General Computer Information
Home
Hardware Troubleshooting
Not
all computer problems are caused by viruses and malware. While I like
to think of computers as my little silicon-based lifeform friends, they
are really just machines and machines break down. Here are some basic
hardware troubleshooting steps:
Open the computer and run it open after cleaning out all dust bunnies.
Be careful when you clean; use compressed air and be gentle. Observe
all fans (overheating will cause system freezing and/or crashing). This
includes the fan on your video card if you have one. Obviously you
can't do this with a laptop, but you can hear if the fan is running and
feel if the laptop is getting too hot. For a desktop, without touching
anything, hold your hand close to the inside of the case and feel how
hot things are getting.
Test the RAM - I like Memtest 86+ from http://www.memtest.org.
Obviously, you have to get the program from a working machine. You will
either download the precompiled Windows binary to make a bootable
floppy or the .iso to make a bootable CD. If you want to use the
latter, you'll need to have third-party burning software on the machine
where you download the file - XP's built-in burning capability won't do
the job. In either case, boot with the media you made. The test will
run immediately. Let the test run for an hour or two unless errors are
seen immediately. If you get any errors, replace the RAM. It is
extremely important that you get RAM that is compatible with your
motherboard (and the RAM already in the machine). Crucial Technology
has a Memory Selection Tool on their website.
Test the hard drive with a diagnostic utility from the drive manufacturer. If you aren't sure what drive you have or can't find a utility for it, Seagate's SeaTools for DOS
can test non-Seagate drives. Download the file and make a bootable
floppy or CD with it. Boot with the media you created and do a thorough
test. If the drive has physical errors, replace it.
The power supply may be going bad or be inadequate for the devices you have in the system.
The adequacy issue doesn't really apply to a laptop, although of course
the power supply can be faulty. For a desktop, test by swapping out the
PSU for a known-working one. If you have one of the higher-end video
cards that requires a separate power supply connector, make sure it is
in place.
Test the motherboard with something like TuffTest from http://www.tufftest.com. Sometimes this is useful, and sometimes it isn't.
Testing hardware failures usually involved swapping out suspected parts
with known-good parts. If you can't do the testing yourself and/or are
uncomfortable opening your computer, take the machine to a professional
computer repair shop (not your local version of
BigComputerStore/GeekSquad). Have all your data backed up before you
take the machine into a shop. Of course, if you are in the
Fresno/Clovis area Elephant Boy Computers is happy to help!
Back to top
Home
Backing Up
Back up your data!
That way when ugly things happen to your computer (and I say "when",
not "if"), you will not lose all your precious stuff. Data is any
information you entered in yourself; e.g., your financial records,
calendar, favorites (also known as "bookmarks"), email, address book,
pictures, music files, etc. Data is not the program itself. You can
always reinstall Microsoft Office or Quicken from CD. Here is a brief
description of some backup tools and my suggestions as to the best
method.
Tape drive
- Unless you have a business and a high-end tape drive/software
package, don't use a tape drive. The less expensive ones can be
unreliable, as well as difficult to use and understand. Since tape is a
continuous backup, the data must all be restored and you can't recover
just one document recorded somewhere in the middle of the tape.
Floppy disks
- Floppies are the worst media
you could choose.
They are
fragile and the data is easily corrupted (leaving a floppy next to a
monitor for any length of time can destroy all the data). Also,
sometimes floppies used in old drives can only be read on those drives,
which defeats the purpose. A floppy disk holds 1.44 megabytes
(MB) of data, which is not much in today's world of big files. Most
modern computers don't even come with a floppy drive any more. If you
find you need one, you can always buy an external USB floppy drive.
Zip and
Jaz-Type Drives - To
overcome the size limitations of floppies, Iomega created the
Zip Drive.. Zip disks hold either 100, 250, or 750 MB of data. Jaz
disks hold up to 2 Gigabytes (GB). A Zip Drive can be internal or
external. Transferring data to a Zip disk is slow, and the disks
are expensive. Now that CD/DVD-RW drives are inexpensive and almost
universally available, the Zip Drive is no longer the best backup
solution. I would not bother installing a Zip or Jaz Drive in a
computer any more.
CD-RW Drives
- CD burners are cheap now. A
CD-ROM
can hold 650-800 MB of data. CD-RW disks can be erased and
rewritten, but are not always reliable because they can't be read on
all drives. With
CD-R disks so inexpensive, they are a good choice for backup at this
time unless your data files are very large; then get a DVD burner (see next item). I would only replace a CD-RW drive with a DVD-RW drive now.
DVD Drives - Single-layer DVD disks can hold
roughly 4.5 GB of data; dual-layer drives can burn twice as much data
to one side of a disk (naturally you need to buy the right disks).
DVD burners are the wave of the
future, so if you are considering buying a recordable drive and you
have lots of data to back up, you should buy a DVD burner. The
media is still more expensive than CD-R's, but you obviously use fewer
disks. If you buy a retail DVD burner, burning software will come with
the drive. If you buy white box (not retail), you will need to buy
burning software. I like Nero's software, but it does cost around $100.
This can eat up any savings you got from buying white box, so I usually
suggest just getting a retail burner. Most computers from big OEM's
like Dell and HP come with a DVD-RW drive as standard equipment now.
When buying a new computer, I would definitely suggest getting this
option.
External hard
drives,
USB thumb drives
- USB or
firewire-connected external hard drives are coming down in price.
If you routinely need to back up very large amounts of data and will
remember to put the drive in a safe place (it won't do much good if a
fire destroys your computer and the backup drive sitting next to it!),
this might be the way to go. USB thumb drives are great also, but
remember that they can break or become damaged. I still feel that it is
a good idea to regularly back up to additional removable media like
CD-R or DVD's because your external hard drive or thumb drive can die
too. Okay, I admit it - I'm obsessive about backups, but I've done a
lot of data recovery for weeping clients so maybe that's why.
Network-Attached Storage (NAS)
- These devices are hard drives running an operating system - usually
Linux - that is transparent to the end user. The NAS device connects
directly to your network by ethernet so is available to all computers
on your Local Area Network (LAN). The cost of NAS devices has decreased
radically so they are an excellent choice for small businesses and
large home LAN's. I would still back up the data to DVD in addition to
the NAS because I like a layered backup strategy Just To Be Sure.
No matter how you do it, back up your data often. Although Elephant Boy
Computers cannot take responsibility for your data backups, if
you need help in learning how to do it we are happy to provide training.
What to do
if you didn't back up
Let's face it, sometimes disaster strikes and you
didn't back up your data. A lot of the data recovery success (and cost
of the process) depends on what caused the disaster. If your computer
is infected with a virus that hasn't destroyed all data, there are
various methods that Elephant Boy Computers can use to recover the data
before reinstalling Windows. Please note that data recovery is
time-consuming and therefore not cheap. Even if we are able to recover
data, we cannot warrant that all of the data you need will be
recovered. We will do our best, which is a lot better than that Very
Big Computer Store will do for you (they will normally not attempt to
save your data, but simply reinstall Windows); however, we do not take
responsibility for your data. There's no sweet way to say this: you
should have made backups.
If the hard drive is unbootable or too badly
corrupted and the data on it is important, then all is still not lost.
The data recovery wizards at DriveSavers can perform what certainly look like miracles. If you are an Elephant Boy Computers
client and we are not able to help you, if you decide to use
DriveSavers you are eligible for a discount. Data recovery from a
company like DriveSavers is not inexpensive, but in our admittedly awed
opinion completely worth it if your data is vital. It is my
understanding that some insurance companies will now cover data
recovery expenses so check with yours.
Back to top
Home
Reinstalling Windows
Post-disaster - either because of hard drive failure or because of
viruses/malware that have damaged the operating system beyond repair -
you will be faced with the necessity to reinstall Windows. Whether we
do this or you do this, you will need:
1. A CD/DVD of the Windows operating system and a Certificate of Authority bearing the Product Key
- If you bought the computer from a system builder, the Product Key is
normally on a sticker on the side or back of the computer (it will be
on the bottom of a laptop). If you bought a retail copy, the
Certificate of Authority with Product Key was in the box, usually on a
brightly colored sticker marked "DO NOT LOSE THIS". We hope you didn't
lose it, because without the proper Key it is not possible to reinstall
Windows without buying a new copy. If you have proof of purchase, you
can contact Microsoft for a replacement copy; otherwise you will be
stuck buying one. For this reason, I strongly suggest that you do not
buy a computer at a yard sale or flea market. You won't have any
assurance about what you are getting, whether it will work, and whether
you have a legal copy of Windows. If you have an OEM ("Original
Equipment Manufacturer") computer such as one from HP, Sony, Compaq,
eMachines, etc. you may not have physical disks or you may have a
Recovery Disk.
Legally, a system
builder who preinstalls a Windows operating system must give the
customer a way to return the computer to factory condition. They can do this by providing:
A. A physical CD/DVD with the actual operating system on it. If an OEM
version (as opposed to retail), there must be a Product Key sticker on
the computer. If you have the Product Key sticker, a local computer
shop may be willing to install Windows for you since the product key is
your license, not the physical media. Elephant Boy Computers adheres to this reinstallation policy.
B. A physical CD/DVD with an image of the operating system as installed
at the factory - sometimes known as Recovery or Restore Disks.
C. An image of the operating system on a special partition, sometimes hidden, on the hard drive.
Refer to your computer manual for which method was used. If you
purchased a used computer from "a friend", yard sale, or unscrupulous
local computer shop and did not receive the Product Key, I'm afraid you
will have to buy a copy of Windows.
2. Various drivers
- All hardware inside your computer (or connected to the outside, like
a printer) including the motherboard (the large circuit board that
everything plugs into) has related software called a "driver" which
tells the operating system (Windows) how to use the hardware. For
example, Windows might recognize that you have a sound card plugged
into the motherboard, but if the proper drivers aren't installed
Windows won't know what to do with the sound card and you won't have
any sound. You should have received installation media for the drivers
when you bought your computer. If you didn't, Elephant Boy Computers can identify the hardware in your machine and in most cases find drivers. This does take time, however.
3. CD/DVDs (or installation executables backed up for downloaded programs) for whatever programs you would like to reinstall.
An operating system (Windows) does not come with word processors,
spreadsheets, etc. If you have Microsoft programs such as Works or
Office, be sure you have the necessary Certificate of Authority with
Product Key. OEM machines normally come with bundled preinstalled
software and you should have received a way to reinstall that software
- you might have separate CDs or it might be included on a Recovery
Disk.
4. Information regarding how you connect to the Internet - your Internet Service Provider (ISP), your settings, your user name and password. If you don't know the settings, Elephant Boy Computers
can get them, but only you know your user name and password. If you
have lost that information, you will need to call your ISP and get your
user name and a new password. Write them down!
5. Information about other specialized software you use - Read more about this and disaster planning in the 11/2/05 Elephant Boy Computers report here.
Back to top
Home
Maintenance
I really don't suggest using a maintenance suite on Windows XP, and
certainly not on Vista. Registry cleaners cause more harm than good.
Stay away from so-called "system optimizers". They are not necessary at
best - at worst they can be malware and/or trash your system. XP and
Vista have far better built-in maintenance tools than earlier Microsoft
operating systems did.
Run Disk Cleanup once a week. Go to Start>Run>cleanmgr [enter].
Run Disk Defragmentor once a quarter in XP
unless you routinely work with very large files; in that case once a
month is better. Vista's Defragmentor runs in the background. XP is
usually installed using the NTFS file system which doesn't get as
fragmented as the FAT16 or FAT32 file systems of DOS, Win9x/ME. Vista
only uses NTFS. In XP, go to Programs>Accessories>System Tools to
find the Defragmentor. Be sure no other programs are running in the
background, particularly antivirus programs or screensavers. Unlike in
Win9x/ME, it isn't necessary to defrag in Safe Mode in XP.
Scan for spyware with programs like Ad-aware or Spybot Search & Destroy weekly. Vista has Windows Defender built in and this is adequate for most people. There are links and more information in the Viruses/Malware section.
Always have a current version (not more than 2 years old) antivirus installed and keep the definitions updated.
Weekly scans are fine, but the most important thing is to have an
active subscription so your virus definitions are up-to-date.
Do not run unknown programs.
Only install programs you need and which come from a trusted source. Be
extremely cautious about opening email attachments; they are not safer
if they come from someone you know. Do not EVER
run a program that you received from an instant message and do not
click on links in an instant message. Do not do file-swapping. See the
section on Viruses/Malware for more information.
Uninstall unwanted programs by using the Add/Remove Programs applet in Control Panel. Do not simply delete the folders.
Thou Shalt Not Run Beta Software.
Beta software is still in the experimental stage. All the bugs have not
been found and fixed. Even if the program is tempting, it is better to
wait until the final version is available, unless you like Living On
The Edge. Or reinstalling Windows.
Back to top
Home
Basic Security
Hackers - What can you do to protect yourself against hackers? Hang
garlic braids on your computer. No, wait, wrong problem. Actually,
unless you have a high profile or have posted a message on a hacker
board saying, "Neener, neener, neener you can't catch me", you probably
won't be attacked. However, there are plenty of script kiddies (kids
who really don't know much about programming but have downloaded
hacking tools) out there. Do not connect a Windows computer to the
Internet without a firewall in place.
Protect yourself by -
1. Turn off File/Printer sharing if you don't need it. Remember that
when you are on the Internet, you are connected to everyone else in the
world who is online at that moment.
2. Most people have a broadband Internet connection (DSL or cable) now.
Even if you only have one computer, it is a good idea to purchase a
router to sit between ytour computer and the cable/DSL modem.
3. Use a firewall. Windows XP Service Pack 2 and Vista have built-in firewalls which are adequate for most people.
Spyware - A good definition of spyware, taken from the excellent Wikipedia is:
"In the field of computing, the term spyware refers to a broad category
of malicious software designed to intercept or take partial control of
a computer's operation without the informed consent of that machine's
owner or legitimate user. While the term taken literally suggests
software that surreptitiously monitors the user, it has come to refer
more broadly to software that subverts the computer's operation for the
benefit of a third party.
"In simpler terms, spyware is a type of program that watches what users
do with their computer and then sends that information over the
internet. Spyware can collect many different types of information about
a user. More benign programs can attempt to track what types of
websites a user visits and send this information to an advertisement
agency. More malicious versions can try to record what a user types to
try to intercept passwords or credit card numbers. Yet other versions
simply launch popup advertisements."
To see what, if any, spyware you have on your system, go through at least some of the steps in the "Removing Malware"
section. Bear in mind that many ad-supported programs will not work if
you disable the spyware components. The choice is yours.
File-Swapping (or File-Sharing)
- Another common security breach is the practice of peer-to-peer
file-swapping. Most people have heard of Napster, which
brought file-swapping into the mainstream consciousness.
Basically, people could connect to a special network and swap files
with each other. Although Napster no longer exists in its earlier form,
there are many other popular file-swapping programs such as LimeWire,
Bearshare, Grokster, KaZaA, and WinMX. Music files in the popular
mp3 format are the most commonly traded but any file can be swapped,
such as movies and pirated commercial software. Peer-to-peer
file-swapping is an extremely controversial issue.
I'm not going to address the morality of the practice, but you should
know that if you are file-swapping, your computer's security is
breached. File-swapping programs create a "Shared Folder" on your hard
drive where you put the files you wish to make available to
others. Windows 9x and ME are inherently insecure operating
systems. If you are using one of those operating systems and you enable
file sharing of one folder, your entire hard drive is open to the
world. Windows XP can be made more secure, but it is still risky to do
file-swapping. If you use your computer for business or have
important personal information on it, those files are potentially
compromised, along with all your passwords. Additionally, you take the
chance of downloading some sort of malware with your mp3's. Trojan
horses and viruses have frequently been found in the KaZaA and LimeWire
programs. If you decide to participate in file-swapping, be aware
of the risks. I tell clients that file-swapping is like being in bed
with 50,000 teenage boys. You are basically bringing a file into
your computer and you have no idea whether the computer it came from is
clean (virus-free), whether the file-swapper you got it from is
malicious or not. The best thing, aside from refraining from
file-swapping, is to use a separate dedicated computer containing no
important data. A separate hard drive is not a good solution,
because it is vulnerable to infection from the main drive. There
are now many legitimate places to download music, such as iTunes or Real's Rhapsody.
Back to top
Home
Viruses/Malware
All viruses, trojan horses, and worms are malicious pieces of code
(known collectively as "malware") which can damage your data. Viruses
are designed to spread themselves from one file to others in a single
computer. They can cause everything from lost data to inaccessible
files. In some cases, a virus can do permanent damage to the computer.
Worms are like viruses in that they also replicate themselves, but they
are designed to spread from computer to computer, infecting an entire
network. Trojan horses are aptly named - they are programs usually
disguised as something useful or desirable, but their true nature comes
with a hidden surprise. The Trojan might "phone home" all your
passwords and/or financial information. It might enable the Bad
Guy to control your PC and steal or damage your data, or even turn your
PC into a zombie to attack websites.
Before Internet use was as widespread as it is now, viruses were most
often passed from user to user by infected floppy disks. Now the
most common way of malware transmission is by opening email attachments
and by doing file-swapping.
Virus hoaxes are usually passed on as email messages, and are intended
to scare people about a non-existent threat. Users often forward
these "alerts" to everyone they know, thinking they are doing a good
deed. However, virus hoaxes cause lost productivity, panic, and
clog email servers. Hoaxes can be a serious threat to email
systems. If enough messages are sent, they can bring down a
server. There are many Internet sites devoted to hoaxes.
Check at the Symantec Antivirus Research Center or at one of the other antivirus sites before you click that "Send" button.
Protect yourself by buying and using a good antivirus program. Keep
your subscription active and your virus definitions updated. Don't open
email attachments unless you are expecting one and you have scanned it
with your antivirus. I don't care if it's from your mother. Delete it
unopened and tell Mom not to send you that "cute little screensaver"
ever again.
Common mistakes made by end users are using an obsolete version of
their antivirus and letting their antivirus subscription lapse.
If you are presently using an antivirus version earlier than 2005, do
not renew the subscription for it but rather replace it with a current
version. An older antivirus will not be as useful in protecting you
since the virus/malware scene has radically changed since before 2005.
Things move fast in the computer world.
Antivirus programs work by looking for known virus-like
activities/characteristics. The antivirus program "learns" about all
the new viruses by checking with the program's server for new virus
definitions. When it finds the new definitions, it will download them
and install them automatically so now instead of knowing about 215,000
viruses (for example) your antivirus program knows about 235,000. You
get the right to new definitions by subscribing. Running an antivirus
program with an expired subscription (and hence having outdated virus
definitions) is almost worse than having no antivirus at all because it
gives a false sense of security; you think you're protected when you're
really not.
Back to top
Home
Removing Malware
Some non-viral spyware can be as destructive to your ability to use your computer the way you want to as a virus. We here at Elephant Boy Computers are wizards at getting rid of malware, but if you want to clean up your computer yourself here are some general removal steps.
Please understand that cleaning up malware can require a lot of patience and skill.
We're seeing new malware that does things like make itself into a
service on Windows XP/Vista computers, be guarded by another piece
of the malware and respawn with a random name, break antimalware
applications, and lots more destructive behavior. Some recent variants
of the Vundo trojan install a rootkit (which is hidden) and are
extremely difficult to remove. If you look at the
instructions below and think, "Whoa - too hard!" then do yourself a
favor and take the machine to a professional computer repair shop (not
your local equivalent of BigStoreUSA). There is no shame in doing this.
Please be aware that not all local shops are skilled at removing
malware and even if they are, your computer may be so infested that
Windows will need to be clean-installed. Have all your data backed up
before you take the machine into a shop. Of course, Elephant Boy Computers
is available to do this for you but if you are out of our service area
(the UK for instance, although if you'll buy me a plane ticket I'll
come!) please be truthful with yourself about your ability to do the
work yourself. I don't hesitate to take my car to the mechanic or call
the appliance guy if my washing machine is on the fritz.
I must stress that these are general removal steps. When I clean a
client's machine, I examine the files on the machine very carefully.
Because I have worked on Windows operating systems for many years, I am
able to distinguish between an operating system file and Something
Else. An end user cannot do this. I'm not dissing your Mad Skilz, but
frankly if you really have Mad Skilz I doubt you're reading this.
Another important thing to remember is that malware is constantly
morphing into different variants in an effort to foil removal efforts
by The Good Guys. The Good Guys fight back by being ever-vigilant,
working with the new malware variants in order to update the removal
tools, and sharing experiences among ourselves. Because of the
sometimes-daily malware morphing, a removal technique on this website
might not work for you. There is still hope. You can always have a
professional (like Elephant Boy Computers!)
work on the machine, but there are other sources of malware removal
help. Other malware-specific tools exist that I do not cover here. See
the links to malware-fighting forums at the end of this section here, as well as the more general "Getting Tech Support" area here.
Note: The tools I suggest using for malware removal are free.
If you are getting popups saying that your computer is infected and you
can get it cleaned up for a price, this is not legitimate. See the Smitfraud/Spyaxe section for details.
Vista and Removing Malware
- Because Vista is still new, some of the steps below will not work or
will need to be modified to work on Vista. You will need to make sure
that you have full administrative privileges. First make sure that the
removal tools you want to use are Vista-compatible. Then run them
elevated (Run As Administrator). David Lipman has tweaked his Multi_AV
program to work with Vista (see notes in that section for details) and SuperAntiSpyware is Vista-compatible and works well. Other specialized programs like S!Ri's SmitFraudFix
utility are being worked on so they will be Vista-compatible. Vista
users who get infected may need expert direction; a good solution (if
you are not bringing in your computer to be fixed by Elephant Boy Computers!) is to post in one of the specialty HijackThis forums listed here.
A.
Preliminary Preparation
1. Before anything else, take the machine into Safe Mode.
To get to Safe Mode, repeatedly tap the F8 key as your computer is
starting up. This will get you to the correct menu where you can choose
"Safe Mode". Use your Arrow keys to navigate; the mouse will not work
here. After you've cleaned up your computer, simply allow the machine
to boot normally and it will go into Regular Mode.
Since you will be scanning in Safe Mode with no Internet access, this
means that you should get any tools and updates from a different,
known-clean computer which has Internet access. Either use that
computer's CD/DVD-RW drive to burn the files you get onto a CD-R or
transfer the files using a USB thumbdrive with enough capacity to do
the job. If you don't have another computer, then get what you need
from a friend's computer or take the machine to a professional.
I do not suggest using online virus scanners because viruses and
malware will be active in Regular Mode and while the machine is on the
Internet. A computer infected with one of the many trojans that spews
spam and/or virus-laden emails or malware that downloads even more bad
stuff to the infested machine has no business being on the Internet.
2. Disconnect any suspect computers from all networks.
This means disconnecting from the Internet and your Local Area Network
(LAN) if you have one. If you have multiple computers on a network and
one computer was infected with a network-aware worm, you will need to
clean all computers on that network before connecting the LAN again. If
you connect your nice, clean computer to a LAN with infected machines,
it will just get infected all over again. Trust me on this. Yes, this
is a lot of work but if you try and cut corners you'll wind up spending
even more time on the job.
3. Make sure you are able to see all hidden files and extensions (View tab in Folder Options). In XP, there are four checkboxes to deal with:
a. Check "Display the contents of system folders".
b. Check "Show hidden files and folders".
c. Uncheck "Hide extensions for known file types".
d. Uncheck "Hide protected operating system files" and click "OK" to the dialog box.
4. Delete all Temporary and Temporary Internet Files, uninstall older versions of Java (removing all Java files/folders).
a. For Internet Explorer's Temporary Files, go to Control
Panel>Internet Options>General tab. You'll see where you can
delete cookies and files.
b. For Firefox, clear its cache by going to Tools>Options>Privacy>Cache> Clear.
c. For Windows Temporary files, Start>Run cleanmgr [enter]. Run the Disk Cleanup.
d. To clear Sun Java's cache, Start>Settings>Control
Panel>Java applet>Cache>Clear or follow the same path to the
Java applet and then to General>Settings>Delete files. You should
also make sure that you have the latest version of Java. Uninstall all
older versions and get the latest version from the Java website here: http://www.java.com/en/download/index.jsp
5. Uninstall any known malware from Add/Remove Programs if there is an entry for it.
This usually will do no good (the Bad Guys commonly lie about the
effectiveness of their uninstaller), but nevertheless you can try it. A
lot of malware will attempt to open your browser during the "uninstall"
process - often to download more garbage - but since you are in Safe
Mode and can't connect to the Internet, just close out of the browser
and move onto the rest of the cleanup.
B.
Scanning for viruses
1. You should have a full-featured current version (not earlier than
2006) antivirus installed using updated definitions. If you do not have
a full-featured antivirus installed or you let your subscription lapse,
there is a high probability that your computer is infected. In that
case, do not try and install an antivirus until you have run either
TrendMicro's Sysclean (instructions below) or David Lipman's Multi_AV (see details here).
2. After you have done the initial scanning with one of these
first-line tools, get and install a full-featured antivirus. Update its
definitions and do a thorough scan in Safe Mode. Again, you should get
all applications and updates from a different, known-clean computer
because you should still be working in Safe Mode, not online or
connected to a LAN.
C. Scanning for non-viral malware
1. If your antivirus scans turned up a lot of trojan malware, install and update AVG Anti-Spyware
(formerly Ewido). It has a fully-functional trial version. You can
install and run it and then decide if you want to buy it later. AVG
Anti-Spyware will install in Safe Mode. Also install the updates. You
should have downloaded the full database. Go to the scan options and
set it to scan every file. After your computer is all clean if you
decide you don't want AVG Anti-Spyware, use Add/Remove Programs to
uninstall it. If the program folder remains in Program Files, delete it.
1a. You can also check to see if there are targeted removal steps for your malware here:
Bleeping Computer removal how-to's - http://www.bleepingcomputer.com/forums/forum55.html
2. Install and update Malwarebytes' Anti-Malware. Malwarebytes also make RogueRemover and you may wish to run that also. Follow
instructions as to how to scan. There is a free version of
Anti-Malware, although you can purchase it later if you like it and
want to support its creators.
3. Install and update Spybot Search & Destroy.
Do a complete scan. Spybot will install in Safe Mode. Like Malwarebytes' Anti-Malware, I
suggest you keep it and make weekly scans with it as part of your
regular computer maintenance.
Note: If you have the Smitfraud/Spyaxe/Spyfalcon/SpywareQuake crap, see below for specific removal instructions.
If you have Winfixer or one of its variants such as WinAntivirus (Vundo), see below for specific removal instructions.
4. If the malware remains even after you've done all this, it is time to get guided help. Choose one of the specialty forums listed here (in no particular order). Register and read its posting FAQ. You will generally be asked to:
1. Download and execute HiJack This! (HJT) - http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
2. Disable Notepad's word wrap - In Notepad.exe; Format --> uncheck; "Word wrap"
3. Download/run Deckard's System Scanner - http://www.techsupportforum.com/sectools/Deckard/dss.exe
4. Save the scan results (Main.txt and Extra.txt)
5. And then post the contents of Main.txt and Extra.txt in your post at the forum you chose.
D. Recap of what you
will need to have on-hand before you start the cleanup process
1. LSPFix or WinSockFix
for XP - see
links - in case the malware
removal breaks your Internet
connectivity. If you have XP SP2, you don't need either program since
you can repair the connection from the commandline:
Start>Run>cmd [enter]
netsh winsock reset catalog
[enter]
2. Sysclean or Multi-AV
3. Full-featured antivirus with updates downloaded separately for
manual update
4. Ewido and most recent database file
5. Ad-aware and most recent definitions file
6.
Spybot Search & Destroy and most recent definitions file
7. HijackThis
8. Possibly Process Explorer and
Killbox
E. After the machine is clean
1. If you are running Windows ME or XP or Vista, you should disable/enable System Restore after the system is clean
because malware will be in the Restore Points. With ME, you must
disable System Restore completely. With XP, you can delete all but the
most recent System Restore point from the More Options section of Disk
Cleanup (Run>cleanmgr) so make a nice new clean Restore Point and
delete all the others.
2. Make sure you've visited Windows Update and applied all security patches. Do not install driver updates from Windows Update.
3. Run a firewall.
4. Practice "Safe Hex"! See these sites for information on not getting infested again.
http://www.wilderssecurity.com/showthread.php?t=27971 - So How Did I Get Infected Anyway?
http://www.claymania.com/safe-hex.html
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://www.microsoft.com/security/protect/default.asp - Protect your PC
http://www.getsafeonline.org/
https://www.mysecurecyberspace.com/
http://www.getnetwise.org/
http://www.spywarewarrior.com/rogue_anti-spyware.htm - Eric Howes on Rogue Antispyware Programs
F. Additional notes
Malware writers have gotten even more clever and their evil products
more complex. Other steps I normally take with more complex malware are:
1. See if the malware is running as a service and if so, stop and disable it. To examine services on an NT-based machine:
Start>Run>services.msc [enter]
2. Use a combination of HijackThis, Systernals' free Process Explorer, and Killbox
to stop any malware that has put hooks into explorer.exe (the Windows
shell). I also use the advanced HijackThis tools and sometimes the
excellent Autoruns program from Systernals.
3. Manual examination and deletion of bad files.
4. Various other magical procedures, burnt sacrifices, and rituals. And no, I'm not going to tell you what they are.
Important -
Again, if the infestation requires the use of HijackThis and/or any
other advanced tools, you must know what you are doing. Unless you have
a high level of computer skills with an emphasis on removing malware
(and if you do you probably aren't reading this!), if you are at the
point of needing to run HijackThis you should post your log to one of
the HJT forums listed below and let the experts there help you - OR
take your machine to a professional.
G. Links to help with malware
Software/Methods:
http://www.safer-networking.org - Spybot Search & Destroy
http://www.lavasoftusa.com
- Ad-aware
http://www.malwarebytes.org/index.php - MalwareBytes
http://aumha.org/free.htm
- HijackThis
http://www.silentrunners.org
- SilentRunners
http://www.cexx.org/lspfix.htm
- Repair Winsock 2 settings after removing spyware
http://www.spychecker.com/program/winsockxpfix.html
- WinsockXPFix.exe
http://www.ewido.net/en/ - AVG Anti-Spyware (formerly Ewido)
http://www.superantispyware.com/
HijackThis:
http://www.atribune.org/forums/index.php?showforum=9
http://www.aumha.org/a/hjttutor.htm
- HijackThis tutorial by Merijn
http://aumha.net/ - Click on the HijackThis forum
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42
- HijackThis tutorial
http://castlecops.com/forum67.html
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.dslreports.com/forum/cleanup
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://spywarewarrior.com/viewforum.php?f=5
- Spyware Warrior HijackThis forum
http://forums.techguy.org/54-security/
http://forums.tomcoyote.org/
General:
http://aumha.net - look under
"Security" for various forums
http://rgharper.mvps.org/cleanit.htm
http://mvps.org/winhelp2002/unwanted.htm
http://www.spywarewarrior.com/rogue_anti-spyware.htm
http://www.bleepingcomputer.com/
http://www.spywareguide.com/index.php
Back to
Removing Malware
Back to top
Home
TrendMicro's Sysclean
TrendMicro's
Sysclean is an
extensive antivirus tool which has the advantage of not needing to
be installed. It requires two parts - the scanning engine and the virus
pattern files. Delete all Temporary and Temporary Internet Files before
running the program.
1. Create a new folder on your
Desktop or the C: drive named something
useful like "Sysclean".
2. Go here and download the two
parts of the program to that folder:
http://www.trendmicro.com/download/dcs.asp
- Sysclean
http://www.trendmicro.com/download/pattern.asp
- virus pattern files
The pattern files will be zipped -
extract them with your unzipper
(like WinZip) or if you have XP, you can just open the folder. You need
to put the extracted files in the Sysclean folder you made. For a more
automated way to get Sysclean, use Dave Lipman's Sysclean_FE from
http://www.ik-cs.com/got-a-virus.htm .
3. Restart your computer in Safe
Mode. Get into Safe Mode by repeatedly
tapping the F8 key as the computer is starting up to get to the proper
menu.
4. Go to the Sysclean folder you
made and double-click on sysclean.com.
Start the scan. After the scan is finished, look at the log. You may
need to make a note of where any viruses were found if they were not
able to be removed so you can manually delete them.
David Lipman's Multi-AV
If you are using Vista, you must
run elevated. As of this writing (7/07), the McAfee and Sophos modules
are compliant. The TrendMicro module is not Vista-compatible but
apparently will still work. The Kaspersky module is still a DOS scanner
so will work on files but not on Win32 constructions like the Registry.
This is the same behavior as it was under Windows 200, Windows XP, and
Windows 2003 Server.
The download link is here and some additional instructions are here:
http://tinyurl.com/yoeru3
To use this utility, perform the following:
Execute: Multi_AV.exe (Note: You must use the default folder C:\AV-CLS)
Choose: Unzip
Choose: Close
Execute: C:\AV-CLS\StartMenu.BAT (or double-click on "Start Menu" in C:\AV-CLS)
This will bring up the initial menu* of choices and should be
executed in Normal Mode first. This way all the components can be
downloaded from each respective AV vendor’s web site. The menu
choices are Sophos, Trend, Kaspersky, McAfee. Exit the menu and reboot
the PC.
*When the menu is displayed hitting ‘H’ or ‘h’ will bring up a PDF help file.
The package includes three additional DOS BAT files:
C:\AV-CLS\DOSCLEAN.BAT; C:\AV-CLS\KAVCLEAN.BAT; and
C:\AV-CLS\SOFCLEAN.BAT. They are for use on a Win9x/ME PC or on a
Win2K/WinXP PC that is using FAT32 after you have booted from an
Emergency Boot Disk (EBD) or DOS disk and have already executed
C:\AV-CLS\StartMenu.BAT and selected McAfee and or Sophos from the
menu. These batch files will execute their respective DOS CLS. If
needed, DOS disk boot images can be obtained from http://www.bootdisk.com/bootdisk.htm
If you are on a NT4, Win2K, WinXP or Win2003 Server that is using NTFS
partitions, you can obtain a free, personal copy of NTFS4DOS and create
a NTFS compliant DOS boot disk from http://www.datapol-technologies.com/dpe/freeware/index.html
After you boot from the DOS Boot Disk you would execute;
C:\AV-CLS\DOSCLEAN.BAT -- for the McAfee DOS Command Line Scanner
C:\AV-CLS\SOFCLEAN.BAT -- For the Sophos DOS Command Line Scanner
C:\AV-CLS\KAVCLEAN.BAT -- For the Kaspersky DOS Command Line Scanner
You can choose to go to each menu item and just download the needed
files or you can download the files and perform a scan in Normal Mode.
Once you have downloaded the files needed for each scanner you want to
use, you should reboot the PC into Safe Mode (F8 key during boot) and
re-run the menu again and choose which scanner you want to run in Safe
Mode. In each scanning module you will be prompted if you want to scan
at that moment or not; if you choose to perform a scan, the McAfee and
Sophos modules will prompt you if you want to scan a specific folder or
location. The Trend Sysclean module uses the Sysclean GUI which also
provides the ability to scan a selected folder or location. So with
this utility one has the ability to scan in Normal Mode, Safe Mode, a
selected folder or location and to scan FAT32 and NTFS partitions after
booting from a DOS Boot Disk. The application and usage will depend
upon the needs to disinfect the system. To improve the efficacy of the
scanning process, it is suggested that you also read the following
information:
"How to perform a clean boot in Windows XP" - http://support.microsoft.com/kb/310353
To start the use of the Multi AV scanning front end:
Execute: C:\AV-CLS\StartMenu.BAT (or Double-click on 'Start Menu' in C:\AV-CLS)
NOTE: You may have to disable your software firewall or allow WGET.EXE
to go through your firewall to allow it to download the needed AV
vendor-related files.
Each Command Line Scanner (CLS) will create a log of what has been done.
Sophos - The files for
the Sophos CLS are located in C:\AV-CLS\Sophos and the log file is
called C:\AV-CLS\Sophos\ScanReport.TXT. At the end of the scan, it will
be displayed in in your text editor, NOTEPAD.EXE.
Kaspersky - The files
for the Kaspersky CLS are located in C:\AV-CLS\KAV and the log file is
called C:\AV-CLS\KAV\ScanReport.TXT. At the end of the scan, it will be
displayed in in your text editor, NOTEPAD.EXE.
Trend - The files for
the Trend Sysclean CLS are located in C:\AV-CLS\Trend and the log file
is called C:\AV-CLS\Trend\Sysclean.log. At the end of the scan, and
when you close Sysclean, it will be displayed in in your text editor,
NOTEPAD.EXE.
McAfee - The files for
the McAfee CLS are located in C:\AV-CLS\McAfee and the log file is
called C:\AV-CLS\McAfee\ScanReport.HTML. At the end of the scan, it
will be displayed in your browser (Opera, FireFox or Internet
Explorer).
It is suggested that you move each repective report out of the
vendor’s folder (C:\AV-CLS\<AV vendor>) or save a new copy
of the report before performing another scan. It would be good practice
to scan in both Safe Mode and in Normal Mode and to save a copy of the
report representing each session for comparison of the results.
Process Killer -
Included in the C:\AV-CLS folder is a file called killproc.txt which is
used to shutdown or kill running processes prior to scanning the
platform. There are two processes already in the text file.
Iexplore.exe (Internet Explorer) and firefox.exe (FireFox).
The objective would be to add any more names in the text file, making
sure the last line is a blank line. For example if the following files
needed to be shutdown - mszx23.exe , w32tm.exe , Tibs3.exe and
rundll32.exe
They would be appended to the list in killproc.txt - again, make sure
that the last line of the text file is a blank line. Then prior to
scanning the platform, all of the processes listed in the text file
will be shutdown (killed).
Further notes:
1. If a hosts file is found by this utility, it will be renamed
from "hosts" to "hosts.bak" since malware has a tendency to modify
the hosts file to block access to antivirus vendor web sites and
thus possibly blocking the ability to download the needed Sophos, Trend
Micro or McAfee files.
2. The directory C:\AV-CLS is hard coded and should not be changed.
3. Due to the fact that malware corrupts AUTOEXEC.NT and CONFIG.NT,
these files will be renamed to have the .BAK extension and the OS
default files restored. This will help to make sure that other software
will run correctly and without errors when using those files.
4. You may have to disable your software firewall or allow WGET.EXE to
go through your firewall to allow it to download the needed AV vendor
related files.
5. On Win9x/ME platforms a backup of WIN.INI and SYSTEM.INI will be
made (with the BAK extension) and both will be examined such that the
SYSTEM.INI SHELL= statement is set to shell=explorer.exe and the
WIN.INI LOAD= and RUN= statements are set to null. If the SHELL= line
is other than shell=explorer.exe, it will be set to shell=explorer.exe
and if the LOAD= and/or RUN= lines are not set to null then they will
be set to null since these are vectors for loading malware.
6. If you run the McAfee CLS from a DOS boot disk or from a DOS boot
disk with NTFS4DOS, the HTML log file will be truncated to conform to
the DOS 8.3 naming convention and the resultant file will be called;
C:\AV-CLS\McAfee\ScanRepo.HTM.
7. If you run the Sophos CLS from a DOS boot disk or from a DOS boot
disk with NTFS4DOS, the log file will conform to the DOS 8.3 naming
convention and the log file will be called
C:\AV-CLS\Sophos\AVReport.txt.
8. If you run the Kaspersky CLS from a DOS boot disk or from a DOS
boot disk with NTFS4DOS, the log file will conform to the DOS 8.3
naming convention and the log file will be called
C:\AV-CLS\KAV\AVReport.txt.
9. Continued use of the respective AV scanners will keep them
current since they will download the most recent signature and engine
files for you.
Smitfraud/Spyaxe/Spyfalcon/SpywareQuake, etc.
The Smitfraud Trojan
(and variants)
causes your Desktop to display an image that will say something like:
"Security warning. A fatal error in IE has occurred at 0028:C0011E36 in
VXD VMM(01) * 00010E36. Error was caused by
Trojan-Spy.HTML.Smitfraud.c. System can not function in normal mode.
"Please check your security settings. Scan your PC with available
antivirus/spyware remover program to fix the problem."
Sounds official, right? It's a scam to try and get you to buy the
scum's software. You got the trojan by downloading and running rogue
spyware programs (see MVP Eric Howes' rogue spyware list
for more information). Generic downloader programs may also attempt to
install this trojan, or possibly you ran an attachment you got with an
email. There are quite a few variants of this garbage, including SpyAxe
and SpyFalcon.
Removal and repair can be very elaborate and new variants are
constantly arising. Sometimes the "warning message" is presented as an
icon in your system tray. I'll give you a few methods, but because
there are so many variations of the malware I suggest that your first
stop be at the following BleepingComputer link to see if your
particular evil is listed. If it is, use the BleepingComputer removal
"walkthrough".
http://www.bleepingcomputer.com/forums/forum55.html
A. Method 1
Download S!ri's SmitfraudFix from http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
Follow the instructions on that webpage. It is very important that you
get the latest version, so don't use an older one that you have saved.
Dave (noahdfear) is back online and updating his SmitRem. Some people
have found it useful when SmitFraudFix doesn't get everything. Download
and How-To from http://noahdfear.geekstogo.com/
B. Method 2 from Lawrence Abrams, MVP and security expert for removing SpyFalcon:
1. Reboot into safe mode
2. Uninstall SpyFalcon from Add/Remove Programs
3. Download and merge this reg file - http://www.bleepingcomputer.com/files/reg/FixSF.reg
4. Delete the SpyFalcon folder from C:\Program Files
5. Delete dxmpp.dll from C:\Windows\System32\
C. Additional links and tools:
http://www.bleepingcomputer.com/forums/topic36868.html
http://wiki.castlecops.com/Malware_Removal:_SpyAxe_Removal
http://malwareremoval.com/plog/index.php?op=ViewArticle&articleId=48&blogId=3
http://forums.mcafeehelp.com/viewtopic.php?t=65072
http://www.superantispyware.com/ - SuperAntiSpyware is reported to remove Smitfraud variants.
If you can't enable desktop backgrounds after a virus, MVP Kelly
Theriot has a fix. Look under Wallpaper-Desktop-Disable Changing here:
http://www.kellys-korner-xp.com/xp_w.htm
If Display tabs are missing, run Kelly's registry edit on line 285, right-hand side "Restore all display tabs".
Back to Removing Malware
Back to top
Home
Winfixer (Vundo), etc.
As with the Smitfraud Trojan, I'll give you a few removal methods but
because there are so many variations of the malware I suggest that your
first stop be at the following BleepingComputer link to see if your
particular evil is listed. If it is, use the BleepingComputer removal
"walkthrough".
http://www.bleepingcomputer.com/forums/forum55.html
A. Method 1
Download and run Atribune's VundoFix.exe - http://www.atribune.org
He's got a lot of great information at that site, well worth your while
to read. Scroll all the way down to the bottom of the page for VundoFix.
B. Method 2
Download and run Adware-Virtumundo Removal Tool - http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Information on the Adware-Virtumundo Removal Tool - http://forums.mcafeehelp.com/viewtopic.php?t=57049
C. Other methods/notes:
1. Feedback from users reports that the Removal Tool here is effective - http://forums.mcafeehelp.com/viewtopic.php?t=57049
2. Symantec has Vundo removers:
http://securityresponse.symantec.com/avcenter/FixVundo.exe
http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.removal.tool.html
http://securityresponse.symantec.com/avcenter/venc/data/adware.virtumonde.html#removalinstructions
3. McAfee has a combined automated/manual removal procedure here - http://vil.nai.com/vil/content/v_127690.htm
4. Lawrence Abrams, a Security MVP, has another removal method here - http://www.bleepingcomputer.com/forums/topic18610.html
5. SuperAntiSpyware is reported to remove Vundo infections - http://www.superantispyware.com/
Back to Removing Malware
Back to top
Home
Getting Tech Support
Naturally if you are in Fresno, Clovis or the surrounding environs Elephant Boy Computers
would love your business. However, you should know that there are many
resources for computer self-help. Here are a few suggestions:
A. Microsoft's website
Microsoft has a tremendous amount of information and resources to help
you with your operating system and Microsoft programs. Your first stop
there should be the company's homepage - http://www.microsoft.com/
- where you will find links to more specific areas of interest. Each
product line has its own website, with downloads, tutorials, tips and
links to help. It is well worth spending time on Microsoft's site to
see what they have to offer. I think you will be amazed at the vast
extent of this resource.
B. Microsoft support
Each Microsoft product website has links to webpages offering different
support options. For instance, here is the main jumping off point for
Windows support - http://www.microsoft.com/windows/support/default.mspx
and here is the page for XP Home - http://www.microsoft.com/windowsxp/support/default.mspx
If you click around you'll see that in the free support category, you can get help from:
1. The huge Microsoft Knowledge Base - http://support.microsoft.com/search/?adv=1
2. No-Charge Support for virus and other security-related issues by phone - 1-866-727-2338
3. The Expert Zone, which includes scheduled online chats
4. Communities and Groups - see how to participate here
5. Free Microsoft tech support is also available for problems related
to Windows Update. You can go to their website or call them at (866)
834-8317.
6. Some products come with a set number of free support incidents.
Of course, you can always pay for Microsoft support if you need it.
C. Usenet
Some of you may have heard the terms "newsgroups" and/or "Usenet" and
wondered what they mean. As you probably know, the World Wide Web
(www.) is not the entire Internet. There are email and other
servers, and there is Usenet, an Internet discussion system that has
been around since 1979. There are thousands of newsgroups where people
post text messages (as well as newsgroups dedicated to posting binary
files) regarding particular areas of interest. Even though Usenet has
been around for so many years, it is still a thriving area of the
Internet.
Although there are free news servers on the Internet, generally your
ISP will provide free access to newsgroup servers as part of your
Internet service. You should go to your ISP's webpage for
instructions on how to set up a newsreader for their newsserver.
Some companies, such as Microsoft, provide their own news servers.
You should be aware that Usenet is often extremely "wild and wooly" and
most newsgroups are not moderated. So if your sensibilities are
tender, be warned up front. Like any society, Usenet has behavioral
conventions. The best way to participate in a newsgroup is to
subscribe, read the group for quite a while, read its FAQ (Frequently
Asked Questions, which are normally posted in each group on a regular
basis), and get a sense of the culture of the group before
posting. This is called "lurking" and is a sensible thing to do.
Microsoft hosts public newsgroups on their servers. The Microsoft
newserver is msnews.microsoft.com and no username/password is required.
These groups can be
accessed either from a web interface or with a newsreader. The nicest
thing I can say about the web interface is that it is clumsy to use and
I don't recommend it. There are many good newsreaders for Windows, but
you can use Outlook Express since you already have it. The Microsoft
groups are generally a more polite milieu than a lot of the
publicly-hosted newsgroups and many of the regular helpers are Microsoft Most Valuable Professionals ("MVP's") like I am.
How to Write a Newsgroup Post:
When you make a newsgroup post, you need to provide enough information
to get focused help. Remember that people reading your post can't see
your computer and don't know what you've done. Below is a rough
guide for writing your next post:
A. Give details about the computer and the problem(s):
1. What version of XP or Vista you are using.
2. Information about your computer:
a. Approximate age
b. If an OEM (HP, Dell, etc.) what make/model
c. Desktop or laptop
d. Amount of memory (RAM)
e. Standalone or home networked machine or member of a domain (at work)
3. Recent history of the machine, including the virus/malware status.
4. If you think the machine was virus/malware-free, what programs (and
versions) did you use to determine this? If it is not immediately
apparent which version of a program you have, usually clicking on
Help>About in the program will tell you this.
5. If this is an Internet issue:
a. How you connect to the Internet (dialup/broadband, ISP)
b. Network setup (direct to cable/dsl modem, router - make/model of router)
c. What browser you are using (such as IE7)
d. If a download issue, to where you are downloading the files (such as the Downloads folder in your user directory)
6. If you get an error message, the exact text of same and what you are doing when you get the error message.
7. If a problem with a particular program, the name and version of the program.
8. The answer to The First Question Of Troubleshooting: what changed between the time things worked and the time they didn't?
9. What you have already tried and the results.
B. Writing tips - Remember that you don't need to write deathless prose, but you do need to communicate the problem clearly.
1. Use complete sentences with punctuation and paragraph breaks. Long
unpunctuated posts with "stream-of-consciousness" writing are difficult
to read and most people won't bother.
2. Numbered or bulleted points are a good way to organize the information.
3. Don't type in all capital letters. On Usenet that is considered
shouting and rude. It also makes your post difficult to read. Everyone
understands how frustrating computers can be but alienating the very
people trying to help you (for free!) is counter-productive.
C. Posting - Now that you've got your post written with all the pertinent details, there are a few more things you want to know:
1. Multiposting/Crossposting -
If you think your question pertains to more than one newsgroup, don't
multipost; crosspost judiciously to maybe three other relevant
newsgroups. See these links for an explanation of multiposting and
crossposting:
http://en.wikipedia.org/wiki/Crossposting - crossposting
http://www.blakjak.demon.co.uk/mul_crss.htm - multiposting
2. Thread Hijacking - Don't
stick your post in someone else's thread. This is called "hijacking"
and posts like that are often ignored. Make a new post even if you
think your issue is similar. Personally, when I see a post starting
with "I have the same..." or "Me, too..." I stop reading right there
and mark the thread "Ignore".
3. Quoting - Always quote some
of the previous replies so people know what you're talking about. Lack
of quoting is a particular problem in the Microsoft newsgroups because
posters with questions so often are using the web interface (and
think they are on a forum) and helpers are using real newsreaders.
4. Patience Is A Virtue -
Don't make a new post about the same subject only a few minutes or
hours apart. Wait at least 24 hours before doing this. Other people who
participate in newsgroups live all over the world in different time
zones. The person who might have your answer could be sleeping or busy
with his/her Real Life. Before you make a second post, review your
first post one more time to make sure the fact that no one is answering
isn't Your Fault. ;-) And sometimes you just have to accept that no one
knows the answer to your question and you'll have to try other avenues
of tech support (and probably need to pay for them).
This isn't meant to be a complete list of Usenet Netiquette. Read more at some of the other links below.
About Usenet:
http://www.faqs.org/usenet/index.html
http://en.wikipedia.org/wiki/Usenet
http://www.usenetmonster.com/infocenter/
Using Outlook Express/Windows Mail as Newsreader:
http://michaelstevenstech.com/outlookexpressnewreader.htm
http://rickrogers.org/setupoe.htm
http://vistasupport.mvps.org/accessing_newsgrousp_with-windows_mail.htm
Other Newsreaders for Windows:
http://www.forteinc.com/main/homepage.php - Forte Agent
http://www.mozilla.com/thunderbird - the Thunderbird email client also does newsgroups
http://gravity.tbates.org/ - Super Gravity
http://www.40tude.com/dialog/ - 40Tude
http://xnews.newsguy.com/ - Xnews
How to Post:
How to Ask a Question - http://support.microsoft.com/default.aspx/kb/555375
How Not to Get Technical Help on Usenet - http://users.tpg.com.au/bzyhjr/liszt.html
http://www.usenetmonster.com/infocenter/articles/usenet_writing_style.asp
http://www.catb.org/~esr/faqs/smart-questions.html
http://aumha.org/nntp.htm - list of MS newsgroups
microsoft.public.test.here - MS group to test if your newsreader is working properly
http://www3.telus.net/dandemar/munad.htm - how to munge email address
http://en.wikipedia.org/wiki/Crossposting - crossposting
http://www.blakjak.demon.co.uk/mul_crss.htm - multiposting
Replying/quoting properly when using GoogleGroups - http://www.safalra.com/special/googlegroupsreply/
D. Internet Sites
There are a huge number of websites focused on computer issues. Some
sites have web forums where you can ask for help, visit with
like-minded people, or maybe even give some help yourself. Just as you
would do in RealLife(tm), be cautious about accepting the kindness of
strangers. In other words, if someone tells you to wipe your hard drive
you want to have an idea of his/her competence! No matter what the
subject, it is a good idea to look for an "About Us" link. I've got
quite a few good sites listed here. Explore!
And of course there is the Great And Marvelous Google.
Back to top
Home EBC Reports Extras Links