JPJones.co.uk

Every so often, I get a call from a family member or friend, with them wanting to drop their PC off with me as it’s started misbehaving / running slow / just plain doesn’t work. Recently, these have included a PC infected with over a 100 trojans and viri, and a 1 year old Sony Vaio with a hard disc with a number of bad sectors.

Having spent the last weekend working on a couple of machines, I thought it’d be useful to list my PC Toolkit, and I invite others to do the same! Now I realise these sort of posts are what were doing the rounds years earlier, but its still a valid topic today given the increased number of devices attached to the Internet, and the number of computer viruses totalling somewhere north of 1 Million.

Virus Scanning Utilities

My current resident favourite virus scanner is AVG (it should be noted, withOUT the LinkScanner utility).

I also back this up on potentailly infected systems with an on-line scanner, such as the Windows Live OneCare Virus Scanner, which works through the browser and various plugins / ActiveX controls.

Spyware Hunting Utilities

I regularly use that old chestnut (I say old, but its regularly updated) Spybot – Search & Destroy. It has a comprehensive database of potential spyware, and has hooks into the browser to try and protect against malware. It also can exclude cookies from your favourite ad serving and tracking platforms.

There’s also HijackThis which is useful to see whats buried in certain key parts of the hard drive and registry, and allows the user to disable or remove certain programs that may load with Windows or the browser.

System Tools

I’ve recently come to rely on the System Rescue CD, which contains a CD-Bootable verison of Linux with lots of useful tools for checking hard drives, working with HDD partitioning, copying – and even rescuing – data from damaged partitions. It provides utilities to handle secure deletion of data should you want to dispose of an old hard drive. I recently used this set of tools to copy a working Vista installation on a partition which contained damaged sectors to an external hard drive (connected via USB) which would soon replace the internal drive.

NTFSCLONE, NTFSINFO & NTFSTRUNCATE to the rescue!

I used to be a big fan of PartitionMagic, but a) it’s commercial software which requires a license, and b) I’ve had a few instances of it crashing mid-operation and destroying my data (thank you back-ups!). Granted, free software can do the same, but I’ve yet to have an issue with any of the utils on the System Rescue CD.

Process & Network Safety

When checking out a potentially infected PC, whats the best way to do it?
Well, I initially run HiJackThis from a known-clean USB key to get a handle on whats on the machine, and clean what I can.
I then uninstall any virus checking software on the machine, install a fresh copy of AVG (again, from a clean USB), ensure the latest virus definition updates are on it, and then do a full system scan.
Once this has completed, then I connect it to the Internet and run a second virus scan, this time using a different tool (e.g. MS OneCare).

How I also connect the PC via a separate network to the rest of my machines / smartphones etc. I have a Draytek 2820 Router which provides my ADSL connection. This has the ability to create up to 4 separate WiFi networks, each of which can be isolated from each other, and even individual machines on the same WiFi connection.
I also use the firewall abilities of the Draytek to ensure common trouble ports are blocked, e.g. TCP Port 25, Port 443 etc, to stop rouge activity potentially taking place whilst the PC is active on the Internet. Not ideal, I know. I’d rather have all ports except port 80 blocked, but I don’t see how the Draytek can allow this to happen (without setting up heaps of rules).

Anyway, thats the basic methodology. Thus far, its enabled me to clean out all detected trojans and viruses, even if it takes a few reboots and scans in order to do so.

So, does anyone have any suggestions / better tools or techniques for recovering a damanged or infected system?

I’ve just signed up for a Web Developer Conference in Amsterdam, running 29th-30th June.
Its called Kings Of Code, and has a pretty exciting line-up of speakers.

I’ve been meaning to get involved in some Dev conferences for a while now, and keep on procrastinating for this reason or that reason. No longer! Having attended the last day of Yahoo! Open Hack 2009 in May, I found lots of great ideas floating around and decided I need some of that! Normally I’m at SEO/SEM (WebmasterWorld PubCon {though I haven’t attended one for quite a while} or SES Conferences), or the fantastic A4UExpo Affiliate Conference; however this will be one of my first coder conferences.

In particular I’m looking forward to the talk by Joe Stump of Digg.com fame on his war stories with PHP scalability, and perhaps the introduction to iPhone programming, which is something I always keep saying I’ll get around to one day..

If you’re going, let me know – @japes on twitter, and I’ll look forward to meeting up there!

Now, anyone got a recommendation for a good hotel nearby the Tuschinski Theater?