I never had good luck with the LIVE cds. They would remove a bunch of crap, but then you still had to dig through the registry manually for the errors they cause. Not much different than just scanning that drive on another Win box that has AV/Malware scanners, but this method is quicker.

I usually just throw another drive in solo, install windows on it, install AV, then plug in the old drive to copy data from. This seems to be my preferred method, as I have scoured machines with multiple scanners, only to have them not find new stuff lurking, or registry issues arise that you don't know to check for, or missed (aka HOURS MORE OF WASTED TIME scanning instead of just a clean install that will almost always just-work).

(My preferred method, if I can, after clean install on new drive includes an image of a clean OS install on the old drive, before copying data, just in case they screw it up again... for a quick-re-fix, as they will probably screw it up again. However UFEI didn't let me do old-school Ghost 2003 images, so LEGACY it STILL is...)

Yeah. I hear ya.

I REALLY like a Live CD that can update itself to the latest version via internet and scan and do its job, but I have only seen that happen once or twice and I forgot if it was F-secure or something else.

Last night I was called out to someone's home for their laptop. They had locked themselves out of their win8 system and after calling Toshiba they performed a system restore and that wiped out EVERYTHING but in the process of reinstalling their AVG they picked up some google-tracker-ID-006 malware. All it really does is maybe hijack the google chrome browser and narrow your search results as well as report back to the mothership I guess.

All of his virus scans with AVG did nothing and nobody (toshiba) over the phone could help him so he called me. After seeing that I could not change the data inside google chrome, I decided to give it a reset and that wiped it out.

This thing altered the search engine within google chrome so that he only had ONE engine and could not change it as there was no X next to it. You could not add others and the default was now www.google.de/something-006 so I wiped it out and rebooted but the stupid toshiba did not like me booting with an optical drive and it failed to let me boot with Hiren's so I was like, well, the problem has been solved so I will leave it. I left with the system doing a disk scan for his music. He was pissed that Toshiba walked him through a system restore over his missing win8 admin password and in the process he lost all of his music that he had been ripping from his cds. (40+ cds) so I fired up an UNDELETE program and left with it scanning and told him to see if it could help him recover his lost music without having to rerip it all and grab from i-tunes again...

Anyways. Bummer that there are some good ideas out there but they seem to fall short of this new technology lately. :\

dont you have a laptop for these service calls?

i would just pull the hdd or ssd out of the clients machine and then hook it up to your laptop and run run an AV scan.

AVG is garbage though, if youre in the business, you should be using something better. i would look into bitdefender or webroot.

^This,^ but hell, Avast-free does about a better than most paid versions of AVs.

If the machine has network connectivity and I am assuming its windows, boot into safe mode with networking and go to housecall.trendmicro.com. It doesnt load anything malicious from registry or restore point or the hive, etc. Also you are downloading the latest virus/malware/spyware signatures at the time you want to scan the machine.

If you want to go Live CD route, choose which one you prefer, still have to mount probably ntfs filesystem support and still go to an online scanner to get the latest definitions.

That's not always an option. Lots of newer laptops require you to completely disassemble them to remove the HDD, some HPs and Sonys come to mind.

I recently started using the Bitdefender live CD and it's saved my butt from having to wipe machines with tons of user data that I didn't have the option to just back up and reinstall the OS.

Have you tried the Trinity Rescue Kit live CD? It has several anti-virus programs that will update online.

very true, but at the same time the same laptops dont often use cdroms or dvdroms either. that is why webroot and bitdefender can both be loaded onto a thumbdrive and booted to.