Boot into “Live CDs”

While Linux can be scary for most users, there is a simple way to get into it. It is the Live CD.

A Live CD is a CD that the computer loads or boots on. It does not modify your hard drive or computer in any way. So you can boot into Linux, another copy of Windows, or another operating system.

Helix for Forensics

Live CDs can be a great forensics tool. One of my favorites is Helix, based off of the Knoppix Linux distribution. Helix can read your Windows NTFS-formatted hard drive, allowing you to transfer files if you can’t boot into Windows. Helix also includes ClamAV and F-Prot virus scanners and tools to recover deleted files.

Ubuntu for trying Linux

Ubuntu also has a Linux Live CD, which is great for people who are just considering using Ubuntu but don’t want to install it yet. Ubuntu Linux is a free operating system that will be faster than Windows. It is currently the most popular distribution of Linux for desktop use and in many ways it is easier to use than Windows.

Ubuntu also includes Memtest86+ which thoroughly tests all your RAM, great for determining if your computer problems are caused by faulty memory.

Ultimate Boot CD

Unlike Helix and Ubuntu above that use Linux, the Ultimate Boot CD boots into Windows from the CD. Like Helix, it includes diagnostic, repair, and recovery tools. Unfortunately, the Ultimate Boot CD (UBCD) is not a simple iso file that you burn to disk. Because it uses Windows, you must provide a copy of Windows during the build process of the UBCD.

Try a Live CD

There are many other bootable CDs out there, as shown on this Live CD list. Most just require you to burn an iso (CD image file) to a disk. Make sure that your computer is set in the BIOS (which you access by clicking setup during the starting boot) to use the CD as the first boot device. Then you can try out these diagnostic tools and other operating systems.

Russian Gang Hijacking PCs

This NY Times article talks about how a gang in a Russian town is using Microsoft administrative tools to infect private and government computers. A few excerpts:

The gang was identified publicly in May by Joe Stewart, director of malware research at SecureWorks, a computer security firm in Atlanta. Mr. Stewart, who has determined that the gang is based in Russia, was able to locate a central program controlling as many as 100,000 infected computers across the Internet.

The system infects PCs with a program known as Coreflood that records keystrokes and steals other information.

“The great thing about this system is that from one computer it is possible to push out updates to all machines in a corporate network at once,” Mr. Stewart said. “This is a useful tool that Microsoft has provided. However, the bad guys said, ‘We’ll just use it to roll out our Trojan to every machine in the network.’ ”

The gang then uses the passwords to access your bank account and transfer out money. Scary stuff.

This only affects Microsoft operating systems, so Macs are safe. In order to protect PCs, I suggest using:

  • hardware firewall (included in routers)
  • Windows Vista or XP with Service Pack 3 (latest)
  • Anti-virus software such as AVG Free or Avast.

If you get infected by something like this Coreflood virus, you should do a complete re-install of your system.

Operating System re-installs installs for virus ridden computers

Infections Beyond Repair

Most people say that once a machine is infected with a virus, there is no practical way to know for sure if it is ever truly safe. You could take out the drive, attach it to a Linux machine for scans, and run all the latest tools. But this doesn’t guarantee success.

Think of it as an arms race between the virus writers and the anti-virus writers. Many viruses re-write parts of the Windows operating system. They are written specifically to sneak past popular anti-virus software, namely Norton and McAfee.

The solution, especially for machines with nasty viruses, is a clean install of the operating system. This can’t be done from within Windows. The important data should be backed up and the drive should be formatted and a clean install should be performed.

Before the old data is put back on the computer, it too should be scanned. Even documents can contain little programs (Macros) that could contain viruses.

Client Story

A recent client in Virginia had a computer that was badly infected. After the computer booted up, supposed anti-virus software popped up indicating that there were viruses. This was certainly true, but the anti-virus software was bogus. It just asked for his credit card info to fix the problems. If he had provided his credit card, I am sure that the virus would not have been removed. He would have probably just gotten many unauthorized charges.

His computer was no longer his. He had no administrator privileges. He had no “My Computer”, no CD drive, and no task manager. His system tray in the bottom right corner only had the words “VIRUS ALERT!”.

Without much hope, I initially tried Windows is Avast! 4 Home Edition.  One feature that Avast has over the previously mentioned AVG is the ability to scan Windows before booting into Windows machines.

Unfortunately, much of the operating system had been modified, so Avast could not fix it. I removed the drive, placed it in a Linux machine, backed up and scanned the important files, and then ran Darik’s Boot and Nuke to wipe the drive.

The desktop was an HP that did not come with a restore disk, so we had to purchase another copy of Windows to install.

I told the customer how many viruses use social engineering to work. Messages appear in an email or browser pop-up window and they appear legitimate so users click on them. He asked me how to tell the real pop-ups for the fake ones. Without computer experience, it is very difficult to know.

Windows Vista has made this worse. By constantly asking people to approve even small tasks, it conditions people to just click “Okay” for everything.

His computer now is up and running again. It is behind a router with a firewall and has the Firefox web browser and Avast anti-virus.  Hopefully that will keep him safe from viruses and malware. At least he can rest assured that his machine is not currently hi-jacked after a clean operating system install.

Anti-virus Software

If you are running Windows, you should have anti-virus software. One of the best is free for personal use. It is:
AVG Anti-virus Free Edition

It includes free anti-virus updates and does a great job of finding and stopping viruses.

The only downside to AVG is that every year or so AVG comes out with an update that requires a fresh install of the new version. And on the website, you need to look for the free version. AVG does push their paid version.

When installing, you don’t need to install their browser plug-in which can needlessly slow things down. Instead, for safety, you should use Firefox when browsing the Internet.

Compared to standard anti-virus software from Norton and McAfee, AVG does both a better job finding viruses and is less resource hungry in my opinion. Often I will find a system that is completely bogged down, not by viruses but by Norton’s rediculously large Internet Security Suite of software.