What is CURRENTLY the best method for removing viruses on Windows?
February 8, 2013 10:35 PM   Subscribe

I assume the tools have changed in the past 5 years or so, despite Windows' better security, but back in my day it was Avira, Symantec and CCleaner. What's changed in the world of viruses and malware in the past 5 years, and how can I best impress the powers that be with thoroughness and efficiency?

I have a technical job interview and a quiz. Obviously this may be critical for my chances against the other candidates, but I've been on a Mac (and Linux) since 2006 and obviously have less need for that sort of thing as a result. Back in my Windows days, it was all about prevention. I don't need to be perfect, I would just like to be knowledgable about the most effective current methods. Thanks!
posted by hoborg to Computers & Internet (19 answers total) 33 users marked this as a favorite
Deezil's MF profile has some great references and is oft noted on the site. It is geared toward DIY, but very well put together.

Plus there are links to other virus fighting pages on it.
posted by lampshade at 10:55 PM on February 8, 2013

Samsara's profile also has info.
posted by lampshade at 10:56 PM on February 8, 2013

I've never had to use them, but I keep a thumb drive containing (among other things) rkill, combofix, Unhide, and Hijack This in my wallet. After that it's mainly Spybot and CCleaner. avast! is my choice for passive protection.

(Do note that I am not an expert.)
posted by CustooFintel at 11:31 PM on February 8, 2013

Malwarebytes is popular with some people.
posted by Cranberry at 12:09 AM on February 9, 2013

Best answer: Unfortunately the free Microsoft Security Essentials now sucks big time. Bitdefender is the current top virus scanner. See AV Comparatives.
posted by devnull at 2:14 AM on February 9, 2013

I like avast.

But I suspect most of the commercial AV products are OK. We use McAffe at work, seems ok.
posted by mattoxic at 2:43 AM on February 9, 2013

Best answer: For removal, ComboFix, Malware Bytes, SuperAntiSpyware, and the ESET Online scanner in safe mode handle most things pretty well. If you have physical access to the PC, the AVG Rescue Disc can be helpful too.

For prevention, the most effective defenses are behavioral: Don't click on links in your email, don't open attachments that you aren't already expecting to receive, don't give programs admin access unless you know what they are and what they are going to do, don't open ports you don't need to in your firewall, stay out of the dark alleys of the internet that are most likely to hit you with exploits (pornographic websites, illegal download sites, that sort of thing). Keep Windows up to date. If you can live without Java and the Adobe Reader, remove them; if you can't, keep them up to date too. Run some kind of antivirus (no need to spend money here, AVG is fine, Security Essentials is fine) and keep it up to date. Set a password on your account so that other people can't walk up to your computer and screw it up for you.

If you're super paranoid, run as a standard user instead of an administrator. Most people won't do this because it's very inconvenient, because to install software or make changes to important folders you have to log in as another user. On the other hand, that means that any programs you run can't do *that* much damage, barring some unpatched exploit in Windows, so it's also a lot safer.
posted by JDHarper at 5:02 AM on February 9, 2013

I use AV software as a prevention measure. Once infected, wipe, reinstall, restore. Nuke it from orbit, it's the only way to be sure. I'm not sure why, especially in a business environment, this wouldn't be the preferred method. And since you're in a business environment, re-imaging should take no time and user data should never be stored on a workstation anyhow.
posted by Brian Puccio at 6:51 AM on February 9, 2013

I use Acronis True Image to make an image of my system drive after I install all the programs that I use, and try to quickly do as many of the presets for things that I like. If I think that I have a virus, I just copy whatever is on my system drive (my documents folder) and then re-image the drive.

I probably do it about once a year and it works pretty well.

I've never really felt like once I had a virus of signficance I was able to entirely get rid of it.
posted by mockpuppet at 8:16 AM on February 9, 2013

JDHarper: I don't think it's super paranoid to run without easy privilege escalation. I run as a non-admin user on my work PC and the trick to making it really easy and quick to do admin tasks is to a) set up UAC properly so it will prompt for the credentials of an admin account other than your own to do admin tasks* or b) hold down shift and right click the program or control panel object and choose "Run as a different user..." which allows you to do all kinds of installing and deleting without going through the rigamarole of switching user environments.

*An even cooler trick if you get UAC set up properly is you can start typing whatever program or control panel object you want to run with privileges in the search bar in the start menu and then hit ctrl+shift+enter to run it with a request for privilege escalation.
posted by whittaker at 9:17 AM on February 9, 2013

I agree with Brian, there is a time for prevention and a time to reinstall.

A way to frame this is that prevention of viruses is critical. As are backups.

Once a virus is on a computer, the best approach and most efficient is to wipe the OS and reinstall. If you have access to safe-mode you can backup up important (non-application) local files before the wipe.

I remember spending weeks battling viruses. I switched to saving my documents on a different drive than my OS and reinstalling my OS if I get hit by a virus (which I don't). In the rare occasion that I do, I reinstall and I am back and running in a day or two.

However, I am not sure how to play this in a job interview, people may not like to hear, "I'll just reinstall everything." It doesn't mean its not the best method, it just needs to be well justified as a time/money saver.
posted by occidental at 9:43 AM on February 9, 2013

I use AVG Free as my everyday protection with Malwarebytes as a backup scan-on-demand tool if I suspect I might have caught something nasty that AVG missed. Both tools working in concert (plus a little research) licked this SOB, so I'm pretty confident in them.
posted by Rhaomi at 11:14 AM on February 9, 2013

I think the right answer is to 1) Make a copy of user data. 2) Scan the user data with anti-malware tools of choice. 4) Use a license key recovery tool. 3) Wipe and reinstall windows and applications. 4) Install proactive anti-mailware. 5) enter recovered license keys 6) transfer sanitized user data back to computer.
posted by Good Brain at 12:03 PM on February 9, 2013

In mega corporate world, they're leaning towards running Windows VMs, either on a completely different operating system (Linux) or on Hyper-V. These VMs have all the same prevention tools as everyone else is mentioning, and they're easy to nuke from orbit and restore if necessary.

It also provides benefits to sandbox each VM from each other, ie: company data isn't on the same VM as personal or clients' data.

Also, big corp won't rely on the users to do anything, everything will be centrally managed. You don't expect employees to regularly run scans, you just turn on their computers in the middle of the night and do it for them.
posted by meowzilla at 1:37 PM on February 9, 2013

Response by poster: Thanks for all the help, everyone. This is specifically for consumer-oriented stuff like you'd find at GeekSquad (though thankfully not as complacent), so it looks like I'll just be bringing a USB stick of the programs mentioned, although I'm glad to see that MY old method of just wiping everything clean (usually a good plan anyhow) and starting from an image is still valid.
posted by hoborg at 3:09 PM on February 9, 2013

Best answer: I think you should start your answer with "The best and only way to be completely sure a client is virus free is a format and re-install. However if they are unwilling to have that done then these tools are the next best thing...".

This gives you the chance to answer correctly and also realistically at the same time.
posted by mr_silver at 12:32 AM on February 10, 2013

I thought MalWareBytes was pretty great for a while, but I currently have a Google redirect virus (well, uh, my computer has it, actually) and the latest update of MWB doesn't even identify it. Nor does SpyBot.
posted by parrot_person at 1:21 AM on February 10, 2013

parrot_person: If it's the same virus that I've seen, running TDSSKiller from safe mode may do the trick.

But as everyone above is saying: the best way to be *sure* of removing viruses is to backup, format, and reload.
posted by JDHarper at 11:18 AM on February 10, 2013

Be really, really careful with AVG free. It now tries very hard to install several terrible browser toolbars that in my view amount to malware. You can prevent this from happening when you install it, but you need to be vigilant during the process and not assume that everything it suggests you OK is actually a good idea. I don't recommend it to non-savvy friends any more because of this.

One thing nobody's mentioned is the choice of Windows version. A lot of people are still using XP, but W7 is very stable and usable and implements better security choices out of the box.
posted by Acheman at 8:42 AM on February 11, 2013

« Older Why are leafy greens (kale, spinach, et. al) so...   |   What are the electronic music maestro guys using... Newer »
This thread is closed to new comments.