PC Woes and Virus Foes

So recently I’ve been somewhat of a PC fixer-upper again (among other things)… But these days I’ve been wise to enforce some form of payment (usually in the form of firewater or cold hard cash); which, any family/friend-helper can attest to, becomes a nightmare. Part of why I decided to pick it back up is to experience what today’s battles are – and unfortunately they’re mostly of the same variant that was rampant even 10 years ago.
I’ve been asked by family and friends alike to give what insight I could into what it takes to keep your PC clean, and how to recover if you fail.

So what?

So??? So honestly I’m just throwing a few things I found over the years to assist me when fixing PCs. Maybe they can help you too?
As a caveat, I’d like to state that most of these concepts are Windows specific. That doesn’t mean they can’t apply to other platforms, but Windows is the most-used OS and thus is attacked more. Also some of the topics are just really limited to Windows (registry, defrag, etc.).

Tools

  • ntpasswd – A *MUST HAVE*!!! I’ve been using this one for years, since late 2003 and it only gets better every update. It allows you to manipulate a Windows NT based system by allowing you to a) Wipe passwords from a user, b) CHANGE passwords for a user, and the biggest lifesaver is c) Allow you to read/write to the REGISTRY! This has saved me probably over 200-300 times since I’ve started using it, and I’ve donated to this guy on a few occasions. Sorry, off the soap box 🙂
  • XP Emergency Util – This literally saved my butt from not being able to run ANY of the files it supports. It’s easy to use, and does exactly as advertised. Don’t waste time trying to fix it yourself, use this tool!
  • AutoRuns – Microsoft bought SysInternals (original manufacturer of this product) out, but it’s still a great tool. Allows you to very exclusively enable/disable anything from processes, to services, to even driver loading for your system. Definitely helps fine tune the startup process! There’s some options inside that I rarely look at, but when a system is super-dirty from malware, it’s good to see what IE and Explorer are loading as well.
  • System Information for Windows (SIW) – Gives a boat load of system information from Motherboard info, BIOS info, of course disk/device/directX information, and just some major details that a geek could only ask for. The free version has always done everything I’ve needed it for. If someone is asking “should I buy more RAM” or “can I upgrade ,” you can direct them to this tool and get a nicely generated report.
  • Avira – Not a POPULAR choice of anti-virus, but it’s taken my heart even over the likes of Nod32. It’s lightweight, and hardly obtrusive. A friend introduced me to it a few years back, and I’ve yet find something that rivals it. It’s also found viruses on PC’s that McAffee, Norton, and AVG haven’t found, which has kept it my number one virus scanner. The only downside is the freeware version has a nag screen on every update; otherwise fully functional for life!
  • MyDefrag – A powerful, script-able, and often updated defragging utility. I wish it gave more information than just a graph, but certainly does an outstanding job for a free application. There are others with better UI, and even more options, but you’re going to pay for them and probably spend more time configuring and waiting for it to finish.
  • Spybot – A great spyware remover. It has a few nice features that most other malware/spyware apps don’t have: a resident process for protecting your registry, a bunch of registry/browser fixes to avoid spyware infections. I’ve yet to find anything that quite compares from a heuristic/detection standpoint. There are others that are close (i.e., malwarebytes), but don’t exceed in any way.

Tips

Check the Disk, for an unknown Risk

This should be pretty basic… Check the disk for physical failures before even working on it. You don’t want to spend 4 hours backing up 80 gigs of files to find out that you couldn’t get this ONE project that your client wanted. They could have lost ALL files except this one you couldn’t get, all due to a bad sector on the drive. Four hours ago, you could have thrown the disk away and rebuilt the OS without having to have wasted time copying useless files.

Defrag like there’s no tomorrow

I usually break this one, but I honestly try to make defragging one of the FIRST things I do when working on a PC. You know the owner didn’t do it, Windows doesn’t come out of the box with it enabled, and so you should save yourself the trouble of working on a 5 year old pc with 96% fragmentation (I’m not even kidding you).
Backing up files (even just copying/moving on the same disk), scanning for viruses, and general navigation throughout the OS can become insanely frustrating when it takes way too long to accomplish. What, that 2.5GHZ machine with 2GB of RAM isn’t performing like you’d expect? It might be because of this.

In my most recent exorcism, I found a virus that would create randomly named, and randomly sized files on the disk, NON-STOP. As best as I could tell, the purpose was to keep the disk churning, and defrag the disk pretty bad. What’s worse, is that these files were all accessed and locked by the virus, so you couldn’t just delete them. With the use of handy-dandy boot disk, I deleted these files, and performed a defrag.

Applications (antivirus, task manager [taskmgr.exe], regedit, misc security exe files) won’t start!

*DISCLAIMER* There ARE some other methods that I’ll try to discuss later, but this approach is what fixed the issues on the computers brought to me recently.

This one is interesting, there’s a registry key that will allow you to alter how an executable file is actually handled.

In my particular case, I couldn’t run any of the files listed above, plus some other critical executables (i.e., gpedit.msc, msconfig.exe, etc), and this was the exact issue. Windows wasn’t treating it like a standard executable that would just run, and let the user interact with it.

Open regedit (if you can’t for some reason, try the tool “XP Emergency Util” listed above), and navigate to the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

Delete every folder you see under this key (unless you KNOW what you’re doing). There is usually a default entry named something like “Enter your image name here.” But that isn’t necessary to have.

In layman’s terms, this is used to allow Windows to execute an application in a special debug mode, and it’s rare for a PC to have this debugger installed, so the default action is to just start the app and close it immediately (essentially crash). This is why these applications won’t run, even when you can’t find any viruses/malware on the PC.

Disk is pretty full (aka, “Little in the middle, but she’s got much back”)

Regardless of fragmentation schema, and however you organize files on the disk, a full drive will ALWAYS be slow. Time and time again people come to me, expect me to turn water into wine, and they get it back and have this attitude of “Well, it is a little faster, but I expected it to be a LOT faster!”

I can understand this, so I simply describe it like so:
Imagine you have a line of dominoes that stretches 5 miles, you know – hypothetically… Well, let’s say when you start lining them up, you place only 1 mile of dominoes, and give that a test run… Wow, that sure can take a good while… But could you imagine a 5 mile line of dominoes? That’s going to take forever! When you fill up your disk, finding and writing files is like having to knock down all the dominoes in front of your file. And after I’ve described file fragmentation to them, they also realize how much worse it gets.
Usually about here the client understands where I’m going, and I present them with two options:

  • Backup important but unused files (old galleries, last year’s papers, etc.) onto an external drive (I prefer platter or SSD over optical media these days) and store it securely.
  • Get a second hard drive internal to the PC and put your most used files on it. This simply segregates the media access for operating system, and storage space.
  • As an ABSOLUTE last resort, and really only suggested for light usage (e.g., PC is grandmas or the teen’s email and picture storage computer), is to create another partition on the drive, and store media/documents there. This will at minimum reduce any seek time required to search over your OS-related files, and jump immediately to the goods. I want to be clear and note that if a PC is to be heavily used (e.g., gaming, graphic/video editing, etc) then this will actually hinder performance, as the drive now has to hop all over – something similar to fragmentation, but this is forced.

Ideas

This last recovery attempt, I booted up an OLD Windows PE CD I had built manually back when it was a new concept. This was even before BartPE became a tool, which has recently re-caught my eye. My version is horribly Frankenstein’d, mostly buggy, and implemented outdated software. I’ve also taken a liking to Windows 7, and am contemplating building a new special CD for that. More info here – http://www.boot-land.net/forums/index.php?showtopic=8774 (FYI: site is frequently down or slow) … It looks a lot more complicated that BartPE, but it looks promising.

Linux has also helped me out from time to time (read: every time), specifically when copying files off the infected PC. I don’t have to worry about viruses since it’s a different platform, and I can utilize advanced tools like rsync for resuming file copies if there was an error. Oh, and another nice thing is that I can ignore NT security when in Linux :). No longer having to take ownership of files or registry hives just to make a backup!

Feel free to throw me some hints, tips, or applications that you might be using to assist your pc-repairs in the comments section!

Advertisements

About killerspaz

I'm a developer that loves to tinker with cutting edge technology. I have recently been playing with the Flash Platform (AS3/Flex), Android (custom roms, replacement apps, scripting), and looking at opportunities in the mobile markets.

Posted on 04.09.2010, in Tools and tagged , , , , . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: