Presentation

Report
Basic
Computer
Cleanup
Larry James
ResNet Manager
UNL stats
•
•
•
•
•
23,000 Students (Undergrad and Grad).
6000 Living in Residence Halls on 2 campuses.
Wireless in all Residence Halls since Oct. 2009
Full-time Manager plus 2 Student Workers.
We supplement the Computer Help Center.
• We Don’t:
– Fix hardware.
– Make room visits.
Types of problems for Basic Cleaning
•
•
•
•
Computer has pop-ups.
Virus messages.
Not running right; running very slow.
Won’t connect to network.
•
•
•
•
Problems this won’t fix (Elevate to 2nd tier).
Won’t boot.
Hardware issues.
Blue screen of death.
Disclaimers
• This is only my current student worker procedure.
• Yours may be better, worse or just different.
• Mine may be different next week, will almost certainly
be different next month, will definitely be different in 2
months.
• You must always be looking for better tools.
Base Procedure:
•
•
•
•
•
•
•
•
•
•
Isolate from the internet.
Figure out the main problem and fix/remove it.
Clear out all the built-up, unneeded files.
De-Fragment.
Connect to network and update Windows and install
AV, disconnect.
Run installed AV.
Run Anti-malware.
Reboot, check for proper operation.
Rerun scans if necessary.
Educate student when they pick up the PC.
Finding the main problem
•
•
•
•
•
•
•
What symptoms?
Install and update MalwareBytes.
Do full scan.
Install and scan with hijackthis.
Install and scan with Spybot Search and Destroy.
Check for symptoms.
If still having problems, install ComboFix and run in
Safe Mode.
• Still problems? Elevate to 2nd tier.
If the computer was infected
• The system restore files probably are too.
• Open Control Panel>System>System Restore and
shut it off.
• Open the Device Manager and highlight the “Primary
IDE Channel”, right-click and go to Properties.
• Go to “Advanced Settings” and check for DMA mode.
• May be errored out to PIO mode, (very slow.)
• If so, delete the “Primary IDE Channel” and reboot.
• Recheck for proper DMA mode.
Very slow XP Computers
• May have a ‘stutter’ when playing sounds.
• Open Control Panel>System>System Restore and
shut it off.
• Open the Device Manager and highlight the “Primary
IDE Channel”, right-click and go to Properties.
• Go to “Advanced Settings” and check for DMA mode.
• May be errored out to PIO mode, (very slow.)
• If so, delete the “Primary IDE Channel” and reboot.
• Recheck for proper DMA mode.
Fake Antivirus
• Best tool found is Malwarebytes.
• May need to rename mbam.exe in the Program Files
• May need to copy over the malwarebytes folder from
another computer to get the latest updates.
• If MWB won’t run no matter what. Download the
latest copy of Combofix and run it in safemode.
• Once that finishes, MWB should run fine.
• Important to educate the student body about NOT
clicking on the “click here to download a program that
will clean up your computer” pop-up.
Clearing out unneeded files
•
•
•
•
•
•
•
•
•
•
•
CCleaner is very good.
Uncheck “Autocomplete Form History”.
Run CCleaner.
Go to “Registry”.
Uncheck “Unused File Extensions”.
“Scan for issues”.
“Fix selected issues”.
“Backup changes to the registry?” Yes the first time.
Scan again.
Fix again.
Go to “Tools”.
CCleaner continued
•
•
•
•
•
•
Go to uninstall.
Look for obvious malware/spyware and remove.
Look for old versions of Java and remove.
Go to Startup.
Look for startup items that don’t work.
Disable or delete them.
Defraggler is good.
• Available (along with many other useful tools) at
http://filehippo.com/.
• Can set to move big, non-vital files to the end of the
disk.
• Very slow, but very thorough.
• Can also use the built-in defragment tool. (Not
recommended for Vista.)
• May want to defrag first.
Connect to network and do MS Updates
• If they’re still on just ‘Windows Updates,’ upgrade
them to ‘Microsoft Updates’.
• Do all the ‘Important’ or ‘Critical’ updates.
• Check for ‘Custom’ updates, especially for hardware
driver updates.
• I generally do most of the optional updates too. But
not the Search 4.0 nor the Windows Live Essentials.
Update the installed Anti-Virus
• Check their subscription, many have pre-installed AV
packages with short subscriptions.
• If theirs is expired or due to expire, I usually remove it
and install Sophos, (our campus-provided AV).
• Use MSICUU2 to remove Norton and McAfee
packages, or the respective removal tools.
• Update Spybot and Malwarebytes at this time.
• Disconnect from the internet.
• Boot to safe mode.
Scan the computer
• Run full scans with the Anti-virus, Malwarebytes and
Spybot Search and Destroy. (One at a time.)
• Quarantine, Clean or Delete anything the scans find.
• Reboot to normal mode.
• Rescan, if anything keeps turning up, elevate to 2nd
Tier.
Common issues leading to Infected PCs
• Lots of computers still with no Anti-Virus.
• Lots of Pre-installed AVs that have expired.
• Lots of Free Anti-malware not being ‘used’. (Updated
and scans run.)
• Too many PCs not getting ‘critical’ Updates
• Still seeing Vista without SP2
Student Education at pickup
• Show them what you’ve added. (Sophos,
Malwarebytes, Spybot.)
• Have them open, and manually update each one.
• Have them find the ‘scan’ button.
• Talk about regular scans. (Timing, what to look for,
etc.)
• Have them check for MS Updates.
• Finally let them go.
Thanks for listening.
My email:
[email protected]
Please complete the on-line evaluation at:
http://resnetsymposium.org/rspm/evaluation/
©2007 The Board of Regents of the University of Nebraska. All rights reserved.

similar documents