PC Support                 spindle of CDs at each Helpdesk                     

 

1. Student brings in PC or requests CD                                    

            Eval = How BAD is it?                        

            Sign off - get Info - who, what, etc                               

            Give and explain Docs                         

            if brought in, run CLEANMGR                        

            Give them CD -  show list of processes to go through  

                 Go down list as numbered – wait for one to finish before going to next

           What’s on CD - http://crab.rutgers.edu/~mchugh/98 - what these files do.txt  

                                    http://crab.rutgers.edu/~mchugh/99 - other files here.txt  

                        Maybe report back - good or bad                   

                                               

2. Student can't get it to work                                      

            Stay in work area                                

            manaully HELP process                                   

                        run Cleanmgr               

                        run SPYBOT from CD            

                        install (COPY) McAfee from CD                     

                        run RU Compliant  from CD                

                                               

3. Student can't get it to work                                      

            We look:                                 

              run regedit

                         check “run” areas in BOTH software areas

                         check  “exefile” in the first area “HKEY_CLASSES_ROOT” - command key should be "%1" %*

                         http://crab.rutgers.edu/~mchugh/how2/reg98run.htm

             look at “Startup” folder (on Start – Programs) for problems                 

 

            run Winternal                           

 

 

4. Send to BestBuys, CompUSA, etc.                                     

 

 

 

 

Cd process                 

 

Software housed on my PC                 

  update weekly (Monday morning)                  

    or as needed            

     pushed out to N:\copy2cd               

       each night 

 

Software is copied to CD at “Help” station

         CD-R are stored at “Help” station       older PCs may not handle CD – try copy to CD-RW

                                                                    Even try a copy to DVD – this copy worked on old Dell Latitude that wouldn’t run CD.

           

Copies actual working programs                      

   not just to-be-installed                      

   so they will run from CD                   

     without install unless needed :          

            SpyBot

            Ad-aware

            RU-Compliant 

            Ewido 

                       

To be installed:

   McAfee wiith .dat

      maybe CLAMAV (runs slow)

 

After PC is cleaned – install SpyBot, Ad-Aware, MS AntiSpyware, etc.

 

 

 

Network process

 

In CCC & BSB 110

  Protected network Connection

    through inexpensive firewall

      to download MS Patches

 

 

 

 

 

 

Other points and ideas:

 

 

Simple Process:

Does the PC work?  OK – run cleanmgr.exe first   to clear tons of garbage files.

Turn off screen saver and power controls – we don’t want the PC doing anything else.

Open  “TASK MANAGER” (CTRL-ALT-DEL) and end unneeded processes – qttask, jusched, etc.

Run  EWIDO  from FIXIT CD if network is available or SpyBot. 

Open “TASK MANAGER” again (or leave it open from before) and find “ewido_micro.exe”

     And set it priority to “High” or “RealTime”  (right click on the program and find “Set Priority”

     at the bottom of the list).  Put the mouse pointer on it to expose the options and pick  

Run Virus scan

 

****************

 

Other things that “bother” your PC:

 

Run “Defrag” on old PCs to improve performance of scanning software – may need to do this overnight on slow PC with large hard-drive.

       This could take a very long time on a large drive.

 

To speed up your PC: After your PC has been “On-Line” for a while it may pick unwanted/uninvited applications that consume resources and may make the PC unstable (I saw this with ViewPoint locking Windows Explorer).  These can often be removed by the following:

Open “Control Panel” (from the “Start” button) and go to “Add and Remove Programs” and uninstall junk programs – some are called BHO (Brower Hijacker Objects).  Some come in on their own and some we say “OK” to because they look interesting.  Which are the junk?  This changes periodically.  Some examples:

Gator, Wild-Tangent, Kazza, Morphius, ViewPoint, SurfBar, Xupiter, MySearch, ExactSearch, TopText/EZula, IntelliText, WhenU / SaveNow, SuperBar

Bonzi Buddy, ISearch, 180search Assistant.

Basically if you see something you don’t recognize open a browser (Internet Explorer, Mozilla, FireFox) and use the “search” feature to learn about the item.

I usually go to WWW.GOOGLE.COM  and type in the name of the item and usually in the first four items I can see if it’s bad (or unneeded) or normal (what you expect to see in a system).

 

 

****************

Concept:

Setup a space with a firewall to block all in and out except port 80 (WEB access).  Single PC access since multiple machines would infect/infest each other.

Other offline PCs would be using the FIXIT CD to run Ad-aware or Spybot or McAfee from the CD – Not loaded on hard drive.

Also need a networked PC to look up problems that show up and answers to rid specific “bugs” that will show up – used only by “FIXER” not user.

****************

Concept:

PC’s OS is reinstalled – just a simple repair (overwrite OS) or full reformat.  User files would need to be pulled off – time consuming, where to put them?

Use Craig’s “Master Backup” to hunt in common areas for users’ files and get them out of the way before reinstall or repair.  All user programs would probably need a reinstall – we do not do that.

****************

Concept:

“Legal” document absolving us of liability if we take on the task of trying to repair the PC.  To be signed by user and “FIXER” if there is one.  Matt and Ron have a working prototype.

****************

Concept:

Database of “clients” to track users who should not be allowed to use PCs.  That’s too harsh.  Keep a list of users who need more training.  Are we going to train them?  We gave a seminar on protection and no one came.  Should we offer periodic updates – they being in the PC for a “quick” lookover?

****************

Concept:

We install software and patches.  We reconfigure their PCs.  We take out old AV product (Symantec) and install McAfee – they don’t get to choose.  We put in MS anti-spyware.  We don’t suggest we force.  Put “Clean Manager” in Startup or make it a scheduled event – once a day.

****************

Concept:

Do we simply run Winternals on the PC and bypass running the fixes in Windows?  Load Winternals, run EWIDO (ASW), run CLAMAV (AV), load McAfee for running when Windows starts again.  This can’t be done by user.  After the cleanup the user can load patches and MS anti-spyware.

****************

 

Needed:

People to run it or CD and document – very time consuming for the user and slow in the process with a lot of questions and help.

 

Admin access

Or admin account

Bios access (password) – to be able to boot from CD or Floppy

OS info – do we do DOS, 95,98,ME??  Only 2000, XP, (2003?).

      MAC, Linux, Unix.   MAC laptop, are there Linux laptops?  Lindows?

 

Hardwire Wireless to bypass problem

Buy USB wireless to bypass problem

 

Network blocked by firewall or monitored.  Routers and gateways – monitored, patched.

Is email blocked? For malware downloads

Blocked by firewall

Does PC have firewall – is it turned on?  Add software (zonealarm)??

 

Use “current” CD for Spyware control

   What virus control are they running? Is it up-to-date -> kill it for McAfee?

Is the OS patched and version correct?

Are software packages up-to-date?  Too many to work with – players, browsers, plugins

 

Suggest or force – Microsoft antispyware blocker (beta) 

    Check WEB site  software   for other scanners – virus and spyware.

 

“Current” CD should have McAfee and .dat, Spybot, maybe  EWIDO (spyware) and CLAMWIN (CLAMAV) (Virus Hunter)

RU Compliant (has McAfee)

 

****************

Idea for deleting locked files:

      Close all programs

      Start DOS window   (cmd)

      Hit [START]  pick  Turnoff or Shutdown  but don’t execute it

      Hold down   CTRL & SHIFT & ALT  at the same time

           While holding them down hit the “Cancel” button in the Shutdown window.

                 Your desktop icons should go away.

In the DOS Window (at the command prompt) maneuver to the subdirectory you want to deal with and use the ‘DEL’ command to get rid of files OR  DEL *.tmp /s  to get rid of all .tmp files from where you are in the directory tree to the end of the branch.

 

When done type ‘Explorer’ in the DOS window to bring the desktop back.

 

*****************

If ‘Cleanmgr’ is not available (it doesn’t seem to want to work in Winternals) try

DEL *.tmp /s     at the root to kill all .tmp files    BE CAREFUL

Use DIR *.whatever /s   to search for file types and then DELete them.

Look for “tilde” files  ~*.* files.   DIR ~*.* /s    or old backup files  *.bak     DIR *.bak /s or other odd files = DIR $*.* or DIR !*.* or DIR *.ZIP etc.

And delete them if necessary.

 

*****************

Microsoft’s CleanManager is very slow calculating space that will be saved by compressing old files – the following article discusses stopping this process

which will speed up the clean manager process.  Be sure to copy the registry area that you will be deleting if you want to be able to undo this approach.

 

http://support.microsoft.com/default.aspx?scid=kb;en-us;812248

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches

 

We want “CleanManager” run first to get rid of junk file so that the Spyware and Virus scanners won’t need to check them and waste a lot of time.

 

*****************

We have Winternals CD available for worse case scenarios.  It can change the Administrator password.  It allows network access using Firefox booting from the CD and not the infected PC.  From here EWIDO and/or CLAMWIN can be run to attempt to clean the system.  (Internet Explorer does not run in this environment and no program that needs ActiveX will run either – so this limits many of the virus and spyware options that we have available.)

 

 

 

*****************

Microsoft  WEB site that talks about these problems:

 http://support.microsoft.com/default.aspx?scid=kb;en-us;898583

 

*****************

Other discussions:

http://www.informationweek.com/news/showArticle.jhtml?articleID=175802722

 

*****************

 

 

http://resnet.rutgers.edu/index.php?topic=Getting+Connected

 

 

 *****************

Nasty Problems:
 "Jkhfc.dll" problem (WildTangent)      http://www.geekstogo.com/forum/index.php?showtopic=67232
 "e2give" problem                                    http://labs.paretologic.com/spyware.aspx?remove=e2give


 
*****************

 

Interesting WEB page on how your system gets Spyware and how to fix it:
 http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I
 

 

*****************

*****************

*****************

 

 

 

 

Hmmm, I just saw  c:\pagefile.sys could not be opened with McAfee but CLAMWIN picked up a virus in it under Wininternals.

 

RU-Compliant won’t run under Winternals.

 

 

How do we tell if a wireless PC is infected?  Or a laptop brought into our lab and plugged in.

What about MAC laptop or “Lindows” PC – do they exist?

 

Screen Captures - Results of scans:
This PC had many problems and a reload of the OS was our last resort.
EWIDO found over 1000 problems but the "cmdcommand" was nasty.
It also had "e2give". The Winternals CD was used to clean the "cmdcommand".

 

 

http://crab.rutgers.edu/~mchugh/BADSTUFF/MOREBAD2.RTF

 

The next image shows MS's Spyware blocker trying to stop
eetu.exe but it's already in the system - the TaskManager
(Alt-Ctrl-Del) shows it running in "Processes"

The next image is from a scan by McAfee software on the same PC as above.

 

Click here for a report on a fix of an HP Pavilion in .XLS format.

Click here for a report on a fix for W32/Opanki.Worm .XLS format.

Click here for a report on a Toshiba PC firewall problem .XLS format.

Click here for a report on a Compaq PC AlfaCleaner & Warn .XLS format.

Click here for a report on a fix for JAVA cache Trojan.Java.ByteVerify .XLS format.

Click here for a report on “Smitfraud” Trojan problem .RTF format.

Click here for a report on a "Look2Me" sypware problem in .XLS format.

Click here for report on "ConHook" trojan/browser hijack in .XLS format.

Click here for report on SPAMMING PC in .XLS format.

Click here for report on Core.sys and core.cache.dsk problem - in .RTF format.

Click here for info on "Joke Blue Screen" virus in .XLS format.

 

****************

Targeted Problems:

“look2me”

http://forums.spywareinfo.com/index.php?showtopic=68710

smitfraud

 

vundo

 

Multi-problems

http://www.pchell.com/support/spyware.shtml

http://forums.techguy.org/security/345137-difficult-problem-fixes.html

http://www.symantec.com/avcenter/home_homeoffice/tools.list.html

 

****************

 

Where to look for problems:  Use REGEDIT (with caution – a mistake can cripple your PC) and look at the “RUN” options, exefile, and elsewhere.

****************

 

 

Notes on cleaning a PC: (Copied from WEB http://www.short-media.com/forum/showthread.php?t=40340 )

Clear your Temp folders.
Clear out your Temporary internet files and other temp files.
Go to Start > Settings > Control Panel >Internet Options.
Under the General tab click the Delete temporary internet files,
delete all Offline content as well. Clear out Cookies.

Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)

C:\Documents and Settings\username\Local Settings\Temp\

In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to
here.

****************



Empty the Recycle Bin.

For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.

Go to Start>Run and type msconfig. Press enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.

Check the box labelled 'Turn off System restore'.

Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.

Note that all previous restore points will be lost.