PC Clean

Procedure for performing a PC Clean.

Procedure

The PC Clean is handled first by the LocalTechs and then by a RemoteTech. Once authorized, the LocalTech should check for obvious signs of infections or other issues and then connect the computer to a RemoteTech for the clean to take place.

Initial Setup

Follow the instructions in Procedure - Software Diagnostics to get the computer prepared and connected.

First Steps

  1. Import system information via UPCCPowerMenu if you haven’t already. This should have been completed in Initial Setup.
  2. Download, extract, and run as administrator GSmartControl from the RemoteCare toolbox (Toolbox ⇒ Hardware ⇒ gsmartcontrol###). Use the appropriate x86 or x64 version based on the information gathered in step 1.
    1. The C drive is typically the first in the list, but you can verify by clicking on a drive icon and checking the corresponding drive letter in the info at the top.
    2. Double click the drive icon that corresponds to the C drive.
    3. On the Attributes tab, check SMART IDs 5, 187, 188, 198, 199. Multiple non-0 raw values usually indicates a high chance of drive failure.
      1. Note: Not all drives support all SMART attributes, and some drives (like NVMe drives) do not support SMART at all.
    4. Click “View output” at the bottom.
    5. Using the PasteCare utility, attach the output log to the work order.
    6. If the customer has multiple drives, repeat steps C-E for each subsequent drive and name the SMART reports accordingly (SMART Report C, E, etc)
  3. If chkdsk presented errors or issues during diagnostics, run a full chkdsk repair now.
    1. WIN+Z ⇒ File System ⇒ CHKDSK (repair)
    2. This will require a computer reboot, and may take anywhere from 10 minutes to 10 hours- it’s hard to pinpoint, but generally faster computers will finish more quickly.
    3. Occasionally the CHKDSK will not run the first or even the second time it’s scheduled. Keep trying until it does. You will know if it did not run if the computer reboots in a normal amount of time (1-5 minutes). You can check to be sure by searching for “chkdsk” in the Application Logs of Event Viewer to see if it has executed recently.
  4. If SFC presented errors during diagnostics, run a full SFC scan now.
    1. WIN+Z ⇒ File System ⇒ SFC (repair)
    2. When finished, SFC will either show that errors have been resolved or that some can’t be resolved.
      1. If there are more errors, and the computer is Windows 8 or higher, run DISM (repair) from the same section of UPCCPowerMenu.
      2. If DISM does not repair the issue, then the computer may need a repair install or Reload+Backup to properly fix it.
        1. Revisit the SFC log from earlier. It should have been saved on the desktop as “sfcscannowdetails.txt” and determine if the issues presented are significant enough to warrant a more drastic (and longer) repair process.
        2. If the system is not impaired by the damaged/corrupted files in the SFC report, it may be safe to move onto the next step. If you are unsure, ask a more senior Tech for advice.
  5. Repeat steps 3-4 until no more errors are presented in chkdsk and sfc scans.
  6. Check for and remedy any other immediate and obvious system issues.

Malware

Look for obvious signs of infection as outlined in the Procedure - Software Diagnostics article.

Initial malware removal

Start by removing any potentially nasty malware or intrusive PUPs:

  1. From the Remote toolbox, run Malware ⇒ rkill
    1. Used to kill any malicious processes that may prevent proper malware removal
    2. Do not proceed until this step is finished, because rkill will kill any open windows
    3. A log file will open when done. Paste this as a WO attachment as “rkill Log”.
  2. Run Malware ⇒ AdwCleaner
    1. Review and remove all found items
    2. The computer will reboot, then present a log as a text file. Paste this log as a work order attachment named “AdwCleaner Log”.

Full malware removal

  1. From the Remote toolbox, run Cleanup_uninstallers ⇒ revouninstallerpro
    1. It should already be activated but if not then find the software license here.
    2. Select all PUPs and other malicious or suspicious programs, right click on any one of them, and do a Quick Uninstall. If done correctly this will uninstall all the selected programs in succession.
      1. Chromium is not malicious on its own but is usually bundled with adware and people install it unknowingly. It can be uninstalled.
    3. Proceed with removal. If prompted, delete any traces of the software.
  2. If it hasn’t been already, install the security software suite from Remote Toolbox or Cleanup folder ⇒ Ninitechocolatey => chinstall_security.bat.
    1. Configure security software according to steps in Procedure - Software Diagnostics.
  3. Run Malwarebytes and SUPERAntiSpyware concurrently.
    1. Review and remove found items.
  4. Look for signs of a tech support scam, remove them, and make a tech note with the details. If the modified/created date is recent, advise the customer on how best to handle a tech support scam (specifically with their bank).
    1. TXT documents on the desktop with names like “tech support” or “24 7 help” or similar
    2. Folder toolbar in the taskbar with a phone number, by the system date and time
    3. Unusual programs or shortcuts on the desktop
      1. ATF Cleaner, “Windows Firewall” shortcut, etc
  5. Check all installed browsers for homepage/search hijacks, unwanted extensions, and other settings.
    1. If hijacked, set homepage and search engine to Google
    2. Remove any unwanted search engines

Quick malware scan

After the initial and full malware scans are complete, restart the computer.

  1. Check again for any installed PUPs and remove any that may have not uninstalled correctly, or that were installed during the uninstallation of another PUP.
  2. In each browser:
    1. Check for redirects. Navigate to a known good site (https://universitypccare.com, https://apple.com, etc) and click around on at least 3 links from each page.
    2. Look for injected advertisements.
    3. Final check on homepage/search hijack, malicious extensions.

Customer-specific issues

The order of this step may come earlier or later depending on the severity of the customer’s issue and the state of the machine. For example, a customer complaint of the computer being slow has less precedence than a malware infection that is discovered during diagnostics.

Deal with the customer-specific issue at this time. Document your findings. In general:

  1. Attempt to replicate the issue if replicating the issue will not damage the computer or operating system.
  2. Find the cause of the issue
  3. Research a solution either from past knowledge, previous work orders, or internet searches
  4. Apply the solution
  5. If solved, document your results. If not, start over at step 2.

Other Steps

  • Run Windows update
  • Check for and fix missing drivers in Device Manager
  • Check for Windows activation
  • Run any Java, Adobe, etc updates
  • Attach a SMART report to the work order if it wasn’t done during diagnostics
  • Update browsers
    • Chrome and Firefox: Open browser, go to the menu ⇒ Help ⇒ About to do a version check and update. May need to repeat it a few times if the browser is really old.
    • Internet Explorer: No longer officially supported by Microsoft but may be used specifically by some customers for browser compatibility reasons with older websites, usually for work-related web apps.
    • Edge: Stays up to date with Windows only present on Windows 10 and newer.
    • Safari: Surprisingly it is available for Windows but people usually install it accidentally. Just leave it alone.
    • Opera: Who uses Opera…
    • Vivaldi: Same as Opera.

Final Steps

  1. Check Date & Time in bottom right corner of taskbar
  2. In the Cleanup ⇒ Chocolatey folder, run “chinstallsecurity.bat” as Administrator. This will install Malwarebytes, CCleaner, and SUPER Anti Spyware.
  3. Move the Security Software folder onto the desktop, from the Cleanup folder.
  4. Win+Z ⇒ Run Final Cleanup
    1. Confirm UAC prompt if presented.
    2. When progress bar finishes, all icons generated by the power menu should be gone. The cleanup folder will persist with just the power menu in it.
  5. Delete Cleanup folder at this time.
  6. Restart the computer
  7. After the computer restarts and returns to the login screen or desktop, end the remote session and contact the customer.
Discard
Save
Draft
Was this article helpful?
Edit Page New Page Revisions Page Settings

Previous Page

Left

Next Page

Right

On this page

Review Changes ← Back to Content
Message Status Space Raised By Last update on