Static.spiceworks.com



Clean PC ProcedureIt is preferred to actually do this on site if a PC is in fact infected. You would want to reboot the PC into Safe Mode with Networking (long enough for the programs you are installing to download updates, namely Malwarebytes), then disconnect from the internet and follow the procedure. These instructions are assuming that the cleanup is being done remotely. YOU WILL NEED THE USER’S LOGIN SO THIS PROCEDURE CAN BE RAN ON THEIR SPECIFIC USER PROFILETransfer “Clean PC Procedure” zip file to PC to clean – Located in \\pgdps\common\softwareExtract Clean PC Procedure on PCBefore starting the cleaning procedure, remove any unneeded user profiles from the machine:1. Open System in Control Panel.2. On the?Advanced?tab, under?User Profiles, click?Settings.3. Under?Profiles stored on this computer, click the user profile you want to delete, and then click?Delete.Next, make sure that hidden system files are visible:Right Click?Start.Select?ExploreSelect the?Tools?menu and click?Folder Options.Select the?View Tab.Under the Hidden files and folders heading select?Show hidden files and folders.Uncheck?the?Hide extensions for known file types?option.Uncheck?the?Hide protected operating system files (recommended)?option.Click yes to confirm that you really want to do this.Click Apply.Click OK.Next, Run CCleaner to clean out Temp Files and clean folders. This needs to be ran for EVERY user profile on the machine before any scanning is started.:Install CCleaner from the Clean PC Procedure folder.Run Ccleaner with the default options to clean out temporary files. Only use default settings on the Windows Tab and select Run Cleaner. Do not run any other options from other tabs.Once finished, log in as the next user and run the same procedure, starting by going to c:\program files\ccleaner and running ccleaner.exe.Cure InfectionsRun VIPREDouble-Click Viprerescue15880.exe in the Clean PC Procedure folder.Say yes to extracting files to c:\VIPRERESCUESay yes to running the scanRun RogueKillerFirst scan will check processes and automatically kill any processes it needs to.Press Scan to start a scan of the registry, then press DELETE on any reported bad keys.Do another scan to make sure it is clean.Run Malwarebytes Run mbamsetup from the Clean PC Procedure folder. At end of install, uncheck all three boxes (Pro Trial, Update, Launch) and click finish. Go into c:\program files\malwarebytes anti-malware\chameleon, then launch mbam-chameleon. Follow the instructions on the DOS screen.Run TDDSKILLERCopy TDDSKILLER from the Clean PC Procedure folder to the desktop, then Launch.Press Start Scan.Once the scan is finished, if anything is found, leave action at default, and press continue.Run HitmanProCopy Hitmanpro from the Clean PC Procedure folder to the desktop, then launch.Press SettingsUncheck the box the says Scan for Tracking Cookies, then click OK, then Next.Select No, I only want to perform a one-time scan to check this computer, then uncheck Please email me, and hit next.Once the scan is completed, research the items found before taking any action.Run a scan with AVRun a full scan with the current AV product. Ours is currently Symantec.Cloud.Right-click on the Symantec icon in the system tray, go to Endpoint Protection, then select Manual Scan.Click on Run on Full System ScanDisable System Restore, reboot, and then re-enable. THIS STEP IS NOT NEEDED IF NO MALWARE OR VIRUSES WERE FOUND!PC OptimizationRevo UninstallerInstall Revo Uninstaller from Clean PC Procedure folder.Double-click a program to uninstall. Select moderate to do a thorough scan of the PC to remove all traces of the program. On the registry screen, select ONLY the items bolded, then delete.Delete Temp FilesGo to Start, Run, then type %temp% and press OK.Delete all files that are not hidden files (grayed out).Turn Off IndexingGo to Start > Control Panel > Administration Tools > ServicesGo to Indexing Services, right-click on select PropertiesSet Startup Type to DisabledStop the service if it’s running, then select OK.Swap FileRight-click on My Computer, then go to Properties.Make a note of the amount of RAM installed.Select the Advanced tab, then under Performance, click on Settings.Click on the Advanced tab again, then under Virtual Memory, select Change.Select Custom Size, then put in a number that is 1 ? times the amount of RAM installed on the system .Click on Set, then OK.Clean Up Desktop IconsRemove any unneeded Desktop Icons, or move the icons to appropriate locations. An uncluttered desktop will increase desktop loading times.Check Hard Drive Space - Run Disk CleanupGo into My Computer and check the amount of Disk Space available. Free up space by deleting files as needed.Right Click on the C:\ Drive in My Computer, then select Properties.On the General Tab, select Disk Cleanup.System Files – SFC /scannowFor the sfc /scannow command, a Windows Install Disk is needed. If no disk is available, then check to see if the I386 folder is in the c:\ drive. If it is not, then an I386 folder will need to be copied to the machine. There is a zipped I386 folder Windows XP Professional at \\pgdps\common\software. After the I386 folder is present on the machine, follow the procedure to modify the registry to change the default path of the sfc command to the I386 folder on the c:\ drive:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SetupHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\SetupChange “SOURCEPATH” to “c:\”Also note, you can use any XP CD’s I386 folder as long as you change the entry for PID in the Setupp.ini file inside the I386 folder to match the product type of the XP installation of the PC. You can find this by right-clicking My Computer, then going to properties. The first 5 digits of the Product ID under Registered To identifies the product type. These can be referenced at : the Setupp.ini file in the i386 folder and change the PID to match the installation:Retail = 51882335Volume License = 51883270OEM = 82503OEMOnce the I386 folder is in place and the registry key altered (or an installation CD is in the CD drive), go to Start, Run and type in SFC /scannowRun CCleaner to clean out registryOpen up CCleaner, click on registry, scan, click on Fix Selected Items, say yes to backing up registry, then fix all selected items. Repeat this process until nothing shows up in the scan.Use Autoruns to clean up Startup ProgramsExtract Autoruns from the Clean PC Procedure folder.Launch Autoruns.exeOn the Everything tab, go through the list and uncheck any unneeded items, or any items with a File Not Found note.Click on Save, then exit.Use Avast Browser Cleanup to clean up add-onsLaunch Avast Browser Cleanup from the Clean PC Procedure folder.If any add-ons appear in the list that are not needed, click disable.File System – chkdsk c: /f /rClick on Start, then Run, then type in chkdsk c: /f /r, then OK.A DOS windows will appear telling you that the disk cannot be locked, and will ask if you’d like to run on the next reboot. Answer Y, then hit enter.Restart the PC.Get all Windows, Java, and Adobe updates current.Make sure automatic updating is turned on for all components.Run DefragglerRun the Defraggler setup from the Clean PC Procedure folder.After the install, select the C:\ drive, then click analyzeOnce analyzed, click on Defrag.PageDefragRun PageDefraggler from Clean PC Procedure folderSelect Defragment on Next Boot, then OK.Reboot PCRun PC TweakerRun PC Tweeker install from Clean PC Procedure folder.Once install is finished and program opens, click the Next buttonOn the General Tweaks tab, Check Memory Tweaks, Disable Automatic Restart, Speed Up Shutdown, Open 16-bit Apps, Place Boot Files, Launch Windows Desktop, Disable MFT, Modify the Folder, Turn Off Folder, and Disable Tracking, then click Next.On Networking Tweaks, have only Disable Windows Network Auto Tuning and Keep TCP Working checked on the networking tweaks. Leave everything checked under service tweaks, then click Next.Select all items under Visual Tweaks, then click Apply Tweaks.When it asks to reboot, reboot the PC. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download