ITJuju.com

There is a lot of B.S. on the web about how to remove Viruses, Trojans and other malicious types of software like Adware and Spyware.

Most of it by people just wanting to sell you on buying some piece of software that they have supposedly reviewed – that may or may not remove the Viruses, Trojans, Adware, Spyware etc..

Where as in reality it’s just so that they can earn a commission when you buy the software.

The you have the people who give you a list of files, folders and registry settings to look for and remove. It’s nice of them but it’s advice that’s fundamentally flawed – I’ll explain why in a bit.

In corporate or large network environments where you have hundreds if not thousands of computer and users.

The way things are done are a whole lot different, in face a lot of the technology available to businesses are in some cases 10+ years more advanced than what is available to consumers.

The ideas, concepts and best practices are radically different to what you’ll find aimed at consumers.

As the title is about “How To Really Remove Viruses and Trojans…” – lets cover what the standard practice in large network environments is.

First things first, if a machine – be it a computer or a server (the name given to a computer doing a designated task) is suspected of or has been compromised – be it infected with a Virus, Trojan, Adware or Spyware or even something else completely.

The first thing that is done is the machine is disconnected from the network to prevent the spread of whatever is on that machine – compromising other machines.

Next an assessment is made of what’s happened and then on how long it would take to fix the machine.

Data that is required is backed up to say a CD or DVD, remember the machine is isolated and isn’t connected to a network – it’s been quarantined.

If it’s a minor infection like the installation of adware or spyware and it won’t take more than say half an hour to fix then it can either be manually removed or software used to do it automatically.

Now I personally don’t like the above idea of removing the offending things – the reason is explained in a bit.

Getting back to the machine, it’s more than likely a case that it will take more than half an hour to figure out what’s happened and how to remove what’s installed.

But for the moment lets assume it won’t, in which case what you would do is take out the hard drive from the computer and connect it up to a different computer using a external hard drive caddy.

The computer you use must be one that is trusted and isn’t compromised as if it is what follows is pointless.

Once the hard drive is connected, you use the security software on that trusted computer to scan the infected hard drive. This is a key point to remember as there are lots of things that can not be removed if you are scanning the hard drive after you have booted it up.

By connecting the drive to a different computer you by pass the boot up of that hard drive, which means that the stuff you need to remove is unable to intrench it’s self during the start up process.

You would also scan the drive with some of the free online scanning tools to double check that everything has been picked up and then to make sure you would manually check.

Now you see why it normally take more then half an hour to fix.

What would normally happen after the data is backed up (best way to do this is with a live CD on a computer with 2 CD/DVD Rom drives, with one of them being a writer which you use to back up the data with..

Once all the data is backed up, all the data on the hard drive is wiped, it’s then reformatted and a fresh install of all the software – from Operating System to the applications that were on the machine.

The above is the preferred method the reason but more importantly the thing to keep in mind is that once a machine is compromised, it’s always compromised.

No ifs or buts. You can never trust that machine – the malicious software may have created “back doors” that are not known about, it may have install other software that isn’t known about as well.

The only real way to ensure that the machine is clean is to wipe the hard drive and reinstall every thing from scratch.

This is basically scorched earth policy, if you will.

On the flip side – once the machine is ready to use again, it will be a lot faster than it was before the rebuild.

On a different not.
If you happen to be very unlucky and your computer is compromised by software which intrenches it’s self at the BIOS or at the hard drive level in say hidden sectors then you could be looking at having to either replace the motherboard and/or the hard drive.