Is there a simple answer / what am I doing wrong with dealing with the spyware?

I need expert's advice on this before my head explodes!

I take care of small networks at people's houses and am getting swamped with people giving me their PCs that are bogged down with spyware. I thought I was good at cleaning off the machines, but in the last few weeks, the spyware is certainly winning. Here's a bunch of questions / thoughts that I need answered.

Some background: I typically boot into safe mode, turn off system restore, then manually delete the obvious folders in program files, windows and prog files \common files. Then I'll install / run ncase remover, cwshredder, hijackthis, spybot (with latest update - for v1.3, I need to reboot to normal mode for that), Trend Mico has a program called sysclean that is free and I run that also, keep emptying the trashcan, I'll reboot into normal mode and if the machine is usable, I will run Panda's online scanner and trend micro's on line scanner. They seem to find loads that spybot doesn't. And I run the ps cleaner and vx2 cleaner. Even after all these different tools say it's clean, I still get popups sometimes. and it seems if you miss one file, all your time is wasted?! the spyware knows other parts are missing and downloads all the other things right away.

I am totally amazed how easy it is for these apps to install / gum up the machine and how hard it is to remove. I guess it's money for me / keeps me busy. but I can't charge for all that time that it takes and it's so depressing working on such a wasteful product.

1) the scans take so long! I had been averaging 1.5 - 2 hrs. to clean a PC, but that's moving to 2.5 hours recently. what is typical clean up time for you?

2) How do you lock down the machines?! I apply all windows critical patches and most recommended patches, install spywareblaster, update and enable all protection (I want to automate the updates, but their credit card approval takes a few hours and I am already gone by then). On win xp machines, I make the user a limited user (but then they complain they can't install things, etc... and if you ahve windows update set to automatically update, does that run OK? If you run windows update manually as a limited user, you get an error that you aren't an admin). and I install google toolbar to stop popups.

3) Am I wrong, but it seems like you have to log in as each user and run all those apps as each user?! I cleaned up one admin user name (and you would think the whole PC?!), logged in as another user and spywareblaster wasn't protecting everything and the restricted zone didn't have any entries - I had to enable all protection on that 2nd user also? I would think an admin's restricted zone in IE would apply to everyone on the machine? But I could understand why not also.... and then if they create a new user, same thing - spywareblaster isn't protecting that user?

4) When do you just reinstall the OS?! I was trying to remove malware from one machine, must have deleted the wrong thing 'cause then I was getting all kinds of error messages from the OS at startup. Wound up reinstalling Win Xp in a different directory (left everything as is in the windows directory) and boy did it run fast. But a reinstall also takes loads of time (check my math here). Instlal the os, apply ALL the windows patches, install the apps, etc. That can take hours of labor time (even if the PC is in the lab and you can walk away for a while. Yeah, I could ghost the machine ahead of time, but a) the clients don't want to pay when it's not needed (yet) these are typically new clients calling for the first time c) storage of all those images of current clients cost $$$.

Thank you for all your time and effort with this!

 

personally, what i do when someone asks me 2 fix a currupted pc thats full of spyware/malware is,

lock the "hosts" file, set attributes to "Read-Only" (once ive cleaned the hosts file out) then, i will remove all "bad" cookies, and limit their internet access by disabling cookies & such, then run windows update (or another tool i like called AutoPatcher )then, scan with spybot & adaware (once they are updated) & run a hijackthis scan, THEN, when im sure its all clean, ill install spyware blaster & update it

regards