Heal and Inoculate Your PC

Nathan Edwards

Remember the excitement you felt when you bought your first car? Before the dealer even handed you the keys, you made a vow to keep your new set of wheels in tip-top shape, to lovingly wash it, change the oil every 3,000 miles, and even maintain the proper tire pressure. You wanted to keep your new car looking and running its very best. You understood that the consequence of not doing this would be costly repair bills at best, and at worst, a car that no longer ran as it should.

Owning and maintaining a PC really isn’t so different than owning a car. Only with a PC, there’s no maintenance schedule outlined in your user’s manual, leaving it up to you to keep your smoking-fast rig from turning into a stuttering compilation of unresponsive parts. And worse yet, now more than ever PCs are highly susceptible to all kinds of nasties, from keylogging viruses to performance-hampering spyware to everything in between. Even simply surfing the web can be enough to turn your dream machine into a nightmare experience if you don’t take proper precautions.

But fear not, because we’re going to show you how to set up safeguards to keep your rig humming along as fast as it was on the day you built it. Not only that, but we’ll also walk you through the steps of fixing a system that’s already suffering from neglect, so the next time you hear cries of frustration emanating from your neighbor’s apartment, you can swoop in and save the day, Maximum PC style!

Looking to clog up your browser and infect your system? Install toolbars and desktop buddies to do both in one fell swoop!

Heal Your PC

Sometimes a PC becomes so badly infected that nuking your Windows install and starting fresh seems like the only viable option. Or maybe your computer hasn’t yet reached a state of virtual undeath but has been running sluggishly, betraying the high-end components inside. No matter which scenario you find yourself in, there is hope. Put away that towel—we won’t be throwing it in quite yet.

Five-Minute Fixes

Whether your PC’s performance problems are severe or just mildly annoying, a simple series of fixes could have it running like new.

1: Blast the Bloatware

Just as the name implies, spyware is a malicious program designed to mine personal data from your machine and spy on your computing habits. The information collected is then used to harass you with ads in the form of pop-ups, redirected web searches, a browser homepage you can’t change, and other annoyances. And here’s the kicker: You could have installed the offending programs yourself! But don’t feel bad if you’ve been bamboozled; spyware often masks itself behind seemingly legitimate software, most often browser toolbars and desktop buddies. Rid your system of these bloated add-ons and watch your PC’s performance improve right away.

Close any open browser windows; then open up your Control Panel and navigate to Add or Remove Programs. Scroll down the list and uninstall any browser toolbar, desktop buddy, or search helper.

We love small critters, just not those of the virtual variety. Rid your system of deskmates and consider buying a real pet instead.

2: Get Widgety with It!

Now that you’ve uninstalled all the honest, easy-to-uninstall bloatware, it’s time to hit the local watering hole and call it a day, right? If only it were that easy! Once installed, some spyware detaches from the host program it shipped with, and other programs simply reinstall themselves, continuing to load every time you boot into Windows. To put the kibosh on these persistent pests, we’re going to tell Windows to skip over them when loading startup programs, and we’re going to do it with the help of Microsoft.

You'll want some programs to load with Windows, so choose only the items you want to rid from your system.

If you’re running Vista, you already own Windows Defender, and XP owners can download the free scanner from Microsoft here . Once installed, click the Tools tab and then select Software Explorer. This handy widget lists all the startup programs that load with Windows, along with a wealth of potentially incriminating information, such as the date a program installed, file location, file type, and whether or not it shipped with your OS. In the left-hand pane, highlight any dubious entries and click the Remove button. After you’ve cleared all of the startup scourge, reboot your system to a clean start!

3: Scan for Scoundrels

Windows Defender isn’t good at just customizing startup programs; it’s also a very capable spyware scanner. On the main screen, you can choose between a full scan, which looks in all files and currently running programs, or a quick search that uncovers vermin in their most common hiding spots. Run the full scan for a thorough scrub, and then let Defender remove any infections it finds.

4: Get a Second and Third) Opinion

New variants of spyware are released into the wild at an alarming rate, and it’s impossible for any single program to keep up with them all. For this reason, we run at least two different scanners on an infected system, or more if the infection is especially bad. Other programs we’ve had success with in the Maximum PC Lab include A-Squared (free, http://tinyurl.com/2gb93 ), Spybot S&D (free, www.safer-networking.org ), Ad-Aware (free, www.lavasoftusa.com ), AVG Anti-Spyware (free, http://free.grisoft.com ), and Spy Sweeper ($30, www.webroot.com ). Regardless of the tool you use, double-check the URL for typos and be sure you’re downloading directly from the source (rogue sites often try to pass off infected software as authentic spyware scanners). Above all else, always update your spyware definitions to detect the
latest threats.

5: Look Closer with HijackThis!

Spyware loves to hide, but HijackThis! makes an even better seeker, uncovering the leftover residue that managed to elude traditional scans.

Even after running several anti-spyware scans, you might still have a lingering infection. HijackThis! (free, http://tinyurl.com/huyrw ) takes a fine-tooth comb to your system, targeting methods commonly used by hijackers. Because HijackThis! doesn’t zone in on specific infections, most of the reported entries will be legitimate, and disabling them could do more harm to your system than good. Highlight only entries that you’ve previously tried removing but that keep showing back up. For example, if you’ve uninstalled Bonzi Buddy and removed any related entries from the startup queue, you can safely highlight any references to the program that HijackThis! finds and then click the Fix Selected button. For all other selections, either leave them alone or carefully use the online tutorial ( http://tinyurl.com/2et7nb ) for detailed steps on discerning between good and bad entries. You can also submit your logs to Help2Go Detective ( http://tinyurl.com/etujk ) and HijackThis Security ( www.hijackthis.de/en ) for automated analysis.

6: Vaccinate Your Rig

When you’re sick, you generally make it a point to avoid others, lest you infect them with your ailment. But when your computer contracts a virus, it looks to spread the disease to as many other PCs as it can, turning each one into a remote-controlled zombie. The nefarious do-badder can then wage a DoS (Denial of Service) attack on a website, making thousands of PCs repeatedly request pages, until the site’s server can’t take the load and the site goes down.
But that’s not all viruses are capable of doing. They can record your keystrokes, including passwords and bank account information, and pass the information along to people who are up to no good. Other viruses wreak havoc on your hard drive, erasing data, altering critical system files, and even causing permanent physical damage in the form of bad sectors. Heck, viruses can even be used to install more spyware and viruses.

To rid your system of viruses, you need to perform a sweeping scan. If you don’t have antivirus software installed, we recommend you start with Panda Security’s web-based AV app (free, www.pandasecurity.com/usa ) and scan your PC right from within Internet Explorer. It will also detect spyware, rootkits, and dialers, but will only disinfect viruses. Just click the Total Scan button, install the ActiveX control, and let Panda do the rest.

7: Perform a Root(kit) Canal

You’ve rid your system of spyware and nuked any lingering viruses, but your PC isn’t quite yet eligible for a clean bill of health. You need to check for rootkits, a particularly nasty variant of malware that burrows deep within the OS, where it’s difficult to detect with conventional scanners. Signs of infection can be subtle, or even nonexistent, thanks to a rootkit’s ability to integrate with your OS’s kernel. Whether your system displays symptoms or not, if you’ve recently discovered any spyware or viruses, your next step is to initiate a rootkit scan.

Because rootkits are tightly integrated with critical system files, back up any important data right away. Next, head over to F-Secure and download Blacklight (free for now; will be part of a $79 security suite, www.f-secure.com/blacklight ). This handy executable needs no installation, just double-click the icon and watch as it probes your system. We also recommend running AVG’s Anti-Rootkit program (free, http://tinyurl.com/2mqb6n ) for a second opinion.

Sidebar: Top Five Deadliest Viruses

Viruses have existed for decades and number in the thousands, but these five variants stand out as the nastiest of the bunch.

1. MyDoom One of the fastest-spreading worms of all time, MyDoom, and the variant MyDoom.B, set its sights on SCO and Microsoft, prompting both companies to offer a $250,000 bounty to anyone who identified the people responsible for its creation.

2. Nimda Just days after the September 11 attacks, PCs worldwide were hit by the Nimda virus, prompting speculation among conspiracy theorists that the virus was part of a terrorist attack. No link has ever been made between the two events.

3. CodeRed
You’ve heard of the drink, but the CodeRed virus had a thirst for computers running Microsoft’s Internet Information Systems (IIS) web server, attaching the phrase “Hacked By Chinese” to websites. One of the targets included the White House.

4. Slammer Can a worm infect 75,000 PCs within minutes of going live? It can, and it did! Slammer’s small footprint (365 bytes) played a big role in its ability to double its infection rate every 8.5 seconds.

Love hurts, and in the case of the ILOVEYOU virus, it stung for over $5 billion in damages. Some of those scorned include Ford Motor Co., the Pentagon, and the British Parliament.

Next: Change Your Boots, Restore and Repair, Top 5 Virus Hoaxes and Pranks!

Change Your Boots

Severe infections can render a normal Windows install completely unusable, but we have a couple of tricks up our sleeve for infiltrating a broken OS.

1: Boot into Safe Mode

Sometimes you need to attack malware before it has a chance to load, and by the time Windows boots to the desktop, it’s already too late. It might be that your system no longer responds to your input or does so with a sluggishness that makes even accessing the Start menu a time-consuming chore. Or it may be that the infection’s interfering with your AV and spyware scanners, shutting them down before they can run. It may seem dire, but by booting into safe mode, you can frequently squash the scourge wreaking havoc on your PC.

Reboot your system and hit F8 before the Windows splash screen comes up. This takes you to the Windows Advanced Options Menu, where you can select Safe Mode with Networking using your keyboard. Windows will proceed to load with only basic drivers, allowing you to disinfect your system while the offending programs lay dormant. Perform any scans as you normally would, and make sure to update your virus or spyware definitions beforehand. Because you chose the Networking option, you’ll have Internet access in case you need to download additional programs.

2: Make Your Own Boot CD

When all else fails, enlist the help of Bart. No, not Bart Simpson, BartPE. Bart’s Preinstalled Environment is a bootable live CD that every tech should carry in his toolbox. Sometimes a system gets so mucked up, you can’t even get into safe mode. Booting off a BartPE CD allows you to access the infected hard drive and run diagnostics, scan for viruses and spyware, or in more extreme cases, extract data in preparation for a fresh install.

To get started, grab your original Windows installation CD. Download the self-extracting installer (free, http://nu2.nu/pebuilder/ ) and install it on a clean system. The app will prompt you for the location of your Windows CD, and you’ll want to check the Burn to CD/DVD radio button. Next, click the Plug-ins button, bringing up a list of optional add-ons to include on your CD. Many of the entries are outdated and some are second-rate programs, so we’re going to add our own. Head over to http://tinyurl.com/3bg68a and download the Spybot S&D plugin. Unpack the RAR file and move the contents to C:\pebuilder3110a\plugin, or wherever you installed BartPE. Next we need to find a working, up-to-date virus scanner that’s easy to install, and the open-source ClamWin fits our criteria. Download the plugin from http://oss.netfarm.it/winpe/ and extract the contents to the same location. Now return to the BartPE window and hit the Refresh button. Both of your new plugins should be displayed, and if they’re not enabled by default, highlight each one and click the Enable/Disable button. Finally, close the window and click Build.

Insert your new BartPE CD into the infected system and in your BIOS configure the PC to boot from the optical drive. You do this by hitting the delete key during POST (if that doesn’t work, try F1, F2, or ESC). Dig around for the boot device priority menu and make sure the optical drive is listed before your Windows hard drive. Hit F10 to save and exit, and the computer will take over from there.

From within BartPE you can even run anti-spyware apps like Ad-Aware

After BartPE loads, you’ll be greeted with a snazzy GUI similar to Windows’s, complete with a Start menu alternative. Click the Go menu and select Programs to access the plugins you installed. Spybot can be run right away, but for ClamWin to work, you first need to select “Unpack Current Virus Definitions to Ramdisk,” then proceed to scan your system. By default, ClamWin only reports the infections it finds. To quarantine viruses, select Preference from the Tools menu and select the Quarantine option under the General tab. If you need to browse or extract data from your hard drive (and now would be a good time to do that), navigate to Programs and select “A43 File Management Utility,” which will look familiar to anyone who’s ever used Windows Explorer.

Restore and Repair

You cleaned your system of malware, but did the infections leave your system broken? Let's fix it!

1: Check for Errors

By and large, the majority of malware writers are amateur programmers who create sloppy code that can do more damage than originally intended. Maybe your hard disk suddenly makes a clicking or grinding noise, or perhaps Windows told you it found corrupt files and suggested running the check disk utility. That’s good advice to follow anytime you’ve finished a malware disinfection, even if there are no visible symptoms of disk corruption.

Under My Computer, right-click the hard drive that contains your OS (presumably the C: drive) and select Properties. Click the Tools tab and then the Check Now button under the Error-checking section. A new window will open with two check boxes asking if you want the utility to automatically fix file-system errors and scan for bad sectors. Check both of these boxes and click the Start button. Because of the deep access needed, you can’t run this scan while logged into Windows; another window will pop up asking if you’d like to schedule the scan to run the next time you reboot. Select Yes, and then restart your system. The larger your hard drive, the longer the scan will take, so now would be a good time to grab a bite to eat or clean out the garage.

2: Fix a Broken Boot

We’ve all had that sinking feeling in the pit of our stomachs when Windows suddenly refuses to load. At first you’re in denial, and then panic sets in as you realize that no amount of hard resetting is going to bring about the desired result. To add insult to injury, Windows may taunt you with the dreaded “NTLDR is missing” error message. It’s likely that a virus corrupted either your boot sector or master boot record, but there’s an easy fix.

Grab your Windows CD and boot from it, just as you would if you were installing Windows from scratch. But instead of performing a fresh install, XP owners will hit R to bring up the recovery console. At the prompt, type fixboot and hit Enter; then try rebooting your system. If Windows still won’t load, go back into the recovery console and type fixmbr. Vista owners needn’t fuss with any commands—simply boot from the install DVD, select Repair, and follow the prompts. Vista will automatically fix boot errors and may restart several times before it finishes.

3: Reinvigorate with Restore

Earlier, we promised we wouldn’t throw in the towel, and we meant it. Instead, we’ll try heroic measures to return Windows to a state that predates any damage caused by malware infestation.

The first method uses Windows’s built-in System Restore utility, which works best when run from within safe mode. If you’re running XP with Service Pack 2 installed, make sure your Windows install CD has SP2 already integrated onto the disk. If it doesn’t, you’ll need to first create a slipstreamed copy; you can do this by following the steps at http://tinyurl.com/4n7y5 .

Restore is like having a virtual time machine, without all that expensive flux capacitor upkeep. Best of all, using System Restore won’t cause you to lose any saved documents or emails. How’s that possible? System Restore takes snapshots of key parts of your system at various times—for example, just before installing unsigned drivers or software—allowing you to undo changes that may have caused your PC to malfunction. To roll back your installation, navigate to the Start menu > All Programs > Accessories > System Tools and select System Restore. Follow the prompts, and be sure to go back to the last time your PC operated correctly.

If you disabled System Restore or don’t have a snapshot that represents a healthy system, you still have one more option at your disposal: a repair install. A repair install does just what it says; it fixes Windows by restoring critical system files from the install DVD, but it won’t overwrite your installed programs, saved data, or system settings.

To initiate a repair install, boot from your Windows CD. Do NOT choose the option to repair from within the recovery console; instead hit Enter to install XP. After accepting the user agreement, you’ll be asked to select the installation of Windows you wish to repair (you’ll only see one unless you’re dual-booting). Select the install you need to repair, and then sit back and let the CD work its mojo. When it’s finished, you should have a functioning copy of Windows, albeit an unpatched one. Head over to Windows Update and plug up all those security holes again, just as you would on a fresh installation.

Sidebar: Top 5 Virus Hoaxes and Pranks

Viruses are no laughing matter, but some of the hoaxes and pranks making the rounds are good for a giggle

1. Good Times Users were warned that simply opening an email with Good Times in the subject line would erase their hard drive, destroy their processor, demagnetize any nearby electronics, and kill their dog.

2. 48 Hours This relatively recent hoax claimed that hovering your mouse cursor over the infected email was enough to activate it, wiping out not just your hard drive, but your rig’s BIOS too.

3. Life Is Beautiful Emails circulated warning of a PowerPoint presentation called Life is Beautiful that, if clicked, would erase your hard drive and give the sender your username, email, and password.

4. Honor System This email contained no payload, instead asking recipients to manually delete all files on their hard drive and to forward the message to everyone in their contact lists. Participation, of course, was completely voluntary.

5. Lion’s Den Aptly named, Lion’s Den originated from a porn site looking to draw hits. The email warned of a new deadly virus, providing a link for more information. Instead, recipients got an eyeful.

Next: Protect Against Future Attack - Build a Wall, Change Your Habits, Rage With A Virtual Machine, and the Top Five Security Myths!

Protect Against Future Attack

By practicing tried-and-true preventive measures, you can keep your PC running like new and save yourself a lot of trouble down the line

Unless you live far from civilization, you wouldn’t dream of leaving your house unlocked, your windows wide open, or your car keys dangling from the ignition. By doing so, you’re just asking for trouble, inviting mischievous ne’er-do-wells to violate your property. So why then, would you treat your PC any differently? When you connect to the Internet, you’re throwing your system in the midst of a thriving online metropolis no matter where you live, and instead of occupying dark alleys, the bad guys brazenly roam freely in search of new victims. Don’t become one of them!

We’re going to show you how to set up a strong defense that will have no-goodniks moving on to easier targets. Combined with our tips for safe computing habits, your PC will be primed to travel the web without fear of infection.

Build a Wall

Bad guys won’t attack what they can’t see; use a variety of defensive measures, including a firewall, to make your rig invisible to online probes.

1: Surf Securely with Firefox

You’re only as secure as the vehicle you’re traveling in, and coasting along with Internet Explorer is like putting a sign in your back window that says, “Hey, steal from me!” If you haven’t made the switch to Mozilla’s Firefox (www.mozilla.com/firefox/), then drop what you’re doing and download this superior browser. Now.

Not only does Firefox render pages faster than IE7 and come with a massive array of extensions for customizing your experience, but security threats are also less prevalent. It’s not that digital thieves skip over the browser entirely, but until Firefox can close in on IE’s market share, hackers’ energies are better served by targeting Microsoft’s browser.

After installing Firefox and upping your geek cred, head over to http://tinyurl.com/2z5qmt for a comprehensive guide on how to optimize your new browser and recommended extensions.

2: Shield against Spyware

No matter which browser you use, you’re still susceptible to spyware. Earlier, we pointed out several candidates for rooting out and zapping miscreant programs, but not all anti-spyware software actively monitors and protects in real time. We want to catch spyware before it has a chance to install and run, and for that, we turn to Webroot’s Spy Sweeper ($30, www.webroot.com )

Spy Sweeper maintains a list of sites known for their spyware affiliation and blacklists them from dialing in to your PC.

Spy Sweeper includes a fairly straightforward GUI, making it easy enough for inexperienced users to navigate, but more savvy individuals will appreciate the utility’s many included tools and safeguards. Spy Sweeper calls these safeguards shields, which alert you when a potentially unsafe program attempts to alter system files, execute processes on your PC, or behave in some other suspect manner. The shields won’t check for keylogging activity by default; you’ll need to manually enable that feature for the added layer of protection.

Click the Shields button on the left-hand side, click the Keylogger entry, then put a check mark in the box to enable it. Be warned: The anti-keylogger feature does tend to trigger a number of false positives—it’s even fingered the Maximum PC disc as a keylogger in the past (don’t worry, we don’t record your keystrokes). You’ve now erected a wall of defense to thwart spyware before it has a chance to breach your system.

3: Install a Virus Scanner

With thousands of viruses in the wild, the question isn’t whether to run an antivirus program, but which one to choose. There are dozens of options to choose from, with three standouts worthy of consideration: AVG (free, http://free.grisoft.com ), Avast! (free, www.avast.com ), and AntiVir (free, www.free-av.com ). While you could pay for an AV program with more features, the protection remains virtually the same when combined with our computing safeguards.

AVG is fast, easy to use, effective, and free. How many antivirus programs can claim that?

While it can be beneficial to have more than one anti-spyware program on your PC, you should limit yourself to just one AV package. Because of the deep access needed by these programs, multiple AV apps can interfere with each other and cause major slowdowns and weird problems. But you are free to test different ones before committing to a long-term relationship. In the end, we prefer AVG for its ease of use and email scanning, but if you’re hell-bent on paying for protection, Kaspersky ($60, www.kaspersky.com ) combines excellent protection with one of the most feature-rich packages around.

4: Hide Behind a Firewall

Attackers constantly ping the web for unprotected systems, and without a firewall installed, your PC will become compromised within minutes of connecting to the Internet.

If you’re installing a version of XP that predates Service Pack 2, then stay disconnected from the Internet until you can get a firewall up and running, especially if your router lacks a built-in firewall. Download the firewall to a USB thumb drive before you install Windows! For those running SP2 or Vista, Microsoft’s basic firewall will be enabled by default, but it doesn’t monitor outbound traffic. For outbound monitoring, we recommend Zone Alarm (free, http://tinyurl.com/296pwe ). The free version monitors both inbound and outbound traffic, so if an infection does happen to slip through, you’ll be notified when it tries to dial home with your personal data and given the option to deny the connection.

Change Your Habits

Implement these safe computing tips into your daily regimen and you’ll never fall prey to hackers again!

1: Avoid Unexpected Attachments!

When it comes to unexpected email attachments, we follow one simple rule; don’t open them. It doesn’t matter how tempting or innocent the file name may be, or who it’s from, the contents inside could contain nasty code. Why would someone you know send you malware? Chances are, it wasn’t intentional, but rather the sender is a victim also and the virus is attempting to spread. Many virus writers rely on uninformed users to spread their diseases, but without your help, they’re stopped dead in their tracks.

2: Don’t Be Baited

It’s not just attachments you have to worry about with email, but hyperlinks too. You may receive a seemingly legitimate-looking email from your banking institution, PayPal, or eBay stating that there’s a problem with your account and prompting you to sign in to resolve the issue. Clicking the link appears to bring you to the appropriate site, but you’re about to be duped. In an attempt to steal your username and password, hackers set up fake websites that look identical to the originals, which they use to harvest your personal info, from login information to your social security number. The practice is called phishing, and the worst part is you may not even know it has happened. The more sophisticated phishing sites will return that familiar “incorrect username/password” error message indicating a typo, then redirect you to the real site so that subsequent login attempts will prove fruitful, keeping you in the dark about what just transpired.

It doesn't matter how legitimate an email appears to be, you should never trust the links inside it; type URLs directly into your browser.

Telltale signs of this scam include typos and poor grammar, but that’s not always the case. Avoid being phished by never clicking hyperlinks in your email. Instead, type a site’s URL directly into your browser (not the URL given to you in an email but, rather, the main address for a site). If there’s a problem with your account, you’ll be notified when you sign in.

3: Download Responsibly

Back when the online music revolution was just beginning, Napster made peer-to-peer (P2P) file sharing mainstream. Suddenly, everyone with an Internet connection was swapping files, both legally and illegally, and that trend continues today.
We’re not pooh-poohing legal file-sharing; we ourselves have fired up our BitTorrent clients to download Linux distros and other large files from trusted sources. But we discourage folks from downloading cracked commercial software, otherwise known as warez. Not only is this stealing, but oftentimes these cracked programs include something extra—malware. Hackers know that one of the easiest ways to spread a virus is to slap the word “keygen” on the malicious file and then throw it on a peer-to-peer network.

Rage with a Virtual Machine

Why hose your OS when you can experiment on a virtual machine without risking the health of your main system?
It’s not always easy to tell the difference between legit software and attachments from harmful files. Maybe your brother really did find time on his honeymoon to email you a zip file of pictures from Hawaii, but do you want to take the risk and open it? You’re right to be cautious, but with a virtual machine, you can afford to live dangerously—without putting your system at risk.
To get started, download and install Microsoft’s Virtual PC 2007 (free, http://tinyurl.com/2jr7a7 ); then follow the prompts to set up a virtual hard disk. Pop your Windows CD into your optical drive, fire up your VM, and install Windows. Once it’s up and running, install the Virtual Machine Additions package (found under the Action menu), which will let you move seamlessly between your VM and main system. You’re ready to go. Use your new sandbox to surf those, uh, adult-friendly websites or to experiment with suspicious programs.

Virtual PC 2007 doesn't cost a cent, but you will need a separate license for each OS you plan to install.

Around the web