1. backup any/all user-created or downloaded important files
2. run onboard utilities like Disk Cleanup, Defrag, MRT (Malicious SW Removal Tool from Microsoft, which takes a long time to run but what the heck), MS Security Essentials
3. run Window/Washer or CCleaner (crap cleaner?)-type third party products for unneeded file removal if you wish
4. run Spyware Blaster by brightfort.com (keep this program around to prevent unauthorized installers from running; it's not antivirus but an installation preventer that's active only at bootup)
And last but not least:
5. use trk with clamav (run commands "freshclam" and "clamscan")
The interesting thing this time around was that I presumed no special knowledge on the user's part and simply downloaded a new copy from the Trinity Rescue Kit download page and selected the self-burning .exe file for Windows. It recognized the onboard burner and asked for a blank, then burned and asked for reboot. Presto - we're a Linux box now (as the hardware reads the burned CD's OS rather than the HDD's OS). Although I had to remind myself of "freshclam" and "clamscan" by looking on the net from a different computer since the help section on the CLI didn't mention those, the run went without issue, taking less than ten seconds to update and less than ten seconds to scan.
I also use Malwarebytes on this particular machine, and should probably do a closer look for this blog on all of these tools. I just wanted to put down this much to record the minimum of my approach for Windows-world maintenance - and I should also repeat my presentation of years ago of running all these things on an intentionally-virus'd machine. That was fun.
-----
NOTE: an editor's addition is coming shortly, which will prove that I am not a complete MORON. The above results were obviously the ten-second results, not the LONG VERSION, which would be to run "updatetrk" and then get serious with "virusscan -a clam; virusscan -a fprot; virusscan -a bde; virusscan -a va" ... these commands update and run four different scanners (there's a fifth, Avast, which I left off since I don't have the free key for it yet) which in order are ClamAV, F-Prot, BitDefender and Vexira. They are running now; stay tuned! (this is gonna take awhile, running as they are in -uiv, or unbelievably insanely verbose mode)
-----
ANOTHER NOTE: Ok, it got a bit more complex. I started out with a clean Windows machine (I use Windows mainly as a movie viewer) but accidentally virus'd myself by getting curious, searching for a free windows version of Vexira, choosing one of the WRONG links (pretending to be genuine) on a search and pulling in about 130 ads. That was an opportunity to run Windows solutions and see if they worked. Malwarebytes actually got almost all of them (126, I think) and they were still gone upon reboot. Further scans by Security Essentials and the protection state of Spyware Blaster didn't note anything. But running the string of four scanners from TRK as mentioned above found an interesting imposition disguised as a legit autorun file. TRK placed it into the conveniently created and named file "TRK-INFECTED". For some reason I found trk's command line difficult to fathom and in desperation found the INFECTED directory and deleted the file using the GUI from another Linux box (but in retrospect the cli was simple). The offender had been rendered inoperative by having been compressed (if there were other changes made to 'anaesthetize' it I haven't discovered what they were via the documentation yet).
So there it is. TRK finds a bad guy - which onboard Windows scanners missed - and rendered it ready for deletion. Four of the five listed scanners were used, but I'm still after days waiting for the free Avast key to show up via email. A full list of all goodies on board (unique to) TRK is at the TrinityHome page (linked above) if you go to the Documentation, then TRK Specific link...and there's an "all commands" link at the bottom of that list on the left.
