The life of an IT professional

Google

Tuesday, March 14, 2006

Computer Virus: What you need to know

Basically there are two types of computer virus and they are commonly known as application virus (virus that is activated when a user clicks on the file) and network virus (virus that attempts to replicates itself, most of the times automatically searching for computers that it can invade).

Both types of virus can be equally destructive and the purpose of this post is to help you prepare before disaster strikes.

Prevention is always better than cure, yes, this statement is very true but people still get cancer even though they try to ‘prevent’ it from occurring. The same goes to computer virus.

Have you ever wondered why, even though we put in the best anti-virus software (which won numerous awards), scan every god damn incoming files but we are still vulnerable to virus?!

Having seen numerous types of infections occurring on our user’s computer gives us a fair deal of knowledge on how to deal with outbreaks. Well, worst case scenario – re-formatting is always a viable option.

Things that you should do, immediately after a clean installation of Windows Operating System

Warning: Attempting to edit the windows registry is not recommended for the weak hearted. Just take a snapshot and do not do any amendments if you’re new to the registry business.

Before the aftermath …

1. Take a snapshot of your RUN registry and attempt to know what is being run.

Start / Run / Regedit and hit the enter key

Navigate and take a snapshot of the following keys.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

To take a snap shot of the registry value for each key value, hit the print screen button and paste the snap shot to Microsoft Word or Excel. Make sure you store the screen capture file to a save location.

2. Know what programs or services are being run on your computer.
2.1 Download and run the free version of Process Explorer and take snapshot of what kind of services are being run before the problem occurs. The process explorer can be downloaded from www.sysinternals.com/Utilities/ProcessExplorer.html

3. Keep the Microsoft patches updated as patches from Microsoft are meant to mend what was left out during software testing.

4. Install antivirus software and keep the anti-virus updated. Many viruses are released daily and it is important to stay up to date with these updates. Perform a regular scan of which corporate administrators are able to perform an automatic patch downloading and scanning at stipulated interval without user’s intervention.

5. Make sure you have at least a firewall running on your PC and internet gateway and by default block everything and only allow programs that you are 100% sure to run.

DURING THE CRISIS …

I GOT VIRUS!? PANIC?! Let’s reformat!

This is normally the typical Joe’s reaction towards virus (or at least that is what my friend’s reaction is)

1. First and foremost, attempt to know what you’re up against. Take every step to record down what you saw or heard by means of screen capturing (if possible).

Using the information you had gathered, attempt to search for the type of virus off www.google.com or your favorite search engine. If the virus is a common infection like the common cold, chances are millions of users worldwide had encountered the same infection as you did and there is a high chance that a solution is just around the corner.

2. What if I can’t log on to google.com? Whenever I type www.google.com it says page not found or it sends me to where no man has ever gone before!

Most of the infected computer if it is still working changes your DNS (Domain Name System) setting to prevent the average Joe from going to the internet to search for solution or run free online virus scan engine (like Trend Micro’s Housecall ™)

The “hosts” file can be edited by using Windows Explorer and navigating to “c:\windows\system32\drivers\etc\host.”. The location of the “host” file varies between the Windows Operating systems.

Before editing this file, it is strongly suggested that you make a backup copy of this file. Make sure there is only a single line that reads.

127.0.0.1 localhost

.. and delete anything below this line. Save the “host” file and using Internet Explorer, try to navigate to www.trendmicro.com website to run the online virus detection and cleaner. (Oh, by the way did I mention the magic word that it is a completely free service by Trend Micro?)

If it is a computer virus that is known to Trend micro, chances are you are able to clean and remove or at least quarantine the virus.

3. Attempt to stop the virus from running.

Most of the virus attempts to load once Windows is started without the user’s knowledge. Once loaded it do all sorts of funny stuff to prevent the users from gaining control of the computer. Some makes the computer extremely slow, chalking up windows resources to nearly 100%.

Using the “process explorer” try to see what kind of ‘additional’ processes that was added and try to stop it. Kill the processes that are constantly eating up on windows resources to see if it helps to make your computer faster. Some viruses will ‘auto-resume’ once you had killed it using process explorer.

If this happens to your PC, then you’ll have to get your hands dirty and check your system registry to stop the virus from even starting. You’ll need to stop the “system restore” on your windows computer. Search www.google.com with the keyword “stop system restore” on how to do this. Well if you forgot to take snapshots of what services are supposed to be run in the first place, you can always go to www.google.com and search for more information on the services that was run eg,
“C:\WINDOWS\system32\NeroCheck.exe” reveals that the computer will start the NERO cd burning services once Windows is started.

4. Help! What if I can’t even boot Windows?! How do I run online scan!?

If you have more than one computer, you can try to unplug the hard disk and install it on your secondary computer. Then using the main computer run an online scan on the second computer.

Warning: Do not attempt to open any files from the secondary hard disk that you had install, fearing that by executing any files on the secondary hard disk, it will spread the infection to the first computer!

5. Once you know what you’re up against, most of the antivirus sites will provide a step by step guidance on how to remove the infection if the virus is not a destructive virus that is.

PS. I do not have any affiliates or any connection with the names mentioned. If I am in direct violation of any laws (duh!), please notify me and I shall gladly remove the names.

Monday, March 13, 2006

Howto: Reinstall Windows XP on notebook without CDROM

My programmer's Toshiba notebook CDROM went down the drain and replacing the CDROM takes at least 3 months (not to mention that it is rather pricey!).

He approached me for help as he needs to reformat and reinstall his notebook due to his SQL server and Internet Information Services (IIS) is not functioning properly. It refuses to start even though he had reinstalled.

I reinstalled using the below method and passed the notebook to him. After two months he came back to me asking me to reinstall the freaking notebook again claiming that he did something and the same problem to the IIS and SQL occurs.

Well, guess what!? I kind of forgotten what I had done for him! Frustrated and aggitated the second time I decided to write down what I call an idiot proof procedures for the benefit of all mankind! Hooray!

Prerequisite

Hardware
  • A desktop computer with working CDROM
  • An 3.5inch external USB casing (rather cheap)

Software

  • Windows 98 Second Edition boot disk (for more information on how to create boot disk please navigate to http://www.computerhope.com/boot.htm)
  • The file "Smartdrv.exe" (can be found on any PC running Windows 98 at c:\windows directory)
  • Your copy of WinXP CD (make sure it's legal)
  • Your cd keys for the WinXP
Of course the first thing to do is to have your necessary files and folders backed up and tucked away safely.

In order to do this you will need to remove the hard disk from your notebook. Since the removal of hard disk from notebook varies by model, you'll need to search for this information yourself from your notebook manufacturer's website (which is why you should invest in branded notebook rather than Tom, Dick and Harry).

Once you had remove the notebook hard disk, install it to the external USB hard disk casing and plug it into the USB port of your desk top computer. Make sure the desktop computer is able to detect the external USB hard disk.

Copy out the files that you need to your desktop computer.

Now let's get down to business!

Procedures
a. Install the Notebook HDD to the external USB HDD casing
b. Attach the USB HDD casing to any computer running Windows XP/2000 that is able to detect the external USB HDD
c. Backup files that you think is important to you to the desktop computer. (If you think that your Playboy collection directory is the most important then by god, back it up!)
c. Format the USB HDD using FAT32 and create the necessary partition
d. Pop in the Window XP SP2 CD into the computer with working CDROM
e. Copy the directory “I386” from the Window XP SP2 CD to the USB HDD “C:\i386” directory
f. Unplug the USB HDD and reinstall the notebook hard disk to the Toshiba notebook
g. Boot up the Toshiba Notebook using Window 98 Boot Disk
h. After successfully boot up the computer using Windows 98 Boot Disk, insert the disk with “Smartdrv.exe” and at the MSDOS prompt issue the command to copy

Copy a:\smartdrv.exe c:\smartdrv.exe

i. Run the file C:\Smartdrv.exe (no message will be displayed)
j. Change directory to “c:\i386” and run WinNT Setup by running the file c:\i386\WINNT.exe

ATOS ranting

I have booked my Toyota Avanza and shall receive the car in two weeks time (so I was told). I hope I have made a good choice as compared to the local manufactured ATOS (bought in 2004).

The quality (what quality!?) of the ATOS of the paint work is one of the worst I've ever encountered.

The side bumper paint came off just weeks upon receiving of the car. The side window black color tinted paint also came off exposing the rust metal beneath the lousy paint job.

I lost nearly RM 18,000 (per annum RM 9,000!) as there is no demand for this car as most prefer to opt for MyVi rather than ATOS.

Luckily my wife's brother is in the used car sales business and he help me to find the lowest interest rate by banging on the finance door. Commonly the interest rate for the Toyota Avanza is ranging from two point nine (2.9) to three point three (3.3% pa) percent

With his help, I manage to secure a bank loan for 2.89% for same amount of loan and years (thank god!)

However, I have to admit that the decision to change car was done quite hastily, too rush even, but I am really sadden by the resale value of ATOS.

Anyhow, if I do not sell now, in two to three years time, I can even give it to charity!