PC Cleanup War Story by Will Fleenor, CPA, Ph.D., Partner, K2 Enterprises

Recently I spent many hours cleaning up a seriously ill PC. If you ever run across this problem some of the following may be useful. As IT professionals who deal with these situations daily know, it takes much more than anti-virus software and anti-spyware to clean a bad machine.

Results:

  • 871 Incidences of Viruses

  • 7765 Incidences of Spyware

  • 1512 Bogus IE Add-ons

  • 1741 Registry Problems

  • 36 Critical Updates needed to be loaded before Windows update would install SP2

  • Many more Windows updates after installing Windows SP2

The PC had Norton AntiVirus software running. However, the virus signature subscription expired 4 months ago. Microsoft AntiSpyware was loaded and running fine; although, it clearly was not up to the challenge.

1. First, I attacked the viruses. I ran the trial versions of BitDefender, CA’s eTrust, Antivirus, Trend Micro’s PC-cillin Internet Security, and F-Secure Anti-Virus. Each time, I unloaded the previous anti-virus software before loading the new anti-virus software. I did not try a new version of Norton anti-virus, both, because it has rated so poorly in recent reviews and because we have found it to be a real resource hog. IMPORTANT! Always unload Norton Anti-Virus before attempting to load another anti-virus software solution. Failing to do so will likely lock up your PC. BitDefender was first and just could not get everything. Although it saw lots of the viruses, it could not get out of memory. Each successive product found more viruses. Only F-Secure got everything. F-Secure from F-Secure Corporation http://www.f-secure.com/products/anti-virus/fsav2006/ is a top rated product that combines anti-virus with top rated spyware, an idea that is long overdue. http://www.infoworld.com/article/05/09/19/38FEspy_1.html To the best of my knowledge, it is also the only one of the top rated products that also spots rootkits. F-Secure is the company that discovered the Sony BMG rootkit. They are headquartered in Helsinki, Finland, and have offices in the USA, France, Germany, Sweden, the United Kingdom, and Japan. I am extremely impressed with this product. You will find the report after a scan very useful.

2. Spyware. Microsoft’s free AntiSpyware product appears to be inadequate at this point, at least in extreme situations like this one. This is consistent with what the trade publications have been saying for the past 4 months. Spy Sweeper from Webroot has been the top rated product in many recent reviews, and it did find 7721 incidences of spyware that Microsoft AntiSpyware missed. However, F-Secure found even more. None of the products removed all of the BHO add-ons to Internet Explorer.

3. Windows Update took forever. Loaded 5 patches before update would even run. Loaded 36 patches before Service Pack 2 would load. Loaded dozens of patches after SP2 loaded. To Microsoft’s credit, everything went smoothly; it just took a lot of time. That is the user’s fault (and not Microsoft’s) because they were not following Microsoft’s recommendations with respect to patches.

4. BHO add-ons to Internet Explorer. There were so many that it was taking over 30 seconds to open IE and often it would not open without rebooting the computer. The Add-on manager in IE will not delete add-ons and requires you to turn them off one at a time - an unreasonable task when you have over 1500. Using newsgroup postings (use Google to search Groups and not Web pages), I found a product that Microsoft MVPs recommend called ToolbarCop. (http://windowsxp.mvps.org/toolbarcop.htm). It was a great tool that allowed me to select multiple add-ons and disable the entire group or delete the entire group. Unfortunately, it would not load until I cleaned up the registry errors.

5. Registry errors. Over 1700 including lots of stuff that was keeping programs like ToolbarCop, from loading properly. Once again, newsgroup recommendations provided a good solution. Registry Clean Expert http://www.registry-clean.net (free download, but the free download only fixes two problems each pass so I had to purchase the full product) did the job - excellent product. It not only fixes registry problems and cleans the registry, but also provides an excellent interface for managing startup DLLs - highly recommended. Be sure and go to registry-clean.net and not registry-clean.com.

The machine runs great (at least until the user gets it back). It was a good learning experience. In retrospect, I should have flattened the machine and started over.

Conclusion: These issues were a nuisance, rather than a danger, in this case because the machine belonged to a college student that does not own a credit card. The level of the mess was clearly exacerbated by the way the computer was being used. However, all the threats are real and are security threats that business users face daily. Trojans and key loggers can capture and communicate to hackers sensitive and confidential business data, passwords, credit card information, and much more. Reasonable assurance in the area of security can only be achieved if everyone, including end users and not just IT staff, is trained and involved in keeping their computer systems safe and clean.

Will Fleenor, CPA, Ph.D. is a partner of K2 Enterprises. K2 Enterprises provides high quality, technology related CPE to CPAs nation wide.