Presentation on theme: "Basic Computer Cleanup Larry James ResNet Manager."— Presentation transcript:
Basic Computer Cleanup Larry James ResNet Manager
UNL stats 23,000 Students (Undergrad and Grad). 6000 Living in Residence Halls on 2 campuses. Wireless in all Residence Halls since Oct. 2009 Full-time Manager plus 2 Student Workers. We supplement the Computer Help Center. We Don’t: –Fix hardware. –Make room visits.
Types of problems for Basic Cleaning Computer has pop-ups. Virus messages. Not running right; running very slow. Won’t connect to network. Problems this won’t fix (Elevate to 2 nd tier). Won’t boot. Hardware issues. Blue screen of death.
Disclaimers This is only my current student worker procedure. Yours may be better, worse or just different. Mine may be different next week, will almost certainly be different next month, will definitely be different in 2 months. You must always be looking for better tools.
Base Procedure: Isolate from the internet. Figure out the main problem and fix/remove it. Clear out all the built-up, unneeded files. De-Fragment. Connect to network and update Windows and install AV, disconnect. Run installed AV. Run Anti-malware. Reboot, check for proper operation. Rerun scans if necessary. Educate student when they pick up the PC.
Finding the main problem What symptoms? Install and update MalwareBytes. Do full scan. Install and scan with hijackthis. Install and scan with Spybot Search and Destroy. Check for symptoms. If still having problems, install ComboFix and run in Safe Mode. Still problems? Elevate to 2 nd tier.
If the computer was infected The system restore files probably are too. Open Control Panel>System>System Restore and shut it off. Open the Device Manager and highlight the “Primary IDE Channel”, right-click and go to Properties. Go to “Advanced Settings” and check for DMA mode. May be errored out to PIO mode, (very slow.) If so, delete the “Primary IDE Channel” and reboot. Recheck for proper DMA mode.
Very slow XP Computers May have a ‘stutter’ when playing sounds. Open Control Panel>System>System Restore and shut it off. Open the Device Manager and highlight the “Primary IDE Channel”, right-click and go to Properties. Go to “Advanced Settings” and check for DMA mode. May be errored out to PIO mode, (very slow.) If so, delete the “Primary IDE Channel” and reboot. Recheck for proper DMA mode.
Fake Antivirus Best tool found is Malwarebytes. May need to rename mbam.exe in the Program Files May need to copy over the malwarebytes folder from another computer to get the latest updates. If MWB won’t run no matter what. Download the latest copy of Combofix and run it in safemode. Once that finishes, MWB should run fine. Important to educate the student body about NOT clicking on the “click here to download a program that will clean up your computer” pop-up.
Clearing out unneeded files CCleaner is very good. Uncheck “Autocomplete Form History”. Run CCleaner. Go to “Registry”. Uncheck “Unused File Extensions”. “Scan for issues”. “Fix selected issues”. “Backup changes to the registry?” Yes the first time. Scan again. Fix again. Go to “Tools”.
CCleaner continued Go to uninstall. Look for obvious malware/spyware and remove. Look for old versions of Java and remove. Go to Startup. Look for startup items that don’t work. Disable or delete them.
Defraggler is good. Available (along with many other useful tools) at http://filehippo.com/. http://filehippo.com/ Can set to move big, non-vital files to the end of the disk. Very slow, but very thorough. Can also use the built-in defragment tool. (Not recommended for Vista.) May want to defrag first.
Connect to network and do MS Updates If they’re still on just ‘Windows Updates,’ upgrade them to ‘Microsoft Updates’. Do all the ‘Important’ or ‘Critical’ updates. Check for ‘Custom’ updates, especially for hardware driver updates. I generally do most of the optional updates too. But not the Search 4.0 nor the Windows Live Essentials.
Update the installed Anti-Virus Check their subscription, many have pre-installed AV packages with short subscriptions. If theirs is expired or due to expire, I usually remove it and install Sophos, (our campus-provided AV). Use MSICUU2 to remove Norton and McAfee packages, or the respective removal tools. Update Spybot and Malwarebytes at this time. Disconnect from the internet. Boot to safe mode.
Scan the computer Run full scans with the Anti-virus, Malwarebytes and Spybot Search and Destroy. (One at a time.) Quarantine, Clean or Delete anything the scans find. Reboot to normal mode. Rescan, if anything keeps turning up, elevate to 2 nd Tier.
Common issues leading to Infected PCs Lots of computers still with no Anti-Virus. Lots of Pre-installed AVs that have expired. Lots of Free Anti-malware not being ‘used’. (Updated and scans run.) Too many PCs not getting ‘critical’ Updates Still seeing Vista without SP2
Student Education at pickup Show them what you’ve added. (Sophos, Malwarebytes, Spybot.) Have them open, and manually update each one. Have them find the ‘scan’ button. Talk about regular scans. (Timing, what to look for, etc.) Have them check for MS Updates. Finally let them go.