Smarterware

I work at UC San Diego’s Residential Networking, we do free viral removal for all UCSD affiliates, here’s our process:

1. Run Hitachi’s Drive Fitness Test (DFT). About 30% of the time, people have failing hard drives so it’s always best to check before spending a good deal of time manually cleaning a computer only to find out the work was in vain and the computer has hardware issues. If it fails, we call up the customer, have them purchase a new hard drive, and reinstall the OS for them using the COA on the bottom of their laptops, and pull the data from the old hard drive (this is all done with a fresh copy of Microsoft Security Essentials and the latest service packs on their machine so their computer isn’t reinfected.. If the test passed, we go on.

2. F8 into Safe Mode with Networking
3. Our network runs through a firewalled server with tools we download and run.
4. Run rkill.com to remove any active processes.
5. Run combofix, it sometimes takes more than once to run
6. Check the logs for missed things and manually remove files
7. Run CCleaner to remove any malware hidden in temp folders.
8. Run Autoruns to remove malicious startup entries
9. Run Process Explorer to see if any malicious processes are still running, and if there are any dll hooks from malicious programs.
10. Install and run Malwarebytes Anti-Malware full
11. Install and run Microsoft Security Essentials.
12. Verify with Autoruns/process explorer (to make sure its all gone).
13. Update programs with filehippo or ninite.
14. Install the latest service packs.
15. Give the customer a detailed description of how to stay safe and avoid reinfection.

Obviously this is the bare bones of what we do, we add on any necessary registry hacks and networking fixes on a case-by-case basis.

Hope that helps.