If you are experiencing a security-related problem, then you’re going to need the right tools to get your systems up and running again. In this video, you’ll learn about anti-virus software, the Windows Recovery Console and Command Prompt, System Restore, pre-installation environments, and the Windows Event Viewer.
<< Previous Video: Troubleshooting Common Security IssuesNext: Best Practices for Malware Removal >>
If you want to stop viruses from getting onto your computer, you have to stop them from executing. And the best way to stop a virus from executing is to have anti-virus software on your computer that’s watching everything that runs. And if anything running happens to match one of these known virus signatures, your anti-virus software will stop it before it infects your computer.
These days, most of the anti-virus software that you would install on a computer also includes some anti-spyware and anti-malware software as well, so it’s looking for a lot of different things to be happening on your computer, and if any of these problems occur, it will stop them before it infects. To be able to do this, you have to make sure that you have all of the latest signatures for the software.
Most of this software comes with an automated way to update itself occasionally so that it’s always running the latest signatures, but if you’re not paying for support you’ve disabled this process, your system will become very susceptible for viruses in a very short period of time. One way to help remove some of these security problems like spyware and malware is to remove them from the files on your hard drive.
But once the operating system is loaded, it becomes a little more difficult to do that with certain types of files. To get around that in Windows XP, we can use the recovery console. and in Windows Vista and Windows 7, we can use the command prompt. But this is a very powerful feature that gives you full access to the file system and a number of utilities that you can run on the file system, so you want to be very careful of exactly what you type in at this command prompt.
You’ve got a lot of access at this command prompt. You can change every file on your computer. Modify, delete, add different files to your hard drive. You also have control over what services start. If you happen to know that the malicious software is either triggered by or part of a service, maybe you’d like to have that service disabled so that it won’t run when your operating system starts.
You can also go to this command prompt to remove those components from your system itself. If you happen to know exactly where those files are, you can modify them and remove them right from the command prompt. To get to this console view in Windows XP, you wold start from your Windows installation media.
In Windows Vista or Windows 7, you can go to the system recovery options and command prompt that you would either get from a repair disk, or from the Windows installation media itself. I have an entire video the steps you through the process of using this. You can find it under Using the Windows Recovery Console and Command Prompt.
If you’ve ever installed an application and then that application has created problems with your operating system, then you’ve realized how valuable the System Restore function can be. The System Restore will go back to a restore point, and restore points are created every day and every time that you install a new application.
And if you wanted to rewind back to a certain date and time, you can change your entire Windows configuration to go back to that particular time frame before any of these problems occurred. You can find the System Restore in Windows XP under the control panel, choose System and then choose System Restore. And in Windows Vista and Windows 7, it’s under All Programs, Accessories, System Tools and System Restore.
The System Restore function really has limited capabilities when it comes to security problems, however, and that’s because the malware authors know that you’re going to use this to go back to another date and time, and they will simply access all of your previous system restores, and it will infect those as well. So don’t count on System Restore to be able to recover from some of those nasty malware infections.
In those cases, you may need to restore your entire system from back up. One important security tool you should have available is a Windows PE. That stands for a Windows Pre-Installation Environment. It’s not a full blown version of Windows, but it is one that you can boot from and then run other applications from there. You commonly see this when you’re running things like the system recovery options, which is running in this Windows PE environment.
It’s great for troubleshooting. You can start up your Windows PE, choose a system restore, go to the command prompt or run a memory diagnostic. You could also build your own Windows PE with all of the tools that you like to use. If you use the Windows Vista or Windows 7 automated installation kit, you can build your own customized Windows PE. And on the internet, you might want to download one that’s already been made for you.
A very popular one is called BartPE, and you can find it at this URL. This would allow you to use an already customized Pre-Installation Environment, or maybe you’d like to build your own with the tools that you like to use. Either way, it becomes a very useful tool to use, especially when your Windows installation isn’t booting, or it’s having problems during that boot up process.
When these malware infestations get on a computer, they tend to cause problems. And one way that you could start finding information about these problems is in the Windows Event Viewer. This is a central view of all of the events that are occurring on your system. They might be application events or security events.
You can see any start up problems, and you can see the things that are working properly on your computer. You can break these down by different severities, as well. So if you only wanted to see the critical issues, you can filter out everything else and really focus on what might be going wrong.