> Most of my revenue has been been from virus and malware removal. I coupled the virus/malware removal with an antivirus installation service for $19 and most people gladly paid it.
Once a computer has become infected, it's fairly impossible to determine if the infection has been completely eradicated.[1] I wonder that that $19 buys you. A few executions of anti-malware software until they claim "Clean"?
[1] I realize that even in the absence of a known infection it's "impossible" to know whether you're infected.
(Previous 3 can be monitored with e.g. SysInternals AutoRuns)
* no browser / networking stack hijacking extensions showing popups / interstitials / DOM modifications etc. at random intervals
(As evidenced by e.g. HijackThis)
* no unsigned DLLs / drivers of unknown provenance loaded in any process or the kernel
(As evidenced by e.g. Process Explorer's Verify Image Signatures option - look in loaded modules of the "System" process to see all loaded kernel drivers and modules), with a representative sample of applications running (browsers, productivity, etc.)
* no apparent rootkit-style hijacking of the process / registry / disk inspection routines, as would be shown by e.g. RootkitRevealer
And of course, a commercial virus scan, for what it's worth. I personally don't run a real-time virus scanner; I rely on monitoring what the system is doing directly.
I agree with you completely in the difficulty of being certain that a computer is clean once infected, but some people (a la http://xkcd.com/694/ ) are not willing to deal with "starting from scratch" because it means having to backup their data, reinstall all of their applications, and redo their application settings.
I'd rather trust a geek with their own business than some HS dropout at BestBuy to run the anti-malware software. Or rather, I'd trust sending my friends and family to that person rather than BB. I can usually do the same pro-bono, but I just don't have the time anymore.
Once a computer has become infected, it's fairly impossible to determine if the infection has been completely eradicated.[1] I wonder that that $19 buys you. A few executions of anti-malware software until they claim "Clean"?
[1] I realize that even in the absence of a known infection it's "impossible" to know whether you're infected.