Viruses are here to stay, with new ones released each day......
Just how do Professionals kill viruses
It's not just a case of scanning with an anti-virus program...
So how do the professionals remove a virus infection and repair the damage. Surely if you just scan your computer with anti-virus software, so do they right! Well, there's allot more to it than that.
The infected hard drive is normally removed from the laptop / tower case and placed in a special docking stand allowing usb and fire-wire connectivity to other systems.
This docking stand is normally connected to a computer that has been specially set up for the sole task of working with external drives.
Drives are removed and scanned independently because windows uses file locking schematics for files that are currently in use or part of core system files. So anti-virus software is unable to clean or delete the files that are locked by the system. If the customers windows system isn't running then it can't lock any of its files.
The system used for virus removal will have two or more operating systems installed like say.. XP, Vista, or Linux. (Known as a Dual boot setup) Each system will have its own top-of-the-range Anti-virus software suite installed along with many other tools needed to get the job done right.
This system will also have tools installed to rebuild drive partitions, repair the MBR Partition information and other tools to edit stand alone windows registries.
Other tools on the system may include drive imaging tools and data recovery utilities. There will also be hi level security software such as a fire-wall that has program and executable file monitoring abilities for known dangerous files as the system doing the repair work also needs to keep safe.
There would also be a recovery procedure for the system kept on separate media so its never infected. This would be used to quickly rebuild the system should a virus get to it.
There should also be a special software utility that puts the engineers hard drive into a temporary read-only state stopping viruses from writing themselves to the drive. It does this by watching all the data going to and from the computer and only allowing vital known file system data to be written to the drive and user allowed data and blocking all other data but still allowing data to be read from the drive.
That's the basic description of the setup. The process of repair can be lengthily as the system is scanned 2-3 times for viruses by different anti-virus setups. Then the drives file system is scanned to make sure the file system has no corrupted sectors.
The Registry is checked with a tool that can access a windows registry early in the startup process after putting the drive back in the customers computer and booting to external media with tools to check the drives boot files and MBR if not done yet.
Then the system is re-started to see if it will run and if not the issues are found and resolved so the system starts up. Then the windows environment is checked to make sure there is no viral damage and if there is, how it can be fixed.
It's not just the virus that can do damage, sometimes files can't be cleaned and they have to be deleted. The engineer will examine the scan report to see if system files or any other vital files had to be deleted. This tells the engineer what needs replacing with new clean files and where they should go.
And thats the quick n dirty version.. Still think it's simple..!!!.
See what others have said about PCpetes.
Everyone's opinions are valued good or bad.