symptoms than IE.

boomchuck1
boomchuck1

Besides, how are you going to actually get rid of IE? If you do then you lose your ability to go to Microsoft Update and get your security updates. Bad idea.

wilbrian
wilbrian

Alternate browsers is another hot button for me. Truth is unless you remove IE from your machine there are still infections out there that look to infect IE and if it's on your machine then the infection comes in. Trouble is if you don't actively use IE then the infection sits and lurks for a long time until something comes along to trigger it (and it will sooner or later). I've had this happen on more that one machine where an "informed" user was convinced they were safe because they "...don't use IE". Guess again.

rickg
rickg

About not using IE and recommending a different browser, A properly configured browser will help as part of a layered defense against stuff slipping in, Google Chrome has no defense against scripted attacks and neither does Firefox but at least for Firefox you can download some add-ons to help, IE has all that and more native in side it already you just need to crank up the browser security settings to enable it. Oh and before you spout off agains IE I actually preferred Netscape when it was viable as a browser, it lost the war so I needed to learn a different way of protecting my end users here at work. All the web infections I get at work from my end users come from a browser other than IE.