Much of the serious trouble you will experience on a Windows-based computer will probably be traceable to improper settings on such computer functions as file- and printer-sharing or certain older versions of legitimate programs that open ports that your firewall accepts as valid. A good example: early Microsoft SQL Server versions that are set by default to act as Internet servers and kick open certain ports when they shouldn’t.
Despite your firewall’s best intentions, hackers can see these always-open ports and penetrate your computer with certain exploits of Microsoft SQL Server vulnerabilities. They gain control of Admin rights and send in programs that can hide themselves from ordinary detection methods and then call in other programs to turn your computer into a “zombie,” making you an unwitting slave of their activities…mostly sending spam or denial-of-service” attacks. Unless you have a traffic monitoring utility like Hagel’s DU, you’ll only see a slowing down of your computer.
In case you’re wondering why a hacker wants to turn your computer into a zombie, “zombie farms” are huge groups of personal computers controlled by hackers without the knowledge of their users…and they are very profitable to the hackers. And Microsoft is not the only source of exploitable software…I’m just picking on them because of all the hours I’ve lost to less-than-stellar programming techniques.
So, what do you do? Here’s a brief outline that worked for me:
Get Expert Help. There are several good “geek” sites. One in particular is trustworthy and has been helpful:
- ExpertsExchange is a trustworthy geek-group using the bulletinboard approach and an excellent archive that frequently contains the right answers. The “monitors” here keep track of the “experts” and will step in if additional help is needed. You need to join…try the 30-day membership. I found myself going back for lots of little details that made things easier on such things as writing javascript routines for web pages and utilities that can manage MS SQL databases.
NOTE: Based on my own experience, it is possible to find and kill a rootkit …but… rootkits, by their very nature, hide bits and pieces of themselves in other operating programs, ones that are needed for your computer to function. Sometimes, to get rid of rootkits, you have to kill off essential parts of your computer’s operating system, similar to performing a lobotomy on yourself. So, if the problem is a rootkit, consider simply reformatting your hard drive (losing all your files…you do have data back-ups and serial numbers for your working programs, don’t you?), reloading your operating system and working programs and restoring your data files. Here’s why: after a rootkit, sooner or later your system will fall apart because certain needed files will turn out to be slightly or completely corrupted. Sorry ’bout that. Best to just bite the bullet and be done with it.
Get a Toolkit of Utilities and Use Them. The rootkit adventure introduced me to several excellent programs that helped solve the initial problem and, after reformatting and reloading my hard drive, I hope their continued use will prevent a recurrence.
NOTE: SOME OF THESE PROGRAMS ARE POTENTIALLY DANGEROUS IF USED INCORRECTLY. UNTIL YOU UNDERSTAND HOW TO USE THEM, THESE PROGRAMS SHOULD BE USED IN CONJUNCTION WITH THE PROCEDURES AND ADVICE OF THE TECHIES MENTIONED ABOVE. AFTERWARD, REMEMBER THAT MANY CAN PERMANENTLY REMOVE OR ALTER CRITICAL PROGRAMS AND SETTINGS ON YOUR COMPUTER IF YOU DON’T KNOW WHAT YOU’RE DOING. WE TAKE ABSOLUTELY NO RESPONSIBILITY FOR YOUR USE OF ANY OF THESE PRODUCTS. THESE PRODUCTS CAN PROVIDE AN ADVANTAGE AGAINST HACKER PROBLEMS BUT ALWAYS LOOK UP THE PRODUCTS IN THE CASTLECOP WIKI FOR INSTRUCTIONS AND WARNINGS, WHICH YOU SHOULD PRINT OUT, AND THEN USE WITH CARE.
- HijackThis!. It will search your system for information that can reveal sources of hacker trouble and create a log file as a starting point. You make and keep a “before” reference log and submit it, and a final “after” log to the techies at CastleCops as part of their routine. Be very careful because you can select programs and computer settings for removal. “Measure twice, cut once,” as the saying goes.
- CCleaner (aka Crap Cleaner) is very good at locating temp files and other space-wasters. Periodic. Be careful what you remove.
- F-Secure Black Light rootkit finder
- Eset Smart Security a suite of anti-virus, anti-malware and firewall
- Rootkit Revealer — periodic scanning for sneaky rootkits– but be very careful with removals.
Defrag and Backup. The files on your hard disk are strewn around the top and bottom surfaces of the platters and when the available open space isn’t big enough, an electronic arrow points the way to the next open space where the rest of the file is written. This leads to fragmentation of your files. The read-write heads must thrash about to find and read the contents of a file. The more fragmentation, the more thrashing and, therefore, the more wear and tear on your hard drive’s mechanical parts. The defrag program supplied with Windows is less than adequate. Diskeeper has a good one. Defragment your disk after it is clean and before you do a good backup. Then keep it defragmented and keep the backups up to date.
- Diskeeper. Premier degragmenter program. Easy to use. Cuts down on mechanical wear, improves read/response time so you get longer life from your hard drive and better performance. Also lets you adjust the size of the MFT (Master File Table), the “roadmap” file (This is important because most programs generate a lot of small files associated with the main files so the “roadmap,” a miniature version of the whold disk, can become fragmented if it is set too small). This program is a keeper.
- EMC Retrospect. Premier backup software lets you make a file-by-file duplicate as well as an image of the entire hard disk you can use to restore everything back to the date of the backup. You can’t really restore from a file-by-file duplicate but you can retrieve the individual files which is very handy if you accidently trash an important project. On the other hand, you can’t really retrieve individual files from the image backup so having the ability to do both is a major plus. The first backup or duplication will take quite a while but after that the software looks to see which files have not been changed and backs up or duplicates only those that have changed. If you get a cut-down copy of Retrospect with your hard drive, it is well worth upgrading to a full copy.
- Maxtor. A 300 GB external harddrive with a cut-down copy of Retrospect is available for a few hundred dollars. About the size of a video casette, easy to unplug and drop in your briefcase to carry off site or put in a safety deposit box. If your files are critical to your job or customers, consider getting two Maxtors and keep a dupe backup somewhere off site.
Final thoughts. Always have a current back-up of your data files (emails, address books, bills, documents, whatever is important to you) and always have a printout of any software licenses with the date, serial number, key number or whatever you need to get it running again. Go to a stationary story and get an alphabetically tabbed expandable pouch or book similar to one used for keeping invoices to be paid. Put the printouts of your software licenses and any emails with customer service about adjustments that might be critical to getting back on the air into the book or pouch alphabetically, either by name of the software publisher or name of the product… one of the other but not both. You’ll be surprised at how much you have that needs to be kept ready for an emergency.
Also, print out or write down your computer’s system properties. In Windows machines, go to MyComputer, right-click to get the dialog box, go down to Properties. You’ll get a tabbed System Properties dialog box that will give you just about everything you need to know to get help from support people. Keep this printout with your licenses. Also, you can print out these pages if you want to remember these words of wisdom.
Best Wishes.
