An MSP guide to malware cleanup
There’s no doubt that Windows PCs have become inherently more secure since the days when Windows XP was the corporate operating system of choice. As far back as 2010, official reports revealed that the malware infection rate for Windows 7 was nearly five times lower that the rate for XP (source: CNET ).
However, with the best will in the world, there will always be times when the malware authors and hackers get a few steps in front of Microsoft and the Internet security vendors. Often, nowadays, they do so by using social engineering techniques to trick those less competent users into installing something they shouldn’t. When this happens, you’re left with a cleanup job.
As an MSP owner, you and your staff are, inevitably, going to find yourself in situations where you need to clean up a client PC. So, here’s a guide to how best to tackle it.
1. Manage customer expectations
Often, customers will have no idea how deeply malware can bury itself into a computer’s operating system. Files can hide themselves, move around and morph, and often (especially on Windows PCs), a single malware attack can leave multiple infections. Ensure customers understand that a cleanup can take time so that they don’t become impatient, which they may - even if it was them who opened the suspicious attachment!
2. Decide where to “draw the line”
There comes a point in every malware cleanup where it becomes more time-effective to reinstall and rebuild than to continue attempting to clear every trace of infection. Decide up-front how long should be spent on a cleanup, so you don’t invest multiple hours and then reinstall anyway.
3. Isolate the computer
If you’ve identified an infected computer get it straight off the network. If you have any suspicion that cross-infection could have taken place, test-scan some other PCs to be sure.
4. Use multiple cleanup tools
Some of the very best malware removal software can miss certain infections. Every IT professional should have two or three reliable removal tools in their armory.
5. Check and check again
Many malware infections can hide themselves away only to reappear after a couple of reboots. Never assume an infection is completely clear until after extensive double / triple checking and rescanning.
6. Educate your clients
If you can ascertain how a malware infection entered a client PC, educate your clients to minimize the chances of it happening again. At the same time, know that sometimes you may never find the root cause, and be ready to explain this to clients. They are often extremely surprised that Internet security software is less than 100% effective.
7. Document the cleanup
Be sure to take notes during a comprehensive malware cleanup. Add the documentation to your MSP’s internal knowledge base or, even better; share it online with the wider technical community.