A virus or malware infection costs businesses time, data, and reputation—but it's also one of the most profitable service lines for repair shops. Getting your pricing and process right means faster turnarounds, happier customers, and repeat business from companies that need ongoing protection.
Why Malware Removal Is a High-Margin Service
Malware removal sits in a sweet spot: it's urgent (customers need it fixed fast), it's specialized (not every tech can do it safely), and it justifies premium pricing better than routine maintenance. Most businesses don't have in-house security expertise, so they'll pay for speed and confidence. A single infected network can cost a client thousands in downtime and data recovery—your service prevents that nightmare scenario.
Pricing Tiers That Work
Basic malware removal typically runs $150–$350 per machine. This covers scan, quarantine, removal, and basic remediation on a single desktop or laptop. Use this for straightforward infections caught early, where no data recovery is needed.
Advanced removal with data recovery runs $400–$800+. This applies when malware has encrypted files, deleted critical data, or embedded itself deep in the system. Expect to spend 3–6 hours on these jobs using specialized tools like Malwarebytes Premium, HitmanPro, or Kaspersky Rescue Disk.
Network-wide scans and hardening should be quoted per machine plus a labor flat fee. Charge $100–$200 per endpoint to scan and clean, plus $500–$1,500 for network assessment, firewall configuration review, and security recommendations. This upsell is gold—one infected machine often signals weak security across the whole network.
Monthly managed security monitoring ($50–$150 per device, per month) locks in recurring revenue. Offer it to clients after a removal to prevent re-infection.
Your Process: Speed and Transparency
Initial assessment (30 minutes, no charge): Interview the client about when they noticed symptoms, what's behaving oddly, and whether they've already paid a ransom or clicked suspicious links. This tells you severity and liability risk upfront.
Boot to a clean environment: Don't scan from an infected OS. Use a bootable USB with DBAN or a Linux live environment to isolate the drive and scan safely.
Multi-tool approach: One scanner rarely catches everything. Run Malwarebytes, Windows Defender offline scan, and HitmanPro in sequence. Document each finding in writing.
Restore points and file review: Check system restore points (malware often disables them). Review startup programs, scheduled tasks, and browser extensions for persistence mechanisms.
Full system backup before removal: If data recovery is uncertain, image the drive first. Explain this step to the client—it demonstrates professionalism and protects you legally.
Post-removal hardening:
- Update Windows, drivers, and all software
- Enable Windows Defender real-time protection
- Enable automatic Windows Update
- Install and configure a reputable third-party firewall if the network lacks one
- Reset browser settings and remove suspicious extensions
- Create a new admin account if the current one is compromised
Follow-up scan (48 hours later): Confirm no re-infection. Charge this as a $50–$100 support call, or bundle it free if you're pushing the managed security upsell.
Documentation That Sells
Write a one-page report for every removal job. Include:
- Threats detected (names, severity)
- Actions taken
- Timeline and labor hours
- Recommendations for prevention
- Cost breakdown
This report doubles as a sales tool for monthly monitoring and network audits. Email it within 24 hours of completing the work.
Building Trust in a Skeptical Market
Malware victims often feel foolish or worried about recurring infections. Be clear about what caused the breach (phishing email, unpatched software, weak password) so they understand the risk. Offer a 30-day re-infection guarantee—if malware returns, you'll remove it free. It's a cheap insurance policy that converts one-time repairs into relationships.
Frequently Asked Questions
Q: How long does malware removal typically take? A: Straightforward removals take 2–4 hours; complex cases with data recovery or network-wide infections take 8–20 hours spread over 2–3 days.
Q: Should I charge separately for system optimization after removal? A: Yes. Offer it as an upsell ($100–$200) to defragment the drive, disable startup bloat, and optimize performance—customers feel the difference and perceive added value.
Q: How do I prevent scope creep on malware jobs? A: Quote based on initial assessment severity, get written approval before exceeding the estimate, and reserve data recovery as a separate line item so clients understand additional costs upfront.
Growing your malware removal business starts with transparent pricing and proven results—listing your services on Mercoly helps businesses find you, submit leads directly, and trust your expertise with their security needs.