Any professional Malware removers around?

Discussion in 'other anti-malware software' started by ComputerSaysNo, Aug 17, 2012.

Thread Status:
Not open for further replies.
  1. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,425
    I'm looking for people who remove Malware as a living to share some experiences. What tools do you use to remove Malware/Viruses? How much do you charge per PC? Is it full time or just for a bit of spare cash? What's the hardest job you have had to do? What skills do you need?

    Any other info I should know about?
     
  2. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Tools:
    Gmer, Unlocker, MBAM, Random Boot disks (Kaspersky, ESET and Dr web), Hiren's boot CD, Hitman Pro, Kaspersky TDSS killer.
    How much do you charge? Depends on how bad it is. Usually about $50-75. Sometimes more if it takes me longer or need to install the OS again.
    Just part time for extra cash and the experience.
    Hardest job was to remove malware from a system. Only to find out that some of the system files were corrupt. Long story short I had to re-install the OS. Not before having to recover a ton of photos from the messed up HD.
    I think you need a basic knowledge of computers and how they work. A+ and N+ certification doesn't hurt. I have my A+ and most of my malware experience is self taught. If you lurk around here long enough and read some of the articles, you'll get the hang of it.
    There are some Malware University programs. Here is a link to get you started.
    http://library.techguy.org/wiki/Become_Authorized_for_Malware_Removal
    There is a wealth of knowledge on here as well. All you have to do is ask some questions and someone should help. Hope some part of this helps.
     
  3. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    424
    Location:
    Canada
    Other tools could be: OTL, aswMBR, Rogue Killer, Combofix, AVZ antiviral tool kit.
     
  4. Spiral123

    Spiral123 Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    128
    Tools: Depends on the issue, but I do like boot AV CD's, or any other way of scanning outside of the infected OS. Then move forward, with other analysis tools. If a critical system, an allowed some downtime for a rebuild, a reformat and reinstallation.

    How much do you charge? It really depends, at what is at stake here. If it is a business, and opportunity cost are high for down time I try to get my full billing rate. If dealing with a home user, I usually have to negotiate the rate. Economics.

    Hardest job: Again hard to say or define, but I would have to say for me it is not the technical difficulties, but the business needs that make it complicated.

    Other info: I would say only focusing on malware removal is too narrow of a scope. To be sucessful at a business strategy you must provide some value, or return on investment to your customers. I personnaly, find that with preventing malware, with network and system design are more profitable. Malware removal may get you into the door, but you need another value added service to bring to the table for it to be profitable.
     
  5. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    424
    Location:
    Canada
    Go to the avast forum and they will remove for you for free, they are very good.
     
  6. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,425
    Good advice, i was thinking of offering a software service as well to prevent malware. Much cheaper than retail because most users don't know about OEM software and how cheap it is. And also offering windows hardening/New OS install/formating/re-imiging.

    Can you expand on system and network design?
     
  7. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    nice username http://www.youtube.com/watch?v=_3mswfndknU

    i use virtually all the tools listed on this page (same as sig) and i charge around 35 british pounds sterling if its straight forward or more if its not, i also add in a quick PC maintenance service free of charge, more of an evening/weekend hobby thing.

    the hardest malware removal job i had was probably removing a MBR Ransom (Seftad), i had not come across it before so was unaware of the changes it made, ended up having to use partition recovery software along with some other tools.
     
    Last edited: Aug 18, 2012
  8. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Have you ever used Kaspersky's "Remove banner from Desktop, unlock Windows" tool? I just tried it on the web address for 'MBR Ransom (Seftad)'. It provided two 'Deactivation Codes' to try.

    http://support.kaspersky.com/viruses/deblocker
     
  9. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I have very little Malware cleaning experience. However, I do keep a bootable USB Flash Drive 'up-to-date' with the following:

    1. Avira Rescue System CD
    2. Bitdefender Rescue CD
    3. Dr.Web LiveCD
    4. Kaspersky Rescue Disk 10
    5. Many different Linux Distros for Data Recovery, Partition Management, Hardware Testing, etc.
     
  10. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    the client did not have internet access at the time (fixed it at clients end)

    edit- although that is a very useful page so i will ask the owner of the 'AntiMalware Toolkit' webpage in my sig to add it to the page.
     
  11. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    This is a catch 22 though. I could create a setup that's darn near full-proof, but the user (and more often, their kids) wouldn't be able to live with the restrictions. The next time they click on/try to install some random thing and it doesn't work right, they're calling you back telling you you fouled up their computer because the malware infested app they're trying to run won't work.

    So prevention isn't a viable option for most people. Restore is though. Get am image(s) when their setup is in a pristine state and keep it with you. Ask them to get anything important they've created/added since then and throw them on a USB stick or other removable device/media... scan the living bejesus out of it with the stuff listed above (I use many of them as well). Restore the image, then throw the new (cleaned) data back on.

    So I'd add Macrium Reflect to the list of apps above, or whatever imaging/restore software you're comfortable using.
     
  12. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Professionally? No. But often, yes.

    I usually manually remove malware by checking the registry/ file system. Usually that's the quickest way. Afterwards I'll run malwareybtes AM to make sure I didn't miss anything.

    Most of the time it's a simple matter of removing a folder from /appdata/
     
  13. philby

    philby Registered Member

    Joined:
    Jan 10, 2008
    Posts:
    940
    I do a lot of this as a part time job (one man show) and the problem I have is getting the volume of customers to earn anything worthwhile.

    For home users, I can't charge anything too lively either per hour or per job.

    Also, working on very old machines and/or poorly maintained Windows installs can take hours!

    The money's in the corporate stuff...

    Have learnt, rather than earnt, loads doing it though :)

    What skills do you need?

    Research skills, perseverance and very good interpersonals.

    philby
     
    Last edited: Aug 18, 2012
  14. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Ditto Philby.
    Work is too spotty. I might get a few folks looking for help. Then I won't for another 2-3 months. It's good for a few bucks here and there.
     
  15. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Just don't do it for free, you just have to do it for free once and you will be doomed for the rest of your life. :D :D
     
  16. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,013
    Location:
    Ontario, Canada
    And a large amount of Can Speeches!

    TH
     
  17. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,425
    Some nice tips, thanks. Looks like as always corporate work wins out :/

    Prevention is tricky subject because as a poster above me said you will probably break their PC if you put something like APPGuard on there.
     
  18. Spiral123

    Spiral123 Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    128
  19. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,129
    Location:
    USA
    If you want to try to do it full time I believe you need to offer comprehensive services, such as hardware upgrades, data backup and transfer, small network configuration, etc. Malware removal alone isn't going to cut it, and even when you offer everything the hours will vary a lot.

    Regarding how much to charge consider hourly and flat rates. Flat rate to customers who bring their systems to you and pick them up afterward. When you work on a system in your own space it matters less how much time it takes as you can do other things. Malware removal in particular can involve time consuming scans during which there's nothing else to do on the system.

    The malware that's hardest to remove is the type that cripples the system and blocks the internet connection. If SAFE mode doesn't help you need to use a rescue CD, or move the hard drive to a different system or external enclosure. It's slow and time consuming, and you need to know when to switch to "plan B" which is data backup and OS reinstall.

    The most important thing is protect the customer's data. Generally speaking customers don't backup and it's common for them to have years of pictures, financial data, etc, on the hard disk. They've put themselves in that situation, but as soon as you start working on it it becomes your problem :)
     
  20. philby

    philby Registered Member

    Joined:
    Jan 10, 2008
    Posts:
    940
    Absolutely - I always talk to customers about this before I quote for any work or even touch a machine.

    Another thing I forgot to mention is that having a website that carries customer testimonials is a definite work-generator if you are a little local guy like me. I've had a lot of customers come to me because they've seen positive feedback on my site from someone they know.

    philby
     
  21. Spiral123

    Spiral123 Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    128
    Whole heartedly agree, referrals are the life blood of a small business
     
Loading...
Thread Status:
Not open for further replies.