Recovering From My Free Antivirus Program

You’ve heard the old adage “You get what you pay for,” right?  When it comes to antivirus and firewall software, are you confident in plugging your PC into the outside world with free protection?

The Internet is a spawning ground for free software. In some cases, this free software blitz is harmless.  But usually if you subscribe to anything free, it could mean you’ll wind up spending countless hours fighting spyware or trying to do a system restore on your PC.  You expect this from certain sites.  Yet, when it comes to free antivirus software or free firewall programs, you expect a higher caliber of download.

Nothing could be further than the truth.  There are programs out there that promise to be free, yet slip in their own spyware.  There are programs that promise to keep your system clear of viruses while providing free access to updates, Email scanners and other tools.  It’s been my unfortunate experience that these programs DO indeed work…..sometimes.  And if sometimes is good enough for you, then I highly recommend you download the latest version of your favorite free antivirus immediately.

Since I had been an advocate of free or cheaper software for years, you can image how surprised I was when I uninstalled my free antivirus software and replaced it with Norton Antivirus.  I used the Live Update feature and began scanning my system before going to bed.  Eight hours later, the commercial-grade Norton Antivirus was about halfway through it’s scan process and had already uncovered nearly eighty viruses in my system.  Ultimately, I ended up with one hundred and twenty seven viruses!  I was shocked….horrified.  I mean, I HAD been using antivirus software–free software, but at least I was using something.  Trojans, worms, spyware–my beloved PC was a whorehouse of diseased code.  I felt used and dirty.

What I’m trying to say is this:  Run, don’t walk to your nearest computer software retailer and get yourself a copy of Norton Antivirus or any other commercial-grade product.  If you value your data and want to be a good Internet citizen, use the commercial software to rid your PC of the swirling mass of viruses growing inside.

Internet Security

So you want to secure your Windows XP installation?

There are 2 categories which the advice I will describe will fall under.  Preemptive methods take a “before it happens” approach to securing your Windows XP install.  Postmortem methods take an “after it happens” approach, and needless to say le’s hope everything is taken care of in our preemptive efforts.  However, in real life things never work out exactly as you want them to.

There are some main topics we are going to cover, which include:

PREEMPTIVE

Firewall / Network Security
Ah yes, the infamous Windows XP firewall.  You may hear a lot of negative things about using the Windows XP firewall, but for the sake of not having any compatibility issues, this is by far your best bet!  The purpose of turning this on is to keep the baddies out.  Essentially, you are locking the front door to your house.

First, turn it on:  START > CONTROL PANEL > NETWORK CONNECTIONS > LOCAL AREA CONNECTION > PROPERTIES > ADVANCED tab > SETTINGS > select ON

While in this screen, click on the EXCEPTIONS tab.  Make sure that the following ARE NOT checked:

• File and Printer Sharing
• Remote Assistance
• Remote Desktop

Click OK and you should be good to go.  Be sure to never install TWO software firewalls on the same computer!!!

Internet Explorer Browser Security
Install SpyBot S&D on your computer which is available FREE at: http://www.safer-networking.org/en/index.html

During the installation of SpyBot make sure to enable “TeaTimer” which will actively monitor your browsing and prevent any identifiable nasties from getting on your computer.  Another major benefit to SpyBot is it “immunizes” your computer from certain known attacks.  You can, through the SpyBot interface, have the software immunize your computer from all known threats.  This is a great feature in itself!  If you are ever concerned that you may have caught something, you can always run a SpyBot scan of your computer.

POSTMORTEM

Antivirus Solutions
I suggest and use AVG for my antivirus solution.  I have used many AV solutions in the past, but AVG offers the most ease, usability, and effectiveness compared to any mainstream solution on the market for home users.  AVG has a FREE edition which is excellent and automatically updates and scans your computer on a daily basis.  It can be downloaded and installed here: http://free.grisoft.com

Malware Removal Solutions
Okay, so we have SpyBot installed, but why would we want another solution?  Aside from the fact it is FREE, you should be acutely aware that a single solution cannot cover every spyware, adware, or malware floating around on the Internet.  It can be beneficial to use another product just to cover your bases.  Lavasoft’s Ad-Aware Personal edition is just the solution for this and can be downloaded an installed from: http://www.lavasoft.de/software/adaware/

Whenever you sense that your computer has been compromised or just when you have some free time and want to take extra caution against malware, update Ad-Aware and run a scan on your computer.

CONCLUSION

With the right amount of care it is possible to extend the time between operating system re-installations.  If your system has too much damage and you need to recover it for whatever reason, I do not suggest a do it yourself approach.  Always contact a professional if you are worried about losing more than your MP3s and bad pictures of yourself.  A good source for professional help is http://www.GeekPatch.com and don’t forget to give coupon code PCTB0306 to get a discount from here!  Enjoy and happy surfing! 

Rootkits Explained

Imagine a hacker program that is able to install itself on your PC and hide from your virus and spyware scanners like a living, breathing entity.  Some rootkits are easily detected, but others are becoming increasingly difficult to find because they filter queries and are then able to hide executables and remove their entries from the task manager.  This article will identify what a rootkit is, and offer simply ways to avoid them.

It’s possible to spot kernel rootkits by using Windows PE, a scaled-down version of Windows XP.  You can boot Windows PE from a CD and compare the profile of the clean OS to that of the infected system.  If your system is infected with a malicious rootkit, the quickest (and probably most reliable) way to remove it would be to format the drive and start fresh.  While this sounds like the “easy way out” approach, it’s really the only guarantee that the system is clean.

Quick Tips to Avoid Rootkits

If you’re looking to prevent rootkit infection in the first place, you should take a few preventive measures to keep your system safe:

• Keep Windows Updated.  Visit Microsoft’s Update page frequently.
• Carefully read any End User License Agreements, as they may actually tell you that some type of rootkit will be installed on your system.
• Avoid installing P2P software.
• Avoid websites and programs that seem shady.
• Consider running an alternative Web Browser, like Firefox.
• Configure your Email server to block or remove emails that have file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.

The important thing to understand when you discover a rootkit has been installed on your system is that the system has been compromised and you should restore the system from a known clean backup.

You can get the popular program RootkitRevealer here.

Scandisk or chkdsk

Lost Clusters on HDD

Frequently running Scandisk or chkdsk can help save your data.  Hard drives can develop bad clusters over time, and those utilities can help retrieve corrupt data, and also prevent data from ever being written to those bad sectors again.  Running these disk management tools will help reduce crashes and further loss of data.  They may also help make you aware of impending hard drive failure.

Lost clusters in a lost chain

A typical error, such as “lost cluster in a lost chain” indicates that data is present but there are no pointers pointing to that data.  You can run chkdsk to attempt to recover the files, or you can simply repair the errors by selecting N when prompted for action.  This will correct the errors but not save the data.  Or you can press Y, which will attempt the associate a folder to that data.  If a folder cannot be found, it will save the data in a folder labeled .xxx.  The “xxx” is a sequential number, so the folder will probably be named .000 if the folder does not exist.

ScanDisk
This utility exists in Windows 9.x systems, such as Windows 98 and ME.  To access this utility, navigate to START>PROGRAMS>ACCESSORIES>SYSTEM TOOLS, then scandisk.  You will be given the option to do a Thorough Scan, which is recommended as it physically scans the surface of the drive for errors.  You can also specify if you want the errors corrected automatically, which is normally fine unless you want to attempt to recover the data.

Chkdsk
Chkdsk is available in Windows 2000 and Windows XP.  To run a chkdsk, go to My Computer and right-click the drive you want to scan, then select Properties.  Under the Tools tab, you will see a section for Error Checking.  Click Check Now.  Again, you will be given options Automatically fix the errors, or to attempt to recover the data.  You may be prompted to reboot so this utility can run before Windows loads.  This is normal.

Hard Drive Utility

Western Digital Hard Drive Utility

Western Digital provides a hard disk utility called Data Lifeguard. The Data Lifeguard program allows users to setup and copy data to their new hard disk. I can perform repairs, diagnostics and identification on WD hard drives via a program you download and write to floppy. Get it here.

Maxtor

MaxBlast is Maxtor’s hard disk utility. MaxBlast 4 is a ATA/IDE hard drive installation utility that makes hdd installations and upgrades easy for beginners and pros alike. It can automatically identify, partitioning, and format Maxtor ATA or SATA hard drives.
Get it here.

Seagate

Seagate uses SeaTools Desktop Edition to diagnose and repair hard disk problems. This program is made into a bootable floppy or .iso and used to repair Seagate hdd issues.
Get it here.

No matter which hard drive you own, manufacturers provide these useful diagnostic and repair tools to help the end-user perform minor repairs on their hardware. Probably their most important feature is copying the contents of one hard drive to another. While there are third-party solutions for this, it’s nice that the manufacturer helps make this experience pleasant and efficient.

Buy a hard drive here

Device Manager Error Codes

The Device Manager in Windows XP is often the first place to look when you are having a problem with Microsoft Windows–particularly a piece of hardware that is malfunctioning. The Device manager lists the components in order, and will sometimes have a red “X” over the device, or an exclamation point beside its icon. This indicates there is a problem with the device, and if you double click the icon, you may find that there is an error code associated with the error.

Error Codes and Explanation

Code 1	Problem: This device is not configured correctly. (Code 1)
	Resolution: This error could mean the device has no drivers installed or is incorrectly configured. Try updating the drive by clicking Update Driver. This starts the Hardware Update wizard. If updating the driver doesn’t work, see your hardware documentation for more info.

Code 10	Problem: This device cannot start. (Code 10)
	Resolution: First, try updating the driver for this device. If that doesn’t work, on the General Properties tab of the device, click Troubleshoot to start the Troubleshooting Wizard.

Code 19	Problem: A registry problem was detected (Code 19)
	Resolution: Navigate to the General Properties tab of this device, then click Troubleshoot to start the Troubleshooting Wizard. Click Uninstall, and then click Scan for hardware changes to load a usable driver. Restart the computer in Safe Mode, and then select Last Known Good Configuration. This rolls back to the most recent successful registry configuration.

Code 22	Problem: This device is disabled. (Code 22)
	Resolution: The device is disabled because a user disabled it by using Device Manager. Click Enable Device. This starts the Enable Device wizard.

Code 39	Problem: Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
	Resolution: The driver may be corrupt. You should uninstall the current driver, then click scan for hardware changes. To reinstall the driver.

Error Code Summary

Some typical resolutions for Microsoft Windows error codes:

• Uninstall the driver for the device.
• Reinstall the driver.
• Try Rebooting.
• Swap out the hardware with a known good device.
• Roll back the driver.
• If all else fails, either reinstall Windows or use the recovery disks that came with the PC. Be sure to backup all data first.

Spyware Preventive Maintenance

Do you run your anti-scumware (spyware and adware) and anti-virus programs only when you are having computer problems? If you do, then you may be too late and the damage may have already been done. It doesn’t matter how well you think you are protected against these nasty files; they may still find a way to get on your computer.

Remember, it is the trouble makers who are looking for every way to get those nasty files on to your computer so those programs that fight those files can only react to the latest threat, after they have been released. There are new threats that come out almost everyday, so you have to be on your toes.

The best method for fighting these nasty files is to do a weekly, or even better a biweekly, check for them. You should set aside a time when you don’t use your computer much and do thorough scan of your hard drive with your armory of programs. You should have all of the latest FREE programs that I list below, and you should run them weekly as a preventive measure. By running them weekly, you not only clean your system but you keep those programs updated.

Now you may update your programs every time you use them, but if you only use them once a month, then you may be flirting with trouble. How can that be? Well, some viruses and scumware may prevent you from accessing the internet, and they may be those very same nasty files that the latest updates addressed. There are viruses out there that will keep your ant-virus programs from even starting and getting on the Net as they go through your hard drive and infect every file they can find.

You need to be a responsible Internet user and do your part to fight these nasty files, because your actions-or lack of them-may have an impact on all us other Internet users.

I only list here the programs that I have used and I’m satisfied with. I know there are other great programs out there, but these are the ones that I have used and can verify as being worthy. When you go to the websites to download these programs, be sure to read the descriptions about them so you will have a better understanding of what they are and what they do.

SYSTEM INVENTORY
Everest: http://www.lavalys.com/products.php?lang=en

SPYWARE-ADWARE
AdAware: http://www.pctechbytes.com/downloads.htm
Spybot S&D: http://www.pctechbytes.com/downloads.htm
SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
Microsoft AntiSpyware (XP only): http://www.pctechbytes.com/windows.htm

VIRUS PROTECTION
AVG Free: http://www.pctechbytes.com/freeantivirus.htm

VIRUS and SPYWARE DETECTION
Ewido (XP only – trial version): http://www.ewido.net/en/
HijackThis: http://www.pctechbytes.com/security.htm

Online HijackThis Analyzers
HijackThis analyzer #1: (website) http://www.hijackthis.de/index.php?langselect=english

Online Virus Scan Website
Trend Micro: http://housecall.trendmicro.com/

Visit Microsoft Update

Unless you update your version of Windows continuously, you run the risk of your PC being vulnerable to attack when an exploit is discovered. While Windows Service Pack 2 is more secure than the original Windows XP, there are occasionally instances where a Windows update plugs small security holes in the Operating System. So unless you are a fanatic about keeping your installation of Microsoft Windows XP up to date, consider allowing Windows to automatically do it for you.

Automatic Updates

Automatic updates in Windows XP provides high-priority security updates that can help prevent your PC from being compromised by a hacker.

To enable this feature, click START, then CONTROL PANEL, then SECURITY CENTER. You can then select AUTOMATIC UPDATES.

You have a few options here, but we recommend that you stick with the Automatically Download and Install option. Otherwise, you may download the updates when they are available but either forget or neglect to install them.

If you prefer to update manually, visit Microsoft’s Update page here.

Whichever method you choose, you have the responsibility as being a member of the Internet community to keep your system up to date on all patches. If not, your computer may be the launching point of Internet attacks that spread denial of service attacks or spread viruses and worms to other computers across the world.

Gateway System Recovery (R0 & R1) (available from September 2004 to June 2005)

• The back up media for the operating system, drivers, and application software is saved on a D: partition on the hard drive.
• In addition to the files located on the D: partition, the user is prompted 1 minute after the Out Of Box Experience (OOBE) to create backup CD-R disks for the software on the hard drive image for future use.
• Blank CD-R media and instructions are provided in the system box for the new computer sales orders.
• The kit consists of 5 regular blank CDs and instructions.
• The blank media is listed on the order for any system that shipped with Gateway System Recovery Rev 1.
• Typically “images” would only require 3-4 CDs.
• Once the CD’s are made, the Operating System, Drivers, or Applications can be reinstalled using the files on the hard drive or the backup CDs. Note: After the end-user has successfully made a CD backup, the CD media creation option does not appear.

Gateway resumed the shipping of Operating System CDs with all new systems purchased directly from Gateway in June 2005. These systems still include a recovery partition on the hard drive which includes the drivers and applications. If a end-user wants the drivers and applications on CD media in addition to the Operating System, the end-user can use the Recovery utility program to create the CDs themselves. However the end-user must provide their own blank media.

Gateway System Recovery (R2) (available June 2005):

Key differences with Gateway System Recovery R2

• Business Account end-users will receive both a CD with Operating System files and a CD containing Drivers and Applications.
• Consumer-based systems will only receive a CD with Operating System files. Both Consumer and Business end-users can still create a Drivers and Applications CD from the start menu.
• The Operating System files are included on a CD labeled “System Recovery CD/DVD”
• When recovering a computer with this new solution, half of the solution is on the System Recovery CD/DVD and the other half is on the recovery partition and/or the Drivers and Applications CD.
• There is no prompt to create the recovery media set or a Drivers and Applications CD.
• The Recovery Media Creator icon has been removed from the start menu to prevent the user from creating additional backup media that has Operating System files.
• No blank recovery media is provided with the computer.
• On the factory load of the hard drive, the recovery partition will not contain operating system files. It only contains application and driver files.
• The first time the recovery partition is used, it prompts the user to insert their System Recovery CD/DVD to copy files from the CD to the recovery partition.
• The Drivers and Applications CD is not bootable and does not contain Operating System files.
• The System Recovery CD/DVD is bootable but does not contain any application or driver files.
• If the end-user erases the hard drive and restores the computer using the System Recovery CD/DVD and an Applications and Drivers CD, the recovery partition is not recreated

Additional information & tutorials regarding Gateway System Recovery can be found here.