If you’re unfamiliar with Autoruns and Process Explorer for manual virus and spyware cleanup you are definitely doing too many wipe/reloads to resolve infections. Autoruns is a free Microsoft (Previously Sysinternals) utility that allows you to see all possible load points for dlls, browser help objects, executables, and winsock/LSP entries. With this utility you can remove the start points for just about anything, however you will often encounter malware that simply re-adds its startup entry the second you remove it. This is where Process Explorer comes in. With Process Explorer you can see all actively running processes, as well as all dlls hooked into them and their locations on the drive for easy removal later.
You can get Autoruns here and Process Explorer here. There is also an excellent video guide the creator of the software gave about using them to cleanup machines manually here.
June 3rd, 2007
As a repair tech you’ve probably spent a great deal of time typing lengthy commands into the run bar or a command prompt to repair registry permissions, windows update, WMI, and cryptography services. Dial-a-fix is a handy utility that brings all these common tasks into a nice GUI. Its saved me a fair number of hours tracking down the thumb drive that I stored my scripts on. Get your copy here.
June 1st, 2007
I thought I’d start out with something really basic that not many people seem to be fully aware of. How many times have you started working on a machine and noticed that it appears to have remanants of an old Norton AV of Mcafee installation hanging? Neither of these products (and some others) will always uninstall properly or even appear in the “Add/Remove Programs” list. Here is a list of some useful removal tools and links to the download pages for them:
Norton Removal Tool
Mcafee Removal Tool
GoBack Partition Removal/Repair Tool
I listed the GoBack removal tool as its so commonly installed on machines these days. You’ll often remove a customers drive and hook it up to your backup server/techbench and no drive letter will appear although the drive shows up in bios. This is a direct result of a GoBack MBR hook that makes the drive only visible to machines with GoBack installed. The removal tool is actually a bootable ISO that allows for the removal or repair of GoBack partition hooks. You can also usually boot from the harddrive while it is installed in the customers machine and select ‘Disable’ from the GoBack boot options list but that often fails if the drive is going bad or the customers system no longer boots.
May 31st, 2007
I’ve had this blog sitting empty and idle for a couple months now until I had some time to invest in it. Now that I’m finally settled into my new home and everything is setup I thought now would be a good time. The goal of this blog is to cover computer repair from a computer technicians perspective and address issues people in the industry deal with. Perhaps the information here will also be useful for people trying to get into the industry or just fix their home computer. Things I’d like to talk about over the next couple months on this blog:
- Data Recovery
- Rebuilding Windows Installations
- Removing Viruses and Spyware manually
- Common Issues with Windows
- Pattern failures on certain brands/models of computer hardware
- Diagnosing hardware/software issues
- Diagnostic tools and utilities
- Building your own custom non-activation OEM installation discs for your shop
- Recommendations on hardware
- Laptop hardware repair
- Resources for finding answers
I won’t imagine that I have all the answers and I’m hoping to build enough of a readership to get some good comments and additions to what I post. Ultimately I would really like to get something back from readers in the way of feedback about their experiences in the industry. More to come over the next couple of weeks as I gear up and get organized for my first rounds of posts and guides.
-Irrision
May 21st, 2007