Antivirus is no guarantee of a clean, well functioning computer. There are times IT professionals need to manually clean their machines. As such, a topic of conversation for a computer advisory board I read regularly has been on toolkits for infected workstations. The toolkit addresses removing malware from these infected workstations. One member suggested the below steps, those of which seemed like a reasonable approach:
Antivirus is no guarantee of a clean, well functioning computer. There are times IT professionals need to manually clean their machines. As such, a topic of conversation for a computer advisory board I read regularly has been on toolkits for infected workstations. The toolkit addresses removing malware from these infected workstations. One member suggested the below steps, those of which seemed like a reasonable approach:
1) Determine if this has the potential to go to court. If so, abort process, start chain of custody proceedings and notify legal.
2) Is re-imaging an option? If so, abort process and give system to Help Desk for re-imaging.
3) Download the Sophos CLI system and run a scan.
4) Do all the cleanup possible
5) Verify the cleanup with Sophos bootable Linux distro. (Contact Sophos if new version is needed.)
6) Verify the cleanup with Bootable ClamAV Linux LiveCD
7) Reboot into Windows, verify with Malware Bytes
8) Remove Malware Bytes, reboot and verify with latest Microsoft Security Essentials
9) Review user permissions
10) Review patch levels
11) Assume clean
NEXT STORY: Now That's Ironic