Warning
to my fellow computer techs about Prism Pointe Technologies
General
Computer Information
Home
Hardware Troubleshooting
Not
all computer problems are caused by viruses and malware. While I like
to think of computers as my little silicon-based lifeform friends, they
are really just machines and machines break down. Here are some basic
hardware troubleshooting steps:
Open the
computer and run it open after cleaning out all dust bunnies.
Be careful when you clean; use compressed air and be gentle. Observe
all fans (overheating will cause system freezing and/or crashing). This
includes the fan on your video card if you have one. Obviously you
can't do this with a laptop, but you can hear if the fan is running and
feel if the laptop is getting too hot. For a desktop, without touching
anything, hold your hand close to the inside of the case and feel how
hot things are getting.
Test
the RAM - I like Memtest 86+ from http://www.memtest.org.
Obviously, you have to get the program from a working machine. You want
the pre-compiled bootable ISO (.zip). Unzip the file you download by
double-clicking on it and drag the contents out. You will now have a
file called memtest86+-4/00.iso (the version number may be different).
You can delete the .zip file now. Put in a CD-R disc and start a
third-party burning program such as
Nero, Roxio or the free ImgBurn
(unless you have Windows 7, which can burn .isos natively). You will
need to burn the file as an image, not as data. Refer to your burning
program's Help if you don't know how to do this.
Leave the CD-R in your optical drive and restart your computer. When
you restart the computer you will see messages:
1.
Possibly a message that says something like "Press F12 for temporary
boot menu". If you have this message, press that function key. Use your
arrow key to select the CD/DVD drive and the computer will boot from
the Memtest86+ CD you made.
2. If you don't see a message about
a boot menu you will need to go into the BIOS to change the boot order.
This message will say something like "Press F2 to enter Setup". Press
that function key and you will enter the BIOS. Find the section about
boot and change the boot order to CD/DVD drive first, hard drive
second. Save your changes and exit Setup. The computer will boot from
the Memtest86+ CD you made.
The test will run immediately. You
can remove the CD while the test is running. Let the test run for an
hour or two unless errors are
seen immediately. If you get any errors, replace the RAM. It is
extremely important that you get RAM that is compatible with your
motherboard (and the RAM already in the machine). Crucial Technology
has a Memory Selection Tool on their website.
Test
the hard drive with a diagnostic utility from the drive manufacturer.
If you aren't sure what drive you have or can't find a utility for it,
Seagate's SeaTools for DOS
can
test non-Seagate drives. Download the file and make a bootable
floppy or CD with it. If you are using XP or Vista you need third-party
burning software such as
Nero, Roxio or the free ImgBurn. Windows 7
can burn .isos natively. Burn
as an image, not as data. Boot with the media you created and do a
thorough
test. If the drive has physical errors, replace it.
http://www.seagate.com/www/en-us/support/downloads/seatools/seatooldreg
http://seagate.custkb.com/seagate/crm/selfservice/search.jsp?DocId=201271
(how-to)
The power supply may be
going bad or be inadequate for the devices you have in the system.
The adequacy issue doesn't really apply to a laptop, although of course
the power supply can be faulty. For a desktop, test by swapping out the
PSU for a known-working one. If you have one of the higher-end video
cards that requires a separate power supply connector, make sure it is
in place.
Test
the motherboard and processor with something like the programs from the Ultimate Boot CD or Prime95.
Sometimes this is useful, and sometimes it isn't.
If you have an OEM machine (HP, Dell, etc.) and it is still under
warranty, use the OEM's hardware diagnostics if there are any. For
instance, on some of its machines Dell has a small diagnostic partition
on the hard drive accessed by pressing F12 (usually) at startup.
Although my experience is that OEM diagnostics aren't always accurate,
running them will often produce an error code which you can give to the
technical support person. Then you don't need to argue with some
bottom-tier rep about why reinstalling Windows on a broken hard drive
is useless.
Another
good way to test if problems are caused by hardware or software
(Windows) is to boot with a Linux Live CD (or Linux on a USB thumb
drive). If the system behaves beautifully under Linux then you know
Windows (software) is at fault. If you can't run Linux, then you know
the hardware is bad. I use Knoppix but there are plenty of other Linux
Live distros. A "Live" CD/USB distro means that the Linux operating
system runs entirely in RAM (memory) and doesn't touch your hard drive.
You might want to use the bootable USB thumb drive when you have a
computer with a single optical drive (like a laptop) and the optical
drive is what you want to test. Obviously you can't burn a DVD in the
drive if it is in use by the Live CD.
http://www.knoppix.net
http://www.pendrivelinux.com/
http://www.livecdlist.com/
https://help.ubuntu.com/community/LiveCD
Testing hardware failures usually involves swapping out suspected parts
with known-good parts. If you can't do the testing yourself and/or are
uncomfortable opening your computer, take the machine to a professional
computer repair shop (not your local version of
BigComputerStore/GeekSquad). Have all your data backed up before you
take the machine into a shop. Of course, if you are in the
Fresno/Clovis area Elephant
Boy Computers is happy to help!
Back to top
Home
Backing Up
Back
up your data!
That way when ugly things happen to your computer (and I say "when",
not "if"), you will not lose all your precious stuff. Data is any
information you entered in yourself; e.g., your financial records,
calendar, favorites (also known as "bookmarks"), email, address book,
pictures, music files, etc. Data is not the program itself. You can
always reinstall Microsoft Office or Quicken from CD. Here is a brief
description of some backup tools and my suggestions as to the best
method.
Tape
drive-
Unless you have a large business and a high-end tape drive/software
package and your own IT Department (and if you have your own IT, why
are you here?!), don't use a tape drive. The less expensive ones can be
unreliable, as well as difficult to use and understand. Since tape is a
continuous backup, the data must all be restored and you can't recover
just one document recorded somewhere in the middle of the tape. Quite
possibly tape is still used by huge corporations but I haven't seen a
tape drive among my small business clients for years. And in all of
those cases, the clients had no idea how to use the tape anyway.
Floppy
disks
- Is anyone still even using these?! Floppies are the worst
media
you could choose.
They are
fragile and the data is easily corrupted (leaving a floppy next to a
monitor for any length of time can destroy all the data).
Also,
sometimes floppies used in old drives can only be read on those drives,
which defeats the purpose. A floppy disk holds 1.44 megabytes
(MB) of data, which is nothing in today's world of big files and cheap
storage. Modern computers don't even come standard with a floppy drive
any more. If you
find you need one, you can always buy an external USB floppy drive.
Zip
and
Jaz-Type Drives - In the "is anyone still even
using these?!" category. To
overcome the size limitations of floppies, Iomega created the
Zip Drive.. Zip
disks hold either 100, 250, or 750 MB of data. Jaz
disks hold up to 2 Gigabytes (GB). A Zip Drive can be internal
or
external. Transferring data to a Zip disk is slow, and the disks
are expensive. Now that CD/DVD-RW drives are inexpensive and
universally available and external hard drives are dirt cheap for the
amount of storage you get, the Zip Drive is obsolete. I haven't seen a
Zip Drive in use for years and the last time I did, the client was
replacing it.
CD-RW
Drives
- CD burners are cheap and single-purpose (CD-RW-only) drives are
obsolete. A
CD disk
can hold 650-800 MB of data. CD-RW disks can be erased and
rewritten, but are not always reliable because they can't be read on
all drives. With
CD-R disks so inexpensive, they are a good choice for backup unless
your data files are very large; then get a DVD burner (see next
item).
DVD Drives - Single-layer DVD disks can
hold
roughly 4.5 GB of data; dual-layer drives can burn twice as much data
to one side of a disk (naturally you need to buy the right disks).
All modern computers come with a DVD burner now. Blu-ray
disks can hold even more and may be the next generation of optical
drives on computers (or they may not). You don't need to consider them
in terms of backup at this time.
External
hard
drives-
USB or
firewire-connected external hard drives are relatively inexpensive. I
recommend them to everyone as a great backup solution combined with
regularly burning CD/DVDs. I back up to an external hard drive
frequently during the day using Time
Machine in Mac OS X and once a month I burn DVDs and put them
in a safe place. I like the same strategy on Windows using either Second Copy or Acronis True Image.
Second Copy does just what it says: it copies whatever files you choose
to wherever you choose when you choose. I like it because it is
inexpensive, scalable, easy to use, and doesn't put the backed up data
into a proprietary format. Acronis True Image can clone drives, image
partitions, and do incremental backups.
Seagate
has created a backup appliance called "Replica"
that is an external hard drive with a specially-licensed version of
Acronis True Image running on it. I haven't tried Replica but it looks
like an interesting all-in-one solution for people using Windows
operating systems who don't want to set up True Image and an external
hard drive themselves.
USB thumb
drives
- These little drives are great, but
remember that they can break, the data can become corrupted, or they
can be easily lost. They are wonderful devices and very inexpensive
now, but not a permanent backup solution.
Network-Attached Storage (NAS)
- These devices are hard drives running an operating system - usually
Linux - that is transparent to the end user. The NAS device connects
directly to your network by ethernet so is available to all computers
on your Local Area Network (LAN). The cost of NAS devices has decreased
radically so they are an excellent choice for small businesses and
large home LAN's. Apple's Time Capsule
is in this category. I would still back up the data to DVD in addition
to
the NAS because I like a layered backup strategy Just To Be Sure.
Off-site
Backup - There are companies which provide off-site
backups by hosting your files on their servers. Normally you will run a
small client program on your computer that will upload your data files
to the company's server over the Internet (in the "cloud"). Two of the
best-known are Mozy
and
Carbonite.
I have several clients who use Mozy and are very happy with them. Being
the rather obsessive person I am about backups, even if you use an
off-site backup service I would still want data backed up locally to an
external hard drive. You know yourself best - if you know you won't
take the time to burn DVDs or there is just too much data to make this
practical - then use an off-site backup service. The cost is usually
based on whether you are a home or business user and by the amount of
data you have, but prices are very reasonable.
No matter how you do
it, back up
your data often. Although Elephant
Boy Computers cannot take responsibility for your data
backups, we are happy to set up a backup solution for you and provide
training.
What to do
if you didn't back up
Let's face it, sometimes disaster
strikes and you
didn't back up your data. A lot of the data recovery success (and cost
of the process) depends on what caused the disaster. If your computer
is infected with a virus that hasn't destroyed all data, there are
various methods that Elephant Boy Computers can use to recover the data
before reinstalling Windows. Please note that data recovery is
time-consuming and therefore not cheap. Even if we are able to recover
data, we cannot warrant that all of the data you need will be
recovered. We will do our best, which is a lot better than that Very
Big Computer Store will do for you (they will normally not attempt to
save your data, but simply reinstall Windows); however, we do not take
responsibility for your data. There's no sweet way to say this: you
should have made backups.
If the hard drive is
unbootable or too badly
corrupted and the data on it is important, then all is still not lost.
The data recovery wizards at DriveSavers
can
perform what certainly look like miracles. If you are an Elephant
Boy Computers
client and we are not able to help you, if you decide to use
DriveSavers you are eligible for a discount. Data recovery from a
company like DriveSavers is not inexpensive, but in our admittedly awed
opinion completely worth it if your data is vital. It is my
understanding that some insurance companies will now cover data
recovery expenses so check with yours.
Back to top
Home
Reinstalling Windows
Post-disaster - either because of hard drive failure or because of
viruses/malware that have damaged the operating system beyond repair -
you will be faced with the necessity to reinstall Windows. Whether we
do this or you do this, you will need:
1. A
CD/DVD of the Windows operating system and a Certificate of Authority
bearing the Product Key
- If you bought the computer from a system builder, the Product Key is
normally on a sticker on the side or back of the computer (it will be
on the bottom of a laptop). If you bought a retail copy, the
Certificate of Authority with Product Key was in the box, usually on a
brightly colored sticker marked "DO NOT LOSE THIS". We hope you didn't
lose it, because without the proper Key it is not possible to reinstall
Windows without buying a new copy. If you have proof of purchase, you
can contact Microsoft for a replacement copy; otherwise you will be
stuck buying one. For this reason, I strongly suggest that you do not
buy a computer at a yard sale or flea market. You won't have any
assurance about what you are getting, whether it will work, and whether
you have a legal copy of Windows. If you have an OEM ("Original
Equipment Manufacturer") computer such as one from HP, Sony, Compaq,
eMachines, etc. you may not have physical disks or you may have a
Recovery Disc.
Legally,
a system
builder who preinstalls a Windows operating system must give the
customer a way to return the computer to factory condition.
They can do this by providing:
A. A physical CD/DVD with the actual operating system on it. If an OEM
version (as opposed to retail), there must be a Product Key sticker on
the computer. If you have the Product Key sticker, a local computer
shop may be willing to install Windows for you since the product key is
your license, not the physical media. Elephant
Boy Computers adheres to this reinstallation policy.
B. A physical CD/DVD with an image of the operating system as installed
at the factory - sometimes known as Recovery or Restore Discs.
C. An image of the operating system on a special partition, sometimes
hidden, on the hard drive. When an OEM does this, they give you a
utility with which to make physical restore discs, usually only one
time. DO
THIS. DO IT NOW. Label the discs you make and put them somewhere safe
where you will find them again.
Refer to your computer manual for which method was used. You can start
the Factory Restore process on most OEM machines by pressing a Function
key (like F10) or a combination of keys (like Alt+F11) when the
computer starts up. The key(s) press varies from computer manufacturer
to computer manufacturer and sometimes even for different models made
by the same company. If you don't have a computer manual, you can find
out how to restore your computer to factory condition on the computer
manufacturer's website or call its tech support.
If
you
purchased a used computer from "a friend", yard sale, or unscrupulous
local computer shop and did not receive the Product Key, I'm afraid you
will have to buy a copy of Windows. The only other alternative is to
install a free operating system like one of the Linux distributions.
This is not as horrible as you might think. ;-)
2. Various
drivers
- All hardware inside your computer (or connected to the outside, like
a printer) including the motherboard (the large circuit board that
everything plugs into) has related software called a "driver" which
tells the operating system (Windows) how to use the hardware. For
example, Windows might recognize that you have a sound card plugged
into the motherboard, but if the proper drivers aren't installed
Windows won't know what to do with the sound card and you won't have
any sound. You should have received installation media for the drivers
when you bought your computer. If you didn't, Elephant
Boy Computers
can identify the hardware in your machine and in most cases find
drivers. This does take time, however. If you have an OEM machine, get
the drivers from the OEM's tech support website for your specific model
machine. Don't forget drivers for your peripherals such as printers,
scanners, wireless keyboards, etc.
3. CD/DVDs
(or installation executables backed up for programs you downloaded from
the Internet) for
whatever programs you would like to reinstall.
An operating system (Windows) does not come with word processors,
spreadsheets, etc. If you have Microsoft programs such as Works or
Office, be sure you have the necessary Certificate of Authority with
Product Key. OEM machines normally come with bundled preinstalled
software and you should have received a way to reinstall that software
- you might have separate CDs or it might be included on a Recovery
Disc.
4. Information
regarding how you connect to the Internet - your Internet
Service Provider (ISP), your settings, your user name and password. If
you don't know the settings, Elephant
Boy Computers can
get them, but only you know your user name and password. If you
have lost that information, you will need to call your ISP and get your
user name and a new password. Write them down! If you have a wireless
connection, write down the username and password that will let you get
into the router's configuration utility. Also write down what type of
encryption your wireless network uses and the encryption key or
passphrase.
5. Information
about other specialized software you use - reinstallation
media, serial numbers, etc.
Back to top
Home
Maintenance
I really don't suggest using a maintenance suite on Windows XP, and
certainly not on Vista or Windows 7. Registry cleaners cause more harm
than good.
Stay away from so-called "system optimizers". They are not necessary.
At best they will do nothing and at worst they can be malware and/or
trash your system. XP, Vista, and Windows 7 have far better built-in
maintenance tools than earlier Microsoft
operating systems did.
Run
Disk Cleanup once a week. Go to
Start>Run>cleanmgr [enter].
Run
Disk Defragmentor once a quarter in XP unless
you routinely work with very large files; in that case once a
month is better. Vista's Defragmentor runs in the background. XP is
usually installed using the NTFS file system which doesn't get as
fragmented as the FAT16 or FAT32 file systems of DOS, Win9x/ME. Vista
only uses NTFS. In XP, go to Programs>Accessories>System
Tools to
find the Defragmentor. Be sure no other programs are running in the
background, particularly antivirus programs or screensavers. Unlike in
Win9x/ME, it isn't necessary to defrag in Safe Mode in XP or Vista.
Vista and Windows 7 run Defragmentor in the background when the
computer is idle
so normally you don't need to manually run a defrag in these operating
systems.
Scan
for spyware with programs like Malwarebytes' Anti-Malware (MBAM) weekly.
While you certainly can pay for MBAM to get more options (like
automatic updating and real-time protection), it isn't necessary and
the free version removes malware just the same as the commercial
version does. Vista and Windows 7 have Windows Defender built in and
this is adequate
for most people although I like to have MBAM (free version that doesn't
run in the background) on Vista/Win7, too. There are links and more
information in the Viruses/Malware section.
Always
have a current version (not more than 2 years old) antivirus installed
and keep the definitions updated.
Weekly scans are fine, but the most important thing is to have an
active subscription so your virus definitions are up-to-date. McAfee
and Norton are garbage. I recommend NOD32 (commercial) or
Avast Free.
Do
not run unknown programs.
Only install programs you need and which come from a trusted source. Be
extremely cautious about opening email attachments; they are not safer
if they come from someone you know. Do not EVER
run a program that you received from an instant message and do not
click on links in an instant message. Be extremely cautious on websites
that are known vectors for infection such as Facebook and MySpace. Do
not do file-swapping. See the
section on Viruses/Malware for more
information.
Uninstall
unwanted programs
by using the Add/Remove Programs applet in Control Panel. Do not simply
delete the folders. Add/Remove Programs is called Programs and Features
in Vista and Windows 7.
Thou
Shalt Not Run Beta Software.
Beta software is still in the experimental stage. All the bugs have not
been found and fixed. Even if the program is tempting, it is better to
wait until the final version is available, unless you like Living On
The Edge. Or reinstalling Windows.
Back to top
Home
Basic Security
Hackers - What can you do to protect yourself against hackers? Hang
garlic braids on your computer. No, wait, wrong problem. Actually,
unless you have a high profile or have posted a message on a hacker
board saying, "Neener, neener, neener you can't catch me", you probably
won't be attacked. In Our Modern Times, it is far more likely that your
computer will
get infected by malware and turned into a zombie under the control of
The Bad Guys than you will get individually hacked. Malware has become
Big Business with millions of dollars and crime syndicates involved.
While there are still pimply-faced youths sitting at their computers in
Mom's basement trying sploits,
this is no longer the norm for malware
writers.
Do not connect a Windows computer to the
Internet without a firewall in place.
Protect
yourself by -
1. Turn off File/Printer sharing if you don't need it. Remember that
when you are on the Internet, you are connected to everyone else in the
world who is online at that moment.
2. Most people have a broadband Internet connection (DSL or cable) now.
Even if you only have one computer, it is a good idea to purchase a
router to sit between ytour computer and the cable/DSL modem.
3. Use a firewall. Windows XP Service Pack 2/3, Vista, and Windows 7
all have built-in
firewalls which are adequate for most people.
4.
Keep your operating system current with Service Packs and updates. Keep
important programs which are vectors for attack updated. Examples are
browsers (the software that lets you "see" the Internet), Adobe
Reader, Adobe Flash, and Java.
Spyware
- A good definition of spyware, taken from the excellent Wikipedia
is:
"In the field of computing, the term spyware refers to a broad category
of malicious software designed to intercept or take partial control of
a computer's operation without the informed consent of that machine's
owner or legitimate user. While the term taken literally suggests
software that surreptitiously monitors the user, it has come to refer
more broadly to software that subverts the computer's operation for the
benefit of a third party.
"In simpler terms, spyware is a type of program that watches what users
do with their computer and then sends that information over the
internet. Spyware can collect many different types of information about
a user. More benign programs can attempt to track what types of
websites a user visits and send this information to an advertisement
agency. More malicious versions can try to record what a user types to
try to intercept passwords or credit card numbers. Yet other versions
simply launch popup advertisements."
To see what, if any, spyware you have on your system, go through at
least some of the steps in the "Removing Malware"
section. Bear in mind that many ad-supported programs will not work if
you disable the spyware components. The choice is yours.
File-Swapping
(or File-Sharing)
- Another common security breach is the practice of peer-to-peer
("P2P")
file-swapping. Most people have heard of Napster, which
brought file-swapping into the mainstream
consciousness.
Basically, people could connect to a special network and swap files
with each other. Although Napster no longer exists in its earlier form,
there are many other popular file-swapping programs such as Lime Wire,
Bearshare, Ares, and the like. Music files in the
popular
mp3 format are the most commonly traded but any file can be swapped,
such as movies and pirated commercial software. Peer-to-peer
file-swapping is an extremely controversial issue.
I'm not going to address the morality of the practice, but you should
know that if you are file-swapping, your computer's security is
potentially
breached. File-swapping programs create a "Shared Folder" on your hard
drive where you put the files you wish to make available to
others. Windows 9x and ME are inherently insecure operating
systems. If you are still(!) using one of those operating systems and
you enable
file sharing of one folder, your entire hard drive is open to the
world. Windows XP can be made more secure, but it is still risky to do
file-swapping. While Vista and Windows 7 are more secure operating
systems, they are not bullet-proof. If you use your computer
for
business or have
important personal information on it, those files may be
compromised, along with all your passwords. Additionally, you take the
chance of downloading some sort of malware with your mp3's. Trojan
horses and viruses have frequently been found in P2P
programs. If you decide to participate in file-swapping, be
aware
of the risks. I tell clients that file-swapping is like being in bed
with 50,000 teenage boys. You are basically bringing a file
into
your computer and you have no idea whether the computer it came from is
clean (virus-free), whether the file-swapper you got it from is
malicious or not. The best thing, aside from refraining from
file-swapping, is to use a separate dedicated computer containing no
important data. A separate hard drive is not a good solution,
because it is vulnerable to infection from the main drive. Or do your
file-sharing from a computer running Linux.
There
are now many legitimate places to download music, such as iTunes,
Real's Rhapsody,
or Amazon's MP3 Download
Service.
I've written two informational articles about security and staying safe
on the Internet that I often give to clients. You can download them in
.pdf form by right-clicking on the links and choosing "Save Link As".
"Staying
Safe or How to Not Have This Happen Again"
"Too Much Security"
Back to top
Home
Viruses/Malware
All viruses, trojan horses, and worms are malicious pieces of code
(known collectively as "malware") which can damage your data. Viruses
are designed to spread themselves from one file to others in a single
computer. They can cause everything from lost data to inaccessible
files. In some cases, a virus can do permanent damage to the computer.
Worms are like viruses in that they also replicate themselves, but they
are designed to spread from computer to computer, infecting an entire
network. Trojan horses are aptly named - they are programs usually
disguised as something useful or desirable, but their true nature comes
with a hidden surprise. The Trojan might "phone home" all
your
passwords and/or financial information. It might enable the
Bad
Guy to control your PC and steal or damage your data, or even turn your
PC into a zombie to attack websites.
Before Internet use was as widespread as it is now, viruses were most
often passed from user to user by infected floppy disks. Now
the
most common way of malware transmission is by opening email
attachments, file-swapping, clicking on links from a malicious
source (either on a website or in an instant message), and downloading
"free" programs that are either supported by malware or not what they
seem.
Virus hoaxes are usually passed on as email messages, and are intended
to scare people about a non-existent threat. Users often
forward
these "alerts" to everyone they know, thinking they are doing a good
deed. However, virus hoaxes cause lost productivity, panic,
and
clog email servers. Hoaxes can be a serious threat to email
systems. If enough messages are sent, they can bring down a
server. There are many Internet sites devoted to
hoaxes.
Check at the Symantec
Antivirus Research Center or at one of
the other antivirus sites before you click that "Send" button.
All the security programs in the world won't help you if you don't
practice "Safe Hex".
Make
sure your antivirus program is a current version and the subscription
is active. Antivirus programs work by looking for known virus-like
activities/characteristics. The antivirus program "learns" about all
the new viruses by checking with the program's server for new virus
definitions. When it finds the new definitions, it will download them
and install them automatically so now instead of knowing about 215,000
viruses (for example) your antivirus program knows about 235,000. You
get the right to new definitions by subscribing. Running an antivirus
program with an expired subscription (and hence having outdated virus
definitions) is almost worse than having no antivirus at all because it
gives a false sense of security; you think you're protected when you're
really not. As I said in the "Maintenance"
section, I recommend NOD32
(commercial) or Avast
(free version available). I emphatically do not
recommend Norton, McAfee, or Panda. I also prefer not to use all-in-one
"security suites" but rather just the antivirus and the free version of
MBAM
(which doesn't run resident). Vista and Windows 7 have Windows Defender
built in, which is fine. I don't install Defender on XP machines. If
you really feel you must have a security suite, I have found Eset's Smart
Security to be excellent without being heavy on
system resources.
Back
to top
Home
Warning
to my fellow computer techs about Prism Pointe Technologies
Removing Malware
Some non-viral spyware can be as destructive to your ability to use
your computer the way you want to as a virus. We here at Elephant
Boy Computers are wizards at getting rid of malware, but
if you want to clean up your computer yourself here are some general
removal steps.
Please
understand that cleaning up malware can require a lot of patience and
skill.
We're seeing malware that does things like make itself into a
service on Windows XP/Vista computers, be guarded by another
piece
of the malware and respawn with a random name, break antimalware
applications, and lots more destructive behavior. Some malware installs
a rootkit (which is hidden) and these infected computers are
extremely difficult, if not impossible, to clean. If you look at the
instructions below and think, "Whoa - too hard!" then do yourself a
favor and take the machine to a professional computer repair shop (not
your local equivalent of BigComputerStore/GeekSquad). There is no shame
in doing this.
Please be aware that not all local shops are skilled at removing
malware and even if they are, your computer may be so infested that
Windows will need to be clean-installed. Have all your data backed up
before you take the machine into a shop. Of course, Elephant
Boy Computers
is available to do this for you but if you are out of our service area
(the UK for instance, although if you'll buy me a plane ticket I'll
come!) please be truthful with yourself about your ability to do the
work. I don't hesitate to take my car to the mechanic or call
the appliance guy if my washing machine is on the fritz.
I must stress that these are general removal steps. When I clean a
client's machine, I examine the files on the machine very carefully.
Because I have worked on Windows operating systems for many years, I am
able to distinguish between an operating system file and Something
Else. An end user cannot do this. I'm not dissing your Mad Skilz, but
frankly if you really have Mad Skilz I doubt you're reading this.
Another important thing to remember is that malware is constantly
morphing into different variants in an effort to foil removal efforts
by The Good Guys. The Good Guys fight back by being ever-vigilant,
working with the new malware variants in order to update the removal
tools, and sharing experiences among ourselves. Because of the
sometimes-daily malware morphing, a removal technique on this website
might not work for you. There is still hope. You can always have a
professional (like Elephant
Boy Computers!)
work on the machine, but there are other sources of malware removal
help. Other malware-specific tools exist that I do not cover here. See
the links to malware-fighting forums at the end of this section here, as
well as the more general "Getting Tech Support" area here.
Note:
The tools I suggest using for malware removal are free.
If you are getting popups saying that your computer is infected and you
can get it cleaned up for a price, this is not legitimate. This type of
malware is called a "rogue antispyware program" because it pretends to
be A Good Guy but is really Evil. Do not pay them! Rogues are extremely
common. You can look for removal steps for your particular malware here:
Bleeping Computer removal how-to's - http://www.bleepingcomputer.com/forums/forum55.html
or here - Malwarebytes' malware removal guides - http://tinyurl.com/5xrpft
Bleeping Computer has a page with removal steps for numerous variants
of rogues here - http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010
These may work for you and all may be well. However, in many cases the
computer will also be infected with trojans and
protected by a rootkit. As I said, these machines are extremely
difficult to clean.
If your machine is one of these cases, either get guided help at one of
the specialty forums listed here
OR back up your data and do a clean install of Windows. It is your
choice. If you are unsure how to back up your data or how to do a clean
install, you can take your machine to a local computer professional
like Elephant
Boy Computers (if you're in the Fresno-Clovis area). I
don't recommend using BigComputerStore/GeekSquad types of places.
If
you decide to back up your data yourself and do a clean install of
Windows, there are some suggestions as to what you will need on hand here.
A. Preliminary Preparation
1. Before
anything else, take the machine into Safe Mode.
To get to Safe Mode, repeatedly tap the F8 key as your computer is
starting up. This will get you to the correct menu where you can choose
"Safe Mode". Use your Arrow keys to navigate; the mouse will not work
here. After you've cleaned up your computer, simply allow the machine
to boot normally and it will go into Regular Mode.
Since you will be scanning in Safe Mode with no Internet access, this
means that you should get any tools and updates from a different,
known-clean computer which has Internet access. Either use that
computer's CD/DVD-RW drive to burn the files you get onto a CD-R or
transfer the files using a USB thumbdrive with enough capacity to do
the job. If you don't have another computer, then get what you need
from a friend's computer or take the machine to a professional. If
absolutely pressed, you can go into Safe Mode With Networking. This
will give you Internet access but some malware can be active even in
Safe Mode and/or has already done the damage to prevent you from
getting to the malware-fighting websites.
I do not suggest using online virus scanners because viruses and
malware will be active in Regular Mode and while the machine is on the
Internet. A computer infected with one of the many trojans that spews
spam and/or virus-laden emails or malware that downloads even more bad
stuff to the infested machine has no business being on the Internet.
Note:
There are a few exceptions to this. If you scan with Multi-AV
as suggested below, you will need to start out by updating its modules
in Regular Mode. In addition, the Malwarebytes people and other malware
removal experts suggest that the first scan with MBAM
be the Quick Scan done in Regular Mode. For myself, I usually go into
Safe Mode With Networking first and if that works I install/update MBAM
and do a full scan with it from there. Depending on the results, I will
do another full
scan with MBAM in Regular
Mode. I say "depending on the results" because after my first scan I
have a pretty good idea if the malware can be successfully removed or
if I need to back up data and do a clean install/factory restore of
Windows.
2. Disconnect
any suspect computers from all networks.
This means disconnecting from the Internet and your Local Area Network
(LAN) if you have one. If you have multiple computers on a network and
one computer was infected with a network-aware worm, you will need to
clean all computers on that network before connecting the LAN again. If
you connect your nice, clean computer to a LAN with infected machines,
it will just get infected all over again. Trust me on this. Yes, this
is a lot of work but if you try and cut corners you'll wind up spending
even more time on the job.
3. Make
sure you are able to see all hidden files and extensions
(View tab in Folder Options). In XP, Vista, and Windows 7 there are
four
checkboxes to deal with:
a. Check "Display the contents of system folders".
b. Check "Show hidden files and folders".
c. Uncheck "Hide extensions for known file types".
d. Uncheck "Hide protected operating system files" and click "OK" to
the dialog box.
4. Delete
all Temporary and Temporary Internet Files, uninstall older versions of
Java (removing all Java files/folders).
a. For Internet Explorer's Temporary Files, go to Control
Panel>Internet Options>General tab. You'll see where you
can
delete cookies and files.
b. For Firefox, clear its cache by going to
Tools>Options>Privacy>Cache> Clear.
c. For Windows Temporary files, run the Disk Cleanup. In XP
you can find the shortcut for Disk Cleanup in your Start Menu
under Programs>Accessories>System Tools>Disk
Cleanup. In Vista and Windows 7, just type "Disk Cleanup" without the
quotes into the Start Orb>Search box.
d. To clear Sun Java's cache, Start>Settings>Control
Panel>Java applet>Cache>Clear or follow the same
path to the
Java applet and then to General>Settings>Delete files.
You should
also make sure that you have the latest version of Java. Uninstall all
older versions and get the latest version from the Java website here: http://www.java.com/en/download/index.jsp
A very good utility for cleaning
things out is CCleaner.
CCleaner is a powerful tool and I strongly urge you not to use the more
advanced tools unless you totally know what you're doing. I never use
the registry cleaner portion of this utility and I do
know what I'm doing! If you don't know how to work in the registry by
hand, you shouldn't be playing in there.
5. Uninstall
any known malware from Add/Remove Programs (XP) or Programs and
Features (Vista, Win7) if there is an entry for it.
This usually will do no good (the Bad Guys commonly lie about the
effectiveness of their uninstaller), but nevertheless you can try it. A
lot of malware will attempt to open your browser during the "uninstall"
process - often to download more garbage - but since you are in Safe
Mode and can't connect to the Internet, just close out of the browser
and move onto the rest of the cleanup.
B. Scanning for viruses
1. You should have a full-featured current version antivirus installed
using updated definitions. If you do not have
a full-featured antivirus installed or you let your subscription lapse,
there is a high probability that your computer is infected. In that
case, do not try and install an antivirus until you have
run either
TrendMicro's Sysclean (instructions below) or
David Lipman's Multi_AV (see details here).
2. After you have done the initial scanning with one of these
first-line tools, get and install a full-featured antivirus. Update its
definitions and do a thorough scan in Safe Mode. Again, you should get
all applications and updates from a different, known-clean computer
because you should still be working in Safe Mode, not online or
connected to a LAN. If you are in doubt about how infected the computer
still is, wait to do this until after you've run scans using MBAM
and/or SuperAntiSpyware
(see below).
C.
Scanning for non-viral malware
1. Install and update Malwarebytes'
Anti-Malware (MBAM). As mentioned in the Note
above, start by updating it and doing the Quick Scan in Regular Mode.
There is a free version of MBAM and although you can purchase it later
if you like it and
want to support its creators, it is not necessary to buy it in order to
use it.
1a. You
can also check to see if there are targeted removal steps for your
malware here:
Bleeping Computer removal how-to's - http://www.bleepingcomputer.com/forums/forum55.html
or here: Malwarebytes' malware removal guides - http://tinyurl.com/5xrpft
2. Install
and update Super AntiSpyware
("SAS")
Sometimes MBAM won't install/run well on a machine or I feel scanning
with another tool would be A Good Thing. In those cases I use the free
version of SAS. I don't normally leave SAS installed on clients'
machines but if you want to keep it, configure its options so it
doesn't run resident. In the past, I've used Spybot
Search & Destroy but I don't normally use it any
more. Certainly you can try it, but Spybot S&D has an Immunize
and TeaTimer feature that I
find
causes more trouble than it's worth for end users. If you decide to use
Spybot S&D anyway, don't enable the Immunization or
TeaTimer functions. I haven't used Lavasoft's Ad-aware for a long time
and no longer recommend it.
3. If
the malware remains even after you've done all this, it is time to get
guided help. Choose one of the specialty forums listed here
(in
no particular order). Register and read its posting FAQ. According to
the excellent advice given by Corrine, MVP and Security/Malware Removal
expert:
"Recently, many of the security help forums have begun moving away from
HijackThis (HJT) as an initial tool, finding it useful only for a
general idea of possible issues. Malware today is often not
visible in a HJT log. In addition, preliminary cleaning often
results in the issue not being visible in a HJT log.
"As a result, it is suggested that anyone seeking additional assistance
pay particular attention to the preliminary requirements of the site
where they are obtaining help. It is particularly useful to
the analyst if a clear and concise explanation of the nature of the
problem is provided along with all requested logs.
"The help sites are very busy. As a result, it may be a few
days before a response is received. It is advisable that you
track your topic so you will know when an analyst has
replied. Because many of the sites track new help requests by
zero (0) responses, it is not recommended that you "bump" your
post. Most sites have a place to post if you think your
problem has been overlooked.
"It is important to note that many of the tools used at the security
help forums are extremely powerful. If used incorrectly can
turn your expensive computer into a large paperweight. For that reason,
it is advisable that you seek help at an established, recognized site
with trained analysts and not attempt to use specialized tools or fixes
without proper guidance."
D. Recap
of what you will need to have on-hand before you start the cleanup
process
1. LSPFix or WinSockFix for XP -
see links - in case
the malware removal breaks your Internet connectivity. If you have XP
SP2/SP3, you don't need either program since you can repair the
connection
from the commandline:
Start>Run>cmd [enter]
netsh
winsock reset catalog [enter]
1a. To repair or reset
Winsock in Vista/Win7:
a. Start Orb>Search box>type: cmd.exe.
b. When cmd.exe appears in the Results above, right-click it and choose
"Run as administrator". Supply authentication in answer to UAC prompts
and you'll get the command prompt box. At the command prompt,
type:
netsh winsock reset [enter]
When the command is completed successfully, a confirmation
appears followed by a new command prompt. Type:
exit [enter]
2.
Sysclean or Multi-AV
3. Full-featured antivirus with updates downloaded separately for
manual update
4. MBAM
5. SuperAntiSpyware
6. Tools
required by the specialized guided help site if you choose to use one
7. Possibly Process
Explorer and Killbox.
The free Autoruns
program is excellent to have, too.
E. After
the machine is clean
1. If
you are running Windows ME (is anyone still doing this?!!) or XP,
Vista, or Windows 7 you should disable/enable System Restore after the
system is
clean
because malware will be in the Restore Points. With ME, you must
disable System Restore completely. With the others, you can delete
all but the
most recent System Restore point from the More Options section of Disk
Cleanup so make a nice new clean Restore Point and
delete all the others.
2. Make
sure you've visited Windows/Microsoft Update and applied all security
patches.
Do not install driver updates from Windows/Microsoft Update.
3. Run
a firewall.
The Windows Firewall built into XP, Vista, and Windows 7 is fine for
most people. Third-party firewalls usually cause more problems than
they are worth.
4. Practice
"Safe Hex"! See
these sites for information on not getting
infested again.
http://www.getsafeonline.org/
http://www.getnetwise.org/
http://www.wilderssecurity.com/showthread.php?t=27971
- So How Did I Get Infected Anyway?
http://www.claymania.com/safe-hex.html
http://www.aumha.org/a/parasite.htm
- The Parasite Fight
http://www.microsoft.com/protect/default.aspx
- Microsoft Online Safety
I've written two informational articles about security and staying safe
on the Internet that I often give to clients. You can download them in
.pdf form by right-clicking on the links and choosing "Save Link As".
"Staying
Safe or How to Not Have This Happen Again"
"Too Much Security"
F.
Additional notes
Malware writers have gotten even more clever and their evil products
more complex. Other steps I normally take with more complex malware are:
1. See if the malware is running as a service and if so, stop and
disable it. To examine services in XP:
Start>Run>services.msc [enter]
To do the same in Vista/Win7, Start Orb>Search box>type:
services.
When Services appears in the Results above, right-click it and choose
"Run as administrator". Respond to the UAC prompts as required.
2. Use a combination of HijackThis, Systernals' free Process
Explorer, and Killbox
to stop any malware that has put hooks into explorer.exe (the Windows
shell). I also use the advanced HijackThis tools and the
excellent Autoruns
program from Systernals. Once
again, advanced tools (like HijackThis and others) are not to be used
lightly. If you are at this point, I strongly urge you to use one of
the guided help sites and not to Try This At Home.
3. Manual examination and deletion of bad files.
4. Many
variants of malware will create a proxy server to prevent you from
getting to the Internet and help sites freely. Check in Control
Panel>Internet Options>Connections tab>LAN button. Unless you
know for sure that you use a proxy server, clear any checkmarks in the
boxes relating to proxy servers.
5. Various other magical procedures, burnt sacrifices, and rituals. And
no, I'm not going to tell you what they are.
Important
-
Again (and yes, I'm repeating myself because this is Important), if the infestation requires the use of HijackThis and/or any
other advanced tools, you must know what you are doing. Unless you have
a high level of computer skills with an emphasis on removing malware
(and if you do you probably aren't reading this!), if you are at the
point of needing to run HijackThis you should post your log to one of
the specialty forums listed below and let the experts there help you -
OR take your machine to a professional. You Have Been Warned.
G. Links to help with malware
Software/Methods:
http://www.malwarebytes.org/index.php
- MalwareBytes
http://www.superantispyware.com/
- SuperAntiSpyware
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
- HijackThis
http://www.cexx.org/lspfix.htm - Repair Winsock 2 settings
after removing spyware
http://www.spychecker.com/program/winsockxpfix.html - WinsockXPFix.exe
Bleeping
Computer removal how-to's - http://www.bleepingcomputer.com/forums/forum55.html
Speciality
Sites for Guided Help:
There are many malware removal
forums. Here are just a few where you can find MS MVPs and other
trained analysts.
ASAP
Member Forums Providing Log Analysis:
Atribune.org
MalwareBytes
SpywareInfo Forum
TechMonkeys
WhatTheTech
Non-ASAP Member Forums Providing Log Analysis:
Aumha.org
BleepingComputer
DSL Reports
Geeks To Go
Safer-Networking
Back to Removing Malware
Back
to top
Home
TrendMicro's
Sysclean
TrendMicro's
Sysclean
is an extensive antivirus tool which has the advantage of not needing
to be installed. It requires two parts - the scanning engine and the
virus pattern files. Delete all Temporary and Temporary Internet Files
before running the program.
1. Create a new folder
on your Desktop or the C: drive named something useful like "Sysclean".
2. Go here and
download the two parts of the program to that folder:
http://www.trendmicro.com/download/dcs.asp
- Sysclean
http://www.trendmicro.com/download/pattern.asp
- virus pattern files
The pattern files will
be zipped - extract them with your unzipper (like WinZip) or if you
have XP, you can just open the folder. You need to put the extracted
files in the Sysclean folder you made. For a more automated way to get
Sysclean, use Dave Lipman's Sysclean_FE from
http://www.ik-cs.com/got-a-virus.htm .
3. Restart your
computer in Safe Mode. Get into Safe Mode by repeatedly tapping the F8
key as the computer is starting up to get to the proper menu.
4. Go to the Sysclean
folder you made and double-click on sysclean.com. Start the scan. After
the scan is finished, look at the log. You may need to make a note of
where any viruses were found if they were not able to be removed so you
can manually delete them.
David Lipman's Multi-AV
If you are
using Vista or Windows 7, you must
run elevated. The download link is here:
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
and some additional instructions are here:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
To use this utility, perform the following in Regular Mode:
Execute: Multi_AV.exe
(Note: You must use the default folder C:\AV-CLS)
Choose: Unzip
Choose: Close
Execute: C:\AV-CLS\StartMenu.BAT (or double-click on "Start
Menu" in C:\AV-CLS)
This will bring up the initial menu* of choices and should be
executed in Regular Mode first. This way all the components can be
downloaded from each respective AV vendor’s web site. The menu choices
are Sophos, Trend, Kaspersky, McAfee. Exit the menu and reboot the PC.
*When the menu is displayed hitting ‘H’ or ‘h’ will bring up a PDF help
file.
The package includes three additional DOS BAT files:
C:\AV-CLS\DOSCLEAN.BAT; C:\AV-CLS\KAVCLEAN.BAT; and
C:\AV-CLS\SOFCLEAN.BAT. They are for use on a Win9x/ME PC or on a
Win2K/WinXP PC that is using FAT32 after you have booted from an
Emergency Boot Disk (EBD) or DOS disk and have already executed
C:\AV-CLS\StartMenu.BAT and selected McAfee and or Sophos from the
menu. These batch files will execute their respective DOS CLS. If
needed, DOS disk boot images can be obtained from http://www.bootdisk.com/bootdisk.htm
If you are on a NT4, Win2K, WinXP or Win2003 Server that is using NTFS
partitions, you can obtain a free, personal copy of NTFS4DOS and create
a NTFS compliant DOS boot disk from http://www.datapol-technologies.com/dpe/freeware/index.html
After you boot from the DOS Boot Disk you would execute;
C:\AV-CLS\DOSCLEAN.BAT -- for the McAfee DOS Command Line Scanner
C:\AV-CLS\SOFCLEAN.BAT -- For the Sophos DOS Command Line Scanner
C:\AV-CLS\KAVCLEAN.BAT -- For the Kaspersky DOS Command Line Scanner
You can choose to go to each menu item and just download the needed
files or you can download the files and perform a scan in Normal Mode.
Once you have downloaded the files needed for each scanner you want to
use, you should reboot the PC into Safe Mode (F8 key during boot) and
re-run the menu again and choose which scanner you want to run in Safe
Mode. In each scanning module you will be prompted if you want to scan
at that moment or not; if you choose to perform a scan, the McAfee and
Sophos modules will prompt you if you want to scan a specific folder or
location. The Trend Sysclean module uses the Sysclean GUI which also
provides the ability to scan a selected folder or location. So with
this utility one has the ability to scan in Normal Mode, Safe Mode, a
selected folder or location and to scan FAT32 and NTFS partitions after
booting from a DOS Boot Disk. The application and usage will depend
upon the needs to disinfect the system. To improve the efficacy of the
scanning process, it is suggested that you also read the following
information:
"How to perform a clean boot in Windows XP" - http://support.microsoft.com/kb/310353
To start the use of the Multi AV scanning front end:
Execute: C:\AV-CLS\StartMenu.BAT (or Double-click on 'Start Menu' in
C:\AV-CLS)
NOTE: You may have to disable your software firewall or allow WGET.EXE
to go through your firewall to allow it to download the needed AV
vendor-related files.
Each Command Line Scanner (CLS) will create a log of what has been done.
Sophos - The files for the Sophos CLS are located in C:\AV-CLS\Sophos
and the log file is called C:\AV-CLS\Sophos\ScanReport.TXT. At the end
of the scan, it will be displayed in in your text editor, NOTEPAD.EXE.
Kaspersky - The files for the Kaspersky CLS are located in
C:\AV-CLS\KAV and the log file is called C:\AV-CLS\KAV\ScanReport.TXT.
At the end of the scan, it will be displayed in in your text editor,
NOTEPAD.EXE.
Trend - The files for the Trend Sysclean CLS are located in
C:\AV-CLS\Trend and the log file is called
C:\AV-CLS\Trend\Sysclean.log. At the end of the scan, and when you
close Sysclean, it will be displayed in in your text editor,
NOTEPAD.EXE.
McAfee - The files for the McAfee CLS are located in C:\AV-CLS\McAfee
and the log file is called C:\AV-CLS\McAfee\ScanReport.HTML. At the end
of the scan, it will be displayed in your browser (Opera, FireFox or
Internet Explorer).
It is suggested that you move each repective report out of the vendor’s
folder (C:\AV-CLS\<AV vendor>) or save a new copy of the
report before performing another scan. It would be good practice to
scan in both Safe Mode and in Normal Mode and to save a copy of the
report representing each session for comparison of the results.
Process Killer - Included in the C:\AV-CLS folder is a file called
killproc.txt which is used to shutdown or kill running processes prior
to scanning the platform. There are two processes already in the text
file. Iexplore.exe (Internet Explorer) and firefox.exe (FireFox).
The objective would be to add any more names in the text file, making
sure the last line is a blank line. For example if the following files
needed to be shutdown - mszx23.exe , w32tm.exe , Tibs3.exe and
rundll32.exe
They would be appended to the list in killproc.txt - again, make sure
that the last line of the text file is a blank line. Then prior to
scanning the platform, all of the processes listed in the text file
will be shutdown (killed).
Further notes:
1. If a hosts file is found by this utility, it will be
renamed from "hosts" to "hosts.bak" since malware has a tendency to
modify the hosts file to block access to antivirus vendor web
sites and thus possibly blocking the ability to download the needed
Sophos, Trend Micro or McAfee files.
2. The directory C:\AV-CLS is hard coded and should not be changed.
3. Due to the fact that malware corrupts AUTOEXEC.NT and CONFIG.NT,
these files will be renamed to have the .BAK extension and the OS
default files restored. This will help to make sure that other software
will run correctly and without errors when using those files.
4. You may have to disable your software firewall or allow WGET.EXE to
go through your firewall to allow it to download the needed AV vendor
related files.
5. On Win9x/ME platforms a backup of WIN.INI and SYSTEM.INI will be
made (with the BAK extension) and both will be examined such that the
SYSTEM.INI SHELL= statement is set to shell=explorer.exe and the
WIN.INI LOAD= and RUN= statements are set to null. If the SHELL= line
is other than shell=explorer.exe, it will be set to shell=explorer.exe
and if the LOAD= and/or RUN= lines are not set to null then they will
be set to null since these are vectors for loading malware.
6. If you run the McAfee CLS from a DOS boot disk or from a DOS boot
disk with NTFS4DOS, the HTML log file will be truncated to conform to
the DOS 8.3 naming convention and the resultant file will be called;
C:\AV-CLS\McAfee\ScanRepo.HTM.
7. If you run the Sophos CLS from a DOS boot disk or from a DOS boot
disk with NTFS4DOS, the log file will conform to the DOS 8.3 naming
convention and the log file will be called
C:\AV-CLS\Sophos\AVReport.txt.
8. If you run the Kaspersky CLS from a DOS boot disk or from a
DOS boot disk with NTFS4DOS, the log file will conform to the DOS 8.3
naming convention and the log file will be called
C:\AV-CLS\KAV\AVReport.txt.
9. Continued use of the respective AV scanners will keep them
current since they will download the most recent signature and engine
files for you.
Back
to Removing Malware
Back
to top
Home
Getting Tech Support
Naturally if you are in Fresno, Clovis or the surrounding environs Elephant
Boy Computers
would love your business. However, you should know that there are many
resources for computer self-help. Here are a few suggestions:
A.
Microsoft's website
Microsoft has a tremendous amount of information and resources to help
you with your operating system and Microsoft programs. Your first stop
there should be the company's homepage - http://www.microsoft.com/
- where you will find links to more specific areas of interest. Each
product line has its own website, with downloads, tutorials, tips and
links to help. It is well worth spending time on Microsoft's site to
see what they have to offer. I think you will be amazed at the vast
extent of this resource.
B.
Microsoft support
Each Microsoft product website has links to webpages offering different
support options. For instance, here is the main jumping off point for
Windows support - http://www.microsoft.com/windows/support/default.mspx
Free Microsoft tech support is also available for problems related
to Windows Update.
Start a free Windows Update support incident request - https://support.microsoft.com/oas/default.aspx?gprid=6527
Support for Windows Update - http://support.microsoft.com/gp/wusupport
For
home users, no-charge support is available by calling 1-866-PCSAFETY
(and/or 1-866-234-6020 and/or 1-800-936-5700) in the United States and
in Canada or by contacting your local Microsoft subsidiary.
There
is no-charge for support calls that are associated with security
updates. When you call, clearly state that your problem is
related to a Security Update and cite the update's KB number (e.g.,
KB977165). (Thanks to MVP PA Bear for this information.)
If you are not in the United States or Canada, there are local support
contact numbers here: http://support.microsoft.com/common/international.aspx
Also some Microsoft products like Windows and Office come with a set
number of free support incidents and of course, you can always pay for
Microsoft support if you need it.
C. Web Forums
There are
a ton of useful forums on the Internet. Microsoft has its own forums:
Microsoft Answers - aimed at general consumers (end users) - http://answers.microsoft.com/en-us/default.aspx
TechNet forums - aimed at IT professionals - http://social.technet.microsoft.com/Forums/en/categories/
MSDN forums - aimed at developers - http://social.msdn.microsoft.com/Forums/en-US/categories
Windows Live Solution Center - for questions regarding all the Live
programs - http://windowslivehelp.com/
Microsoft Social forums - links to forums for questions about Microsoft
Genuine Advantage, Academic, Home Server, etc.
http://social.microsoft.com/Forums/en-US/categories
The Green Button - Official Windows Media Center Community - http://thegreenbutton.com/forums/default.aspx
There are also non-Microsoft forums which are excellent. Here are a few
of them:
http://forum.aumha.org/index.php
http://computerhaven.info/
http://www.vistax64.com/
(for Vista)
http://www.sevenforums.com/
(for Windows 7)
Just
as you
would do in RealLife(tm), be cautious about accepting the kindness of
strangers. In other words, if someone tells you to wipe your hard drive
you want to have an idea of his/her competence! When you are using a
non-Microsoft forum, it is a good idea to look for an "About Us" link
and then use common sense and good judgment to determine if this is a
venue you should trust.
How
to Write a Post:
The
key to
getting good focused help is providing enough information about your
computer and its problems so people who can't see your machine can
assist you. Here are some suggestions about writing a good post:
A. Give details about the
computer and the problem(s):
1. What version of Windows you are using, including the Service Pack
level. Example: Vista Home Premium, Service Pack 2.
2. Information about your computer:
a. Approximate age
b. If an OEM (HP, Dell, etc.) what make/model
c. Desktop or laptop
d. Amount of memory (RAM)
e. Standalone or home networked machine or member of a domain (at work)
3. Recent history of the machine, including the virus/malware status.
4. If you think the machine was virus/malware-free, what programs (and
versions) did you use to determine this? If it is not immediately
apparent which version of a program you have, usually
clicking on
Help>About in the program will tell you this.
5. If this is an Internet issue:
a. How you connect to the Internet (dialup/broadband, ISP)
b. Network setup (direct to cable/dsl modem, router - make/model of
router)
c. What browser you are using (such as IE7)
d. If a download issue, to where you are downloading the files (such as
the Downloads folder in your user directory)
6. If you get an error message, the exact text of same and what you are
doing when you get the error message.
7. If a problem with a particular program, the name and version of the
program.
8. The answer to The First Question Of Troubleshooting: what changed
between the time things worked and the time they didn't?
9. What you have already tried and the results.
B. Writing tips
- Remember that you don't need to write deathless prose, but you do
need to communicate the problem clearly.
1. Use complete sentences with punctuation and paragraph breaks. Long
unpunctuated posts with "stream-of-consciousness" writing are difficult
to read and most people won't bother.
2. Numbered or bulleted points are a good way to organize the
information.
3. Don't type in all capital letters. This is considered
to be shouting and rude. It also makes your post difficult to read.
Everyone
understands how frustrating computers can be but alienating the very
people trying to help you (for free!) is counter-productive.
C. Posting -
Now that you've got your post written with all the pertinent
details, there are a few more things you want to know:
1. Multiposting - It
is
not Good Form to make numerous separate posts about the same issue. It
just makes more work for the people trying to help you and will
irritate them. You don't want to annoy the people who can help you,
right? Pick the forum you think is best suited to your question and
make one
post there. Even if you think your question might pertain to more than
one forum, start out by posting in only one place. Then if you don't
get answers within a reasonable amount of time (at least
24 hours), you can try a different forum. Mention that you are going to
do this in your original thread and give a link to the new one.
Remember that even on the Microsoft forums most of the people don't
work for the company and are volunteers.
See Item #3 below.
2. Thread Hijacking
- Don't
stick your post in someone else's thread. This is called "hijacking"
and posts like that are often ignored. Make a new post even if you
think your issue is similar. Personally, when I see a post starting
with "I have the same..." or "Me, too..." I stop reading right there.
There is a good chance that your issue is not
exactly the same as the Original Poster's and shoving your stuff into a
lengthy thread makes it difficult to help anyone.
3. Patience Is
A Virtue -
Don't make a new post about the same subject only a few minutes or
hours apart. Wait at least 24 hours before doing this. Other people who
participate in forums live all over the world in different time
zones. The person who might have your answer could be sleeping or busy
with his/her Real Life. Before you make a second post, review your
first post one more time to make sure the fact that no one is answering
isn't Your Fault. ;-) And sometimes you just have to accept that no one
knows the answer to your question and you'll have to try other avenues
of tech support (and probably need to pay for them).
D. And
of course there is the Great And Marvelous Google.
E. Local tech support
- Sometimes you just can't get free tech support. Maybe no one in a
forum has the answer to your problem, or perhaps you feel uncomfortable
following the advice you get. That's OK - there is no shame in
admitting that computer repair isn't your cup of tea. Computers are
powerful and complicated machines and we all have our areas of
expertise. I don't hesitate to take my car to the mechanic or call an
electrician when I need one. Luckily for you, there are lots
of skilled professionals like me waiting to help you! If
you're in
the Fresno/Clovis area, Elephant
Boy Computers
is here for you*. If you're Somewhere Else, ask your family, friends,
and/or colleagues for recommendations. I feel this is the best way to
find someone good. Otherwise check your local Yellow Pages/telephone
listings. You should try and stay away from BigBoxComputerStores and
GeekSquad type of places. Those stores are far more interested in
selling you stuff than they are in helping you with your individual
needs. If at all possible, have your data backed up to external media
before you take your computer into a shop. If you don't know how, make
sure that the professional you choose understands that s/he needs to do
this for you. A mark of a good repair person is that s/he cares about
preserving your data as well as solving your computer problems.
*This is covered in the EBC FAQ
- I often get phone calls from people who are not local and who want me
to give them free tech support over the phone. As far as I'm concerned,
this is Right Out and is equivalent to me calling up some car mechanic
in Texas and saying, "My car is making a funny noise". Yesterday some
woman left a 5-minute message on my answering machine detailing her
computer woes. She was somewhere in Kentucky. I am usually a nice
person but I do computer tech support and repair for a living
and I didn't call her back. So when you need to call a professional,
call someone local
and establish a relationship with them. You will be glad you did.
Back
to top
Home
EBC Reports
Extras Links