If a customer comes in with a virus, their computer will have to be checked in so that we can run scans. Remember to ask them if we can reset their password to their ID number. We will need to log-in to their account to check and see if the virus is actually gone. Most of the time, the virus is on the windows side, but double check to make sure that it is.
Follow these steps to completely remove the virus on the windows side after the computer is checked in.
What To Do
First, log-in to the user account. If it is not already logged in there, ask a supervisor to reset the user's password.
Next, start a Sophos scan. If you are unable to start a Sophos scan, follow these steps:
- Run the virus scans from the administrator account, and when they finish, try to run them again.
- If that does not work, try running the program 'rkill' on the user account. This program can be found linked in the AntiSpyware Utils folder. You may have to copy this program to the freespace of a diags stick in order to run it.
- 'Rkill' kills currently running known virus processes. If it is successful, you should now be able to run a full virus scan from the user account.
Another scan that we run often is Spybot. Spybot can be found on our network at '\\judah\junk$\Utils\AntiSpyware Utils'. You can run Spybot alongside Sophos, but it might take longer.
After finishing these scans, restart the computer. Run the scans again, and if they come up clean, the virus is gone. If the scans do not come up clean, continue restarting the computer after the scans complete, and run the scans again until they come up clean after a restart.
If you get stuck, or have any questions, feel free to ask your supervisor for help.