Cleanup and Rescue

 #who are you

The below is a thrown together mess of links and info to help users of  MS Windows systems.  

 Ok - let's dive right in, shall we? 

First, secure your operating system by getting all patches applied. Try to store your personal files in a different directory than the default. Even better is a directory on a separate partition or physical drive all together.   You can then encrypt and/or backup and have other options to you as your data storage grows.

 Trim down  your OS.   Why run services and software you don't need?  They only chew up valuable resources and present security risks.   go to start -> run -> type in msconfig  and skim over to services. click the button for hide all microsoft services...  do you have alot there?  rut roh!  go to start - run ->  type  services.msc and Here's a handy guide to understanding windows services.   

Turn off system restore. Many infections love to live here.  Its like the bottom of the garbage can or your toilet seat. There are other backup solutions.  It can come in handy though, for those who frequently mess up their settings, it may be better to keep it on.

Please, do NOT use a login ID with administrative rights for everyday use. create a limited account and use that.

I recommend running at least some form of Antivirus software... Clam AV, AVG, and a few others are free and effective. there is also “virustotal.com” that scans your machine with many AV engines. I bet if you do some googling, you can find dozens of free antivirus scans on the web.  Either upload a file for them to scan, or,  (gulp) give them access to your system for them to scan.  

If you have children or other users on your system(s) then perhaps steadystate may be required. (it helps lock down the system for parents and administrators)   

Do you have a wireless router?  I hope you remembered to change the default login/password.  Please use WPA/2 with AES encryption.   WEP is cracked within minutes nowadays, so don't think that super strong password is keeping you protected from the gothy neighborhood kids with a can of beef stew, and a laptop

Don't broadcast your SSID....  no matter how clever you think you named it.  :-P

_______________________________________________

Do you think your desktop is secure?   a free test from grc.com's shields up!  will tell you.  Another free (microsoft) tool is the Microsoft Security Baseline Analyzer.  This will test your system and instruct you on which action(s) to take.  As a security professional, I use the following tools in determining if windows systems are secure:  Metaspoit, Nessus, nmap, netcat, netwag/wox, wireshark, wirelessnetview, winAutopwn,wirelesskeyview, socketsniff.   

_______________________________________________

Still using IE for browsing the web?     why?     check out Firefox or Opera.     

For Firefox,  install the NoScript Plugin. (some prefer adware plugin, but there are many others ) For Opera, there are multiple ways, but most use User scripts to dictate how websites run on local system.  Running either of these browsers can greatly increase the quality of your experience on the web from both a security and usability standpoint.   If you MUST use IE, please don't use the oldest version. Upgrade to IE8.  pretty please.

For heavier requirements for browser privacy/safety, I recommend running a virtual machine called JanusVM.  You may also consider surfing via proxies.  Proxies are basically man in the middle computers that sit between you and say, amazon.com   You connect to the proxy first, so then when you type  amazon.com, it goes to the proxy, which then asks amazon.com for its page, which it then relays it back to you.  All amazon.com sees is the request coming from that proxy.  (Jeez, isn't there a simpler explanation for that elsewhere on the net?)   I also recommend privoxy, proxy chaining, and depending on your needs, you might want to look into using TOR.  Some folks have purchased an IronKey thumbdrive- it contains a fully capable secure browsing environment you can plug into any computer.  There are also hardware personal security devices like Yoggie that can work wonders for some.  YMMV

To view your own web surfing data or discover where other users of your system are surfing, try a program called TotalRecall   Other windows utilities I use for cleanup, investigation, etc.:  AlternateStreamView, Awatch, iecv, dllexp, IECacheView, InjectedDLL, Autoruns, sysexp.  


EMail.  well tons of infections come through email.  They can definitely come from your friends and others you trust.   Stop forwarding on those useless chain emails. Stop clicking on questionable attachments.  Stop falling for "so and so sent you an ecard!" Using web based mail only sweetens the deal for malicious software writers, because now you're relying on both a secure browser and secure email client/site. While i do run gmail, you should know that you need to set it up to where it always connects using https/SSL.   not doing so can greatly  increase your risk of your credentials getting grabbed if you're surfing via Starbucks or elsewhere.   I honestly don't have much to offer in the realm of securing email.  Using an alternative client can help.  PGP or GPG can help if you need to send encrypted sessions.  There's always Winzip for AES encrypting files you need to send.  But know this - if you are running on default settings, then every email you send is sent in clear text across the internet.  That means that anyone that is "listening" on any of the devices your traffic travels through to get to its destination can view it without much effort.

  ______________________________________________

so let's say your system is already infected. .....

 MalwareBytes   -This is a good program that will rid your system of current infections.  It is sort of like a piece of antivirus software, but geared more towards after-the-fact infections.

Procexp(part of sys/winternals)   -   views all processes (like task manager, but better.)  Many infections hijack Explorer.exe, run32dll, winlogon and more frequently hidden in one of the several svchost's that are running.   Use this tool to identify and kill the threads/processes.

TCPView(part of winternals)   -  views all connections (like netstat –an, but better) sometimes trojans and others try to connect to a server somewhere (china, russia, naughty people, etc) to upload all types of data about you to them, and to let them have more control over your system than you do.

Hijackthis.exe -  helps cleans system of various malware/spyware  prevents the bad ‘ware from hijacking browser settings. Typically, malicious software will hook itself into BHO's in Internet Explorer.  Some are needed, some are malicious.  Please seek help in one of the many forums setup for helping users munge through their hijackthis logs and screens.                                     *also be sure to check your Hosts file  using this program... 

Spy Bot Search and Destroy - This is mainly to combat against spyware.  (potentially blocked for work, but should use on a home system.

Cleaning out temp files and temporary internet files usually helps in combating bad software.

WindowsXP - 

C:\docs and settings\ your userid\ local settings\temp and temp internet files  

%WINDIR%\temp

Vista does a good job of handling temp files, but you can always just type %TEMP% in the startmenu search bar.

 

Sometimes the localsettings folder is hidden from view.  Go to Tools -> Folder Options ->  View (tab) scroll down to  Hide protected operating system files..    make sure its unchecked.  Then hit apply.

Also go to Start -> run ->  type msconfig - then go to startup tab to see all items that startup on bootup. 

Adjust as necessary - sometimes things are very obviously not supposed to be there, other times it requires some research.

**Note that some software REQUIRES to be run at startup, so its not recommend to delete everything. – some googling for questionable items is usually required.

 Running the command “sfc \scannow”   at the start -> run-> prompt  will scan windows system files for integrity.

 Another avenue is to download and use a liveCD. This way you can boot into a clean environment and clean up your existing dirty one, you dirty, dirty person. There are literally dozens, if not hundreds of different LiveCDs to choose from, some are specialized just for rescue.

For rescue, I would recommend  either  “The Ultimate Boot CD”    http://ubcd4win.com/  or http://www.sysresccd.org/Main_Page - the system rescue CD.  You just boot into the graphic interface and follow instructions.  Some can help change the password to your machine if you have forgotten it, or run a virus scan on the windows partition of the harddrive.

For general desktop use, I recommend linux mint.   This is a great looking and performing distribution of GNU/Linux that is ubuntu based, which is in turn based off of Debian.   You can download the iso, burn it to dvd, then place it in a windows system.   Run the mintwin application and it will install a bootable linux environment right into your current windows system so that it can be uninstalled like any other application.    

What people generally refer to "linux" as  is really just a kernel.  It is when this kernel is paired with GNU utilities and then distributed with some form of package management (usually they throw in a desktop environment) that really make it a "linux distro".  

Save yourself some time and go to distrowatch.com and take a stroll through the many flavors of GNU/Linux, BSD, and Solaris. It all depends on your needs. Different kernels, package managers, desktop environments/window managers, partitioning schemes, application stacks, network stacks, all leave you, the user, to have too many choices to make a good decision. Don't get discouraged by the fact that there are so many out there, be happy that there is still a choice.  There is no one perfect operating system, because there is no perfect operating environment. Always changing, the needs of the future are.

Bart PE (http://www.nu2.nu/pebuilder/)   is a live cd   based on the windows platform.    

If you have a thumbdrive laying around, then you can turn that into a bootable rescue/daily use environment too..  (You’ll need a decent sized thumbdrive, and to download an “ISO’ image of one of the selected linux options) try here--- http://unetbootin.sourceforge.net/     

maybe even wubi will work for you.  :-)

________________________________________________________

<identity management rant>

It is advisable to create a pseudo anonymous name for the internet.  Why?   Well,  for those that use their firstname.lastname@theiremailaddress.whatever,  malicious individuals will already have one piece of information with which to look you up further.  Try to think up an unique name that doesn't identify a gender or anything else personally identifiable to you.   Although don't be glib and use something like Wolfman297.  More seasoned anonymous users will make fun of people that try too hard and have to use numbers because, surprise surprise, they weren't the first to think of "Wolfman" or "darkstar" or some other animalistic/metaphysical word that you think represents you, but doesn't.          at all.    

...but once you get one.. check to see that it isn't already being used in popular sites at the online ID availability checker..    Look into OpenID as well.  Once you have a standard ID, you can work on password management for the different areas.  (KeePass comes to mind)

</rant>


Well I hope the above information was useful for you.   Good luck and have fun!