http://strom.com/awards/384.html
I have become Mr. Clean, helping my friends and neighbors rid
themselves of spyware and other oddities running unintentionally
on their systems. I guess everybody needs a hobby, and mine is reformatting
hard drives and making a machine usable once again. I thought I would share the
steps that I take to get a system back to a somewhat virginal state.
The signs that your PC is out of your control are simple: a new
splash screen or application that can't be removed by Window's Add/Remove
program routine, or if you try to remove this software and it keeps returning
after a reboot. Or a sluggish boot time, or new toolbars that appear at the top
or bottom of the screen or inside Internet Explorer. In a few cases, I couldn't
even bring up the Add/Remove dialog box, so far gone were these machines.
There are more talented people than I
who can clean these machines up without having to revert to a major lobotomy,
i.e., reformatting the drive completely. (See Michael Horowitz' page on spyware removal here.) Others, such as my colleague
Dave Piscitello, have done a tremendous amount of
research on fighting spyware. His page of resources
is here:
http://hhi.corecom.com/spyware.htm
For those of you that are curious what I do, read on.
If your client's machine is still able to boot, burn a CD with the
data files that you want to keep. Or copy these files to a USB key drive. Make
sure you look around the hard disk: some applications like to hide their own
files in their C:\Programs directory. Windows Address Book (for those people
that are foolish enough to use it) hides its data deep into the system – if
your clients want their data, bring up Address Book and do a File | Export | to
a .WAB file under My Documents and back it up with the rest of their stuff.
You'll also need to record which applications the client has already installed,
and make sure that you have the original software CDs and license keys to
re-install these products. And you'll also need to record the user name and
passwords for any ISP and email accounts that are on the machine.
The first step is to find the original XP "recovery"
disk that came with the machine. If you don't have that, you'll have to
purchase a new copy of XP. Next, you want to boot the machine from this CD (or
from a Windows 98 boot floppy, if you don't have the XP CD or if your machine
is so old that it can't boot from CDs). Usually, you have to press ALT-D, F2 or
F12 or some other series of keys to keep the PC from booting directly from the
hard disk. If you have more than one CD drive on the computer, use the topmost
one.
If you are installing from the Win98 floppy, choose the command
prompt option and run FDISK to remove the partition on the hard disk that
contains XP. Some machines keep a small system partition of a few MB at the
start of the disk – I generally don't mess with these. Then create two
partitions – the one that you'll use for Windows, and another one of about 10
GB that will become the E: or F: drive, depending on how many CD drives you
have on the system. You may need to reboot a few times here: just make sure
that you can see the CD drive eventually. If your hard disk is smaller than 20
GB, make this second partition 5 GB.
If you don't have an XP CD, now is the time to go to the store and
get one. You can continue to install Win98 on the machine, and then when that
is done, continue to install XP on the C: partition.
If you are starting from the XP CD, follow my disk partitioning
instructions above, and just make sure that you quick format the C: drive with
NTFS. That second partition will contain a backup copy of your system when you
are done, but you can leave it alone now. Choose Original installation
(Advanced) when XP finally loads. Then XP will go through its motions, find
whatever peripherals it can, and get the machine set up. When it is done, bring
up the System Control Panel and examine the Device Manager to see which
peripherals it still doesn't know about. Don't be alarmed if there are a couple
of yellow question marks in the list.
At this point you need to format that second partition. Use FAT or
FAT32 rather than NTFS. Let's call it the E: drive for now.
If you have the original CDs that came with the purchase of your
system, you are generally in good shape here. If you can get a working network
adapter and get out to the Internet, you can find the drivers for your
peripherals on the manufacturer's Web sites. If you have a Dell or an IBM PC,
you can also enter the tag number of the system on the company's support Web
sites and track down what else came installed on the system. If all else fails,
you might have to crack open the box and see what is inside it, and then hunt
down those drivers.
The Dell product recovery CD contains compressed files that have
the drivers for the various peripherals in your machine. The trick is decoding
the file names and putting the right drivers on your hard disk, so you can run the
Windows discovery wizard and get things set up. Put all these drivers on your
E: drive (the second partition) so you can find them again if you have to
rescue the machine in the future. For example, the built-in Intel Ethernet card
on one Dell has the support file R28200.EXE – you run this program, it uncompresses all the drivers to your hard disk, and then
you click on the Unknown network device in the Control Panel and it finds the
network adapter. Some peripherals require special software to get completely
setup, while others just need the special .INF driver files to be properly
recognized.
Once you get all your peripherals setup properly, run Windows SP2
to update the machine. Why SP2? You might as well go with the most current
stuff. You can download a copy of SP2 here from Microsoft's site:
You should then install the printer software, any other
applications (such as Office) and bring up Word to activate Office while you
are connected to the Internet. Now is a good time to copy all your data over
from that CD you burned before you took the machine down to the bare metal. If
you want to install AOL IM, please do so but don't check the boxes for
installing its obnoxious Weather Bug and Wild Tangent applications – these are
the source of many spyware infections.
At this point, your machine should be humming. The only thing left
is to install the anti-virus software, but before you do that I install a
product like Norton Ghost or some other disk imaging tool. Install the software
to your E: drive so you'll be able to recover the machine in case someone hoses
the main C: drive. You then want to make a backup copy of the C: partition and
save it to the E: drive just in case your client messes up their machine again.
Once you are done with the imaging, you can install the AV software and you
should be all set. (If you image the PC with the AV software on it and have to
re-image it, your subscription may be too old to be of any use.)
And that's it – your client will happy, because his or her machine
will be running a lot faster, at least until the next time it gets infected.
And with the image on the E: drive, you have a failsafe backup of all the
software, operating system, and data files (at least at the time you did this
install) in case something else goes awry. This sounds like a lot of work, but
I have found the performance gains of having a clean machine are worth the
trouble and numerous steps involved.
Entire contents copyright 2004 by David Strom, Inc.
David Strom, dstrom@cmp.com, +1 (516) 562-7151
Web Informant is (r) registered trademark with the U.S.
Patent and Trademark Office.
ISSN #1524-6353 registered with U.S. Library of Congress
If you'd like to subscribe (issues are sent via email), please
send an email to:
mailto:Informant-request@avolio.com?body=subscribe.