Virus Removal Test help!

[Mercuryaces]

Hello everyone, I am in need of help! I have an interview where I will need to remove a virus from a computer as a test. I'm familiar with a lot of the hardware aspects of computers, but have never myself gotten a virus. I've helped some friends remove viruses from their computers but they were pretty simple and I'm assuming this test might be "tricky"

 

Could someone give me a run down, on what they would do in this scenario? I can bring any "tools" I think might be helpful in removing it. What should be my first steps, should I be looking anywhere in particular, etc.? I would truly appreciate some tips.

[Bad5ector]

These were the go to steps back in WinXP / Vista / 7 days when I was working as a computer repair tech. Not sure what needs to be tweaked for Win10 /11, I imagine there are a few new things. But here were my goto steps:

 

- Boot to safemode with networking

- Disable system restore (Virii will nestle themselves inside the restore points)

- delete all temp files / cache (We used ATF cleaner, not sure if that is even around anymore or if it is still safe to use)

- find online scanner (bitdefender I think is one we used to use, I can't remember the others, but there were a few)

- scan>remove anything found

- install a local scanner for Malware / Adware and run (adaware, malwarebytes, CCleaner, etc. Pretty sure that adaware and CCleaner are full of malware themselves now so I'll defer to whatever the kids use now)

- Usually at this point, boot back to normal mode and observe behaviour.

- I'd run another online scanner, and malware bytes scan just to be safe.

- I'd also check startup for any suspect things and rip them out using registry (you can use MSconfig as well, but that just disables the items from starting up, doesn't remove them from the registry, really depends on how anal you were I guess. I had a motto, I didn't want to leave my customers in selective startup in MSConfig.)

 

At that point, if there still seemed to be remnants of a virus or malware, I'd contact the customer and see if they wanted me to continue or just go forward with wipe and reload of the system.  Which in all honesty is probably the best option for most customers to guarantee proper removal of the virus, but you probably can't suggest that during your interview.

 

Outside of that, depending on the virus, they will require some knowledge of how the OS works, and what processes do what. But if you have a solid troubleshooting foundation, you should be able to figure it out.

 

With all that said, I am interested in hearing from current professionals in the biz to see how much has changed in 12 years.

 

[Guest]

Go into task manager and look for anything unusual.

[Mercuryaces]

48 minutes ago, Bad5ector said:

These were the go to steps back in WinXP / Vista / 7 days when I was working as a computer repair tech. Not sure what needs to be tweaked for Win10 /11, I imagine there are a few new things. But here were my goto steps:

 

- Boot to safemode with networking

- Disable system restore (Virii will nestle themselves inside the restore points)

- delete all temp files / cache (We used ATF cleaner, not sure if that is even around anymore or if it is still safe to use)

- find online scanner (bitdefender I think is one we used to use, I can't remember the others, but there were a few)

- scan>remove anything found

- install a local scanner for Malware / Adware and run (adaware, malwarebytes, CCleaner, etc. Pretty sure that adaware and CCleaner are full of malware themselves now so I'll defer to whatever the kids use now)

- Usually at this point, boot back to normal mode and observe behaviour.

- I'd run another online scanner, and malware bytes scan just to be safe.

- I'd also check startup for any suspect things and rip them out using registry (you can use MSconfig as well, but that just disables the items from starting up, doesn't remove them from the registry, really depends on how anal you were I guess. I had a motto, I didn't want to leave my customers in selective startup in MSConfig.)

 

At that point, if there still seemed to be remnants of a virus or malware, I'd contact the customer and see if they wanted me to continue or just go forward with wipe and reload of the system.  Which in all honesty is probably the best option for most customers to guarantee proper removal of the virus, but you probably can't suggest that during your interview.

 

Outside of that, depending on the virus, they will require some knowledge of how the OS works, and what processes do what. But if you have a solid troubleshooting foundation, you should be able to figure it out.

 

With all that said, I am interested in hearing from current professionals in the biz to see how much has changed in 12 years.

 

Super helpful, thanks so much! feeling pretty confident now.