PC Support
spindle of CDs at each Helpdesk
1. Student brings in PC or requests CD
Eval = How BAD is it?
Sign off - get Info - who, what, etc
Give and explain Docs
if brought in, run CLEANMGR
Give them CD - show list of processes to go through
Go down list as numbered wait for one to finish before going to next
Whats on CD - http://crab.rutgers.edu/~mchugh/98 - what these files do.txt
http://crab.rutgers.edu/~mchugh/99 - other files here.txt
Maybe report back - good or bad
2. Student can't get it to work
Stay in work area
manaully HELP process
run Cleanmgr
run SPYBOT from CD
install (COPY) McAfee from CD
run RU Compliant from CD
3. Student can't get it to work
We look:
run regedit
check run areas in BOTH software areas
check exefile in the first area HKEY_CLASSES_ROOT - command key should be "%1" %*
http://crab.rutgers.edu/~mchugh/how2/reg98run.htm
look at Startup folder (on Start Programs) for
problems
run Winternal
4. Send to BestBuys, CompUSA, etc.
Cd process
Software housed on my PC
update weekly (Monday morning)
or as needed
pushed out to N:\copy2cd
each
night
Software is copied to CD at Help station
CD-R are stored at Help station older PCs may not handle CD try copy to CD-RW
Even try a copy to DVD this copy worked on old Dell Latitude that wouldnt run CD.
Copies actual working programs
not just to-be-installed
so they will run from CD
without install unless needed :
SpyBot
Ad-aware
RU-Compliant
Ewido
To be installed:
McAfee wiith .dat
maybe CLAMAV
(runs slow)
After PC is cleaned install SpyBot,
Ad-Aware, MS AntiSpyware, etc.
Network process
In CCC & BSB 110
Protected network Connection
through inexpensive firewall
to download
MS Patches
Other points and ideas:
Simple Process:
Does the PC work? OK run cleanmgr.exe first to clear tons of garbage files.
Turn off screen saver and power controls we dont want the PC doing anything else.
Open TASK MANAGER (CTRL-ALT-DEL) and end unneeded processes qttask, jusched, etc.
Run EWIDO from FIXIT CD if network is available or SpyBot.
Open TASK MANAGER again (or leave it open from before) and find ewido_micro.exe
And set it priority to High or RealTime (right click on the program and find Set Priority
at the bottom of the list). Put the mouse pointer on it to expose the options and pick
Run Virus scan
****************
Other things that bother your
PC:
Run Defrag on old PCs to improve performance of scanning software may need to do this overnight on slow PC with large hard-drive.
This
could take a very long time on a large drive.
To speed up your PC: After your PC has been On-Line for a while it may pick unwanted/uninvited applications that consume resources and may make the PC unstable (I saw this with ViewPoint locking Windows Explorer). These can often be removed by the following:
Open Control Panel (from the Start button) and go to Add and Remove Programs and uninstall junk programs some are called BHO (Brower Hijacker Objects). Some come in on their own and some we say OK to because they look interesting. Which are the junk? This changes periodically. Some examples:
Gator, Wild-Tangent, Kazza, Morphius, ViewPoint, SurfBar, Xupiter, MySearch, ExactSearch, TopText/EZula, IntelliText, WhenU / SaveNow, SuperBar
Bonzi Buddy, ISearch, 180search Assistant.
Basically if you see something you dont recognize open a browser (Internet Explorer, Mozilla, FireFox) and use the search feature to learn about the item.
I usually go to WWW.GOOGLE.COM and type
in the name of the item and usually in the first four items I can
see if its bad (or unneeded) or normal (what you expect to
see in a system).
****************
Concept:
Setup a space with a firewall to block all in and out except port 80 (WEB access). Single PC access since multiple machines would infect/infest each other.
Other offline PCs would be using the FIXIT CD to run Ad-aware or Spybot or McAfee from the CD Not loaded on hard drive.
Also need a networked PC to look up problems that show up and answers to rid specific bugs that will show up used only by FIXER not user.
****************
Concept:
PCs OS is reinstalled just a simple repair (overwrite OS) or full reformat. User files would need to be pulled off time consuming, where to put them?
Use Craigs Master Backup to hunt in common areas for users files and get them out of the way before reinstall or repair. All user programs would probably need a reinstall we do not do that.
****************
Concept:
Legal document absolving us of liability if we take on the task of trying to repair the PC. To be signed by user and FIXER if there is one. Matt and Ron have a working prototype.
****************
Concept:
Database of clients to track users who should not be allowed to use PCs. Thats too harsh. Keep a list of users who need more training. Are we going to train them? We gave a seminar on protection and no one came. Should we offer periodic updates they being in the PC for a quick lookover?
****************
Concept:
We install software and patches. We reconfigure their PCs. We take out old AV product (Symantec) and install McAfee they dont get to choose. We put in MS anti-spyware. We dont suggest we force. Put Clean Manager in Startup or make it a scheduled event once a day.
****************
Concept:
Do we simply run Winternals on the PC and bypass running the fixes in Windows? Load Winternals, run EWIDO (ASW), run CLAMAV (AV), load McAfee for running when Windows starts again. This cant be done by user. After the cleanup the user can load patches and MS anti-spyware.
****************
Needed:
People to run it or CD and document
very time consuming for the user and slow in the process with a
lot of questions and help.
Admin access
Or admin account
Bios access (password) to be able to boot from CD or Floppy
OS info do we do DOS, 95,98,ME?? Only 2000, XP, (2003?).
MAC, Linux,
Unix. MAC laptop, are there Linux laptops? Lindows?
Hardwire Wireless to bypass problem
Buy USB wireless to bypass problem
Network blocked by firewall or monitored. Routers and gateways monitored, patched.
Is email blocked? For malware downloads
Blocked by firewall
Does PC have firewall is it turned
on? Add software (zonealarm)??
Use current CD for Spyware control
What virus control are they running? Is it up-to-date -> kill it for McAfee?
Is the OS patched and version correct?
Are software packages up-to-date? Too
many to work with players, browsers, plugins
Suggest or force Microsoft antispyware blocker (beta)
Check WEB site software
for other scanners virus and spyware.
Current CD should have McAfee and .dat, Spybot, maybe EWIDO (spyware) and CLAMWIN (CLAMAV) (Virus Hunter)
RU Compliant (has McAfee)
****************
Idea for deleting locked files:
Close all programs
Start DOS window (cmd)
Hit [START] pick Turnoff or Shutdown but dont execute it
Hold down CTRL & SHIFT & ALT at the same time
While holding them down hit the Cancel button in the Shutdown window.
Your desktop icons should go away.
In the DOS Window (at the command prompt)
maneuver to the subdirectory you want to deal with and use the
DEL command to get rid of files OR DEL *.tmp /s
to get rid of all .tmp files from where you are in the directory
tree to the end of the branch.
When done type Explorer in the
DOS window to bring the desktop back.
*****************
If Cleanmgr is not available (it doesnt seem to want to work in Winternals) try
Use DIR *.whatever /s to search for file types and then DELete them.
Look for tilde files ~*.* files. DIR ~*.* /s or old backup files *.bak DIR *.bak /s or other odd files = DIR $*.* or DIR !*.* or DIR *.ZIP etc.
And delete them if necessary.
*****************
Microsofts CleanManager is very slow calculating space that will be saved by compressing old files the following article discusses stopping this process
which will speed up the clean manager process. Be sure to copy the registry area that you will be deleting if you want to be able to undo this approach.
http://support.microsoft.com/default.aspx?scid=kb;en-us;812248
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches
We want CleanManager run first to get rid of junk file so that the Spyware and Virus scanners wont need to check them and waste a lot of time.
*****************
We have Winternals CD available for worse
case scenarios. It can change the Administrator password.
It allows network access using Firefox booting from the CD and
not the infected PC. From here EWIDO and/or CLAMWIN can be
run to attempt to clean the system. (Internet Explorer does
not run in this environment and no program that needs ActiveX
will run either so this limits many of the virus and
spyware options that we have available.)
*****************
Microsoft WEB site that talks about
these problems:
*****************
Other discussions:
http://www.informationweek.com/news/showArticle.jhtml?articleID=175802722
*****************
http://resnet.rutgers.edu/index.php?topic=Getting+Connected
Nasty Problems:
"Jkhfc.dll" problem
(WildTangent) http://www.geekstogo.com/forum/index.php?showtopic=67232
"e2give"
problem
http://labs.paretologic.com/spyware.aspx?remove=e2give
*****************
Interesting WEB page on how your system gets
Spyware and how to fix it:
http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I
*****************
*****************
*****************
Hmmm, I just saw c:\pagefile.sys could
not be opened with McAfee but CLAMWIN picked up a virus in it
under Wininternals.
RU-Compliant wont run under
Winternals.
How do we tell if a wireless PC is infected? Or a laptop brought into our lab and plugged in.
What about MAC laptop or Lindows PC do they exist?
Screen Captures - Results of scans:
This PC had many problems and a reload of the OS was our last
resort.
EWIDO found over 1000 problems but the "cmdcommand" was
nasty.
It also had "e2give". The Winternals CD was used to
clean the "cmdcommand".
http://crab.rutgers.edu/~mchugh/BADSTUFF/MOREBAD2.RTF
The next image shows MS's Spyware blocker trying to stop
eetu.exe but it's already in the system - the TaskManager
(Alt-Ctrl-Del) shows it running in "Processes"
The next image is from a scan by McAfee software on the same PC as above.

Click here for a report on a fix
of an HP Pavilion in .XLS format.
Click here for a report on a fix for
W32/Opanki.Worm .XLS format.
Click here for a report on a Toshiba PC
firewall problem .XLS format.
Click here for a report on a Compaq PC
AlfaCleaner & Warn .XLS format.
Click here for a report on a fix for
JAVA cache Trojan.Java.ByteVerify .XLS format.
Click here for a report on
Smitfraud Trojan problem .RTF format.
Click here
for a report on a "Look2Me" sypware problem in .XLS
format.
Click
here for report on "ConHook" trojan/browser hijack in
.XLS format.
Click
here for report on SPAMMING PC in .XLS format.
Click here for report on Core.sys and core.cache.dsk problem - in .RTF format.
Click here for info on "Joke Blue Screen" virus in .XLS format.
****************
Targeted Problems:
look2me
http://forums.spywareinfo.com/index.php?showtopic=68710
smitfraud
vundo
Multi-problems
http://www.pchell.com/support/spyware.shtml
http://forums.techguy.org/security/345137-difficult-problem-fixes.html
http://www.symantec.com/avcenter/home_homeoffice/tools.list.html
****************
Where to look for problems: Use REGEDIT (with caution a mistake can cripple your PC) and look at the RUN options, exefile, and elsewhere.
****************
Notes on cleaning a PC: (Copied from WEB http://www.short-media.com/forum/showthread.php?t=40340 )
Clear your Temp folders.
Clear out your Temporary internet files and other temp files.
Go to Start > Settings > Control Panel >Internet
Options.
Under the General tab click the Delete temporary internet files,
delete all Offline content as well. Clear out Cookies.
Also, go to Start > Find/search > Files or folders > in
the named box, type: *.tmp and choose Edit > select all ->
File > delete.
Empty/delete the entire contents of the C:\Windows\temp folder
and C:\temp folder, if you have one. (Contents but not the folder
itself.)
C:\Documents and Settings\username\Local Settings\Temp\
In order to view these files you may have to select 'show hidden
files/folders.' Instructions on how to here.