cleaning up Windows (7-10)
post by dodger

index - posts - github - bookmarks - spotify 🎵

going through my old archives I found this article i wrote up in conversational english walking one through cleaning up a Windows installation that may have viruses, adware, etc. i am reposting this for archival sake. the advice is pretty current.

Creado lunes 16 agosto 2021

My personal mirror of cleanup tools - USE AT YOUR OWN RISK. https://kebles.com/cleanup

as someone who's spent over a decade daily repairing consumer machines, i know that every computer is different. but more so, they're exactly the same. the same thing applies to users. this is how you fix most users' issues, in my experience.

this is an evolving document. this is meant purely for technician reference and doesnt cover customer service, which is a major part of diagnostic work.

a fancy term for checking the HDD stats with gsmartcontrol, crystaldiskinfo, or manufacturer specific tools like seatools or wd lifeguard. also entails running memtest86 if whoever you happen to work for at the time believes in testing shit you don't explicitly have an issue with. but always test drives. please.

• https://portableapps.com/apps/utilities/crystaldiskinfo_portable -

if a hard drive has failing or reallocated sectors, it needs to be replaced ASAP. reallocated sectors that are successfully remapped generally have accessible data. you can run a long drive self test to attempt to force surface to remap, and run chkdsk within windows to attempt to repair file corruption.

if every bad sector is reallocated you can try to clone the drive sector by sector using dd, clonezilla, or higher level tools such as acronis or macrium reflect . tip, always run chkdsk after a drive clone no matter what.

only SATA and IDE hard drives have built-in SMART data. NVME discs must be checked with drive-specific tests. Some motherboards (MSIs i've seen) come with a nvme test utility in the BIOS/UEFI.

99% of systems, the hard drive is the only testable component that matters. I personally recommend beginning every system with a hard drive and memory check. Skim the smart stats, run quick test, if behaves normally move on.

I recommend the following section first thing after successful diagnostics, as cleaning up these files will allow for faster scans down the line. It is recommended to boot into safe mode for cleaning temp files and startup items. Note, you generally will need a full Windows password and not just PIN to log into safe mode.

• oltimer's TFC - Bleeping Computer
  • small handy temp file cleaner
• old versions of ccleaner are acceptable
  • oldversions.net - USE AT OWN RISK - no https
• Windows disk cleanup
  • "Clean system files"
• addpc's TFC (not to be confused with oldtimer's up there) is useful for removing temp folders on externally mounted Windows drives.
  • MajorGeeks mirror
• sysinternals autoruns

Generally nothing really "needs" to be running at startup. drivers are drivers and are running if the thing they need is there. the only things i avoid touching are printer applications (i try to turn off any that will not autolaunch when someone actually goes to print, but some printers break if their companion app is not running in the background). any VOIP applications as well (not counting skype fuck skype). If a system uses quickbooks or the like for business and the customer has their sync turned on, leave this at startup. most of these applications will have services running at the System level anyway.

In msconfig, under Services, check "hide all microsoft services" and turn off services that you recognize as unnecessary (as opposed to turning off as many as possible). this is better safe than sorry, but for example very unnecessary services such as wildtangent games and such can be safely disabled.

malware is a word that just means "bad software". "software u don't want". there's nothing deeper to it than that. i hear people try to differentiate between a "virus" and "trojan" and "adware" and "spyware", to most end users, it's just "bad go away".

there's enough overlap with malware removal tools to cover many scenarios. the following tools have been successful in cleaning up what the majority of my customers have experienced, but this can vary with user types and location and other variables.

marked with a wave emoji mean run in safe mode 🌊️ (to get to safe mode in windows 10, hard shut down 3 times in a row for auto repair, OR hold shift and hit restart from windows, OR select safe boot in msconfig)

1. adware
   1. jrt 🌊️
      1. permalink: https://www.bleepingcomputer.com/download/junkware-removal-tool/dl/293/
   2. adwcleaner 🌊️
      1. permalink: https://www.bleepingcomputer.com/download/adwcleaner/dl/382/
         • also use to remove bloatware. preloaded apps are becoming a virus or hack attack vector.
   3. malwarebytes
      • offline installer below, or use https://ninite.com
   4. roguekiller
      • mirror (extracted installer): https://kebles.com/cleanup
2. viruses
   1. malwarebytes
      • https://downloads.malwarebytes.com/file/mb4_offline <- most current installer w/ offline definitions baked in.
   2. emsisoft emergency kit
      • bootable toolkit
      • https://www.emsisoft.com/en/home/emergencykit/
   3. hitman pro
      • pre-boot environment means scans can be more thorough
      • https://www.bleepingcomputer.com/download/hitmanpro/dl/176/
   4. kaspersky tdsskiller 🌊️
      • has found bootsector rootkits for me when nothing else could
      • run in safe mode or in a PE
      • direct: http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe
   5. Windows Defender - verify it scans clean.
3. make sure customer's AV software scans clean!
4. manually remove:
   1. malicious browser extensions that are left over
   2. startup entries for malicious, or unnecessary items left behind after cleanup.
   3. add/remove programs, any greyware remaining.

https://www.shouldiremoveit.com/index.aspx

• verify windows version.
  • if more than one build out of date, skip straight to in-place upgrade of the latest build of Windows 10.
    • Current w10 build @ time of writing is 21H1
    • https://www.microsoft.com/en-us/software-download/windows10ISO
      • Download latest 10 ISO or media creation tool.
• install optional driver updates, test devices, then turn off driver delivery via updates.
  • (this will probably re-enable itself sometime anyway)
• update any MISSING or drivers reporting a warning. do not update drivers unnecessarily if you aren't experiencing issues, or a known issue is found.
• UCheck by adlice is a thing. it exists. it's not necessary but it exists.
  • Checks third party software for updates, paid version can install.

• Disable fast startup (1008 - Disable fast startup in W10)
• Verify browsing to 3 websites
  • http AND https
    • apple.com
    • lego.com
  • No redirection
  • Speed acceptable for spec
• Reboot system 3 times.
• unplug system and clear caps (hold power button down) and plug back in to cold boot system.

verify it boots to the desktop or login screen.

(or tell your customer to avoid forever:)

• Anything with the word "Optimize" , and anything with the word "Registry"
• Anything advertised on TV as a way of adding more resources to a computer to make it perform at an impossible level.
• Services with guarantees that cannot be verified in-person.
  • there is nothing wrong with remote spyware cleanup work except how they're getting away with so many scams overseas. If you back that up with an in-person meeting, especially if you have a brick and mortar, shows a level of trustworthiness.
• Mcafee
• Norton