David said:
Agreed. The most dangerous user is the one who thinks he knows
what he's doing, but doesn't.
Limited hardware available. I cleaned a number of malware problems
from it last summer, created a new admin account, and then changed
the existing account to a limited one. That way, in order to access
his photo and music collection, he had to use the limited account.
Set everything to auto-update, and got him to use firefox.
I gather he was still using the admin account for more than just
admin functions though, and using ie.
During the post, and bios setup, the video mode uses the equivalent
of cga mode, which the tv doesn't support.
I've seen this before, where you have to hook up a real monitor,
to see the post messages, and bios setup.
This tv, that also has a vga connection, does not support the video
modes used during post/bios setup.
It's definitely set to boot from the hard drive first.
The person he bought the computer from, had set it up that way
for a faster boot. That person had a real monitor, not a tv.
System restore has been disabled. Certainly looks like malware to
me, when the firewall and security center services have been stopped
too.
As I did with my sisters' system, I'd setup remote ssh access
for myself, so I could keep it updated, and when needed, take
over the keyboard/mouse to show him how to do things.
I was actually hoping for suggestions on a way to proceed. Now
that I've slept on it, I've decided to bring his computer to my
place, so I can hook up a real monitor and a ps2 keyboard, so
that I can change the bios settings to boot from the cd/dvd
drive.
Time to flatten and reinstall, in my opinion.
Regards, Dave Hodgins
You could tote a computer monitor (LCD is lighter than CRT, if you have a
choice) or maybe find a cheapie working model at a pawn shop. After all,
just how is this host going to get into Windows' Safe Mode or Recovery
Console mode for basic troubleshooting?
Maybe you could disconnect the hard disk during the boot so the secondary
boot device (CD or floppy) is found and used for booting the host.
If you're going to flatten, you'll want to be saving the files off the old
hard disk. I doubt the user will appreciate losing their data. So it's
about time to start thinking of what to use to backup the old files and what
could then be used thereafter to backup this repeatedly victimized host.
Acronis TrueImage is good (and what I use) but it's payware. Seagate
quietly partnered with Acronis to rebrand the OEM version of TrueImage into
the Disc Wizard utility that comes with retail versions of Seagate hard
disks or you can download it. You'll see "Powered by Acronis" in its
screens. Get DiscWizard at
http://tinyurl.com/27y63t. I don't know if
DiscWizard includes the ability to explore an image to retrieve just some
files rather than having to restore the entire backup image. It has image
backup and restore. It also has Clone Disc but that's probably not what you
want to use here.
Other free backup/imaging utilities are Paragon's Express
(
http://tinyurl.com/62su93) and Comodo's Time Machine
(
http://tinyurl.com/y9yc74o). Comodo also has a free backup program which
is just a logical file copy but then you're looking at saving just files to
restore later. Comodo Time Machine is probably easy enough for a boob user
but I don't feel it is quite reliable enough for continual deployment on my
personal host (in fact, using something else to save an image is recommended
before installing Comodo Time Machine), especially since I already have
Acronis TrueImage or would probably go with Paragon's free product; however,
the hierarchical view in Comodo Time Machine is something that a boob could
probably understand. Like Acronis and Paragon, Time Machine installs
(usurps) the bootstrap area of the MBR so the utility is available when the
host is booted and before the OS even loads (so it is available if you
cannot boot the OS or it is unusable). Comodo Time Machine stores its
snapshots inside the same partition as it is protecting, so you're not
covered if the hard disk dies. Acronis and Paragon let you save their
backups in other partitions and those can be on a different hard disk (for
speed) or removable media (more nuisancesome). Acronis lets you create a
hidden partition where to save image backups (both full and incremental
images) to help hide them from malware, and if you get stuck with an MBR
bootstrap malware the you can use the bootable CD (of course, after you've
gotten around to fixing the disk boot order in BIOS).
With DiscWizard (on a different host), you can create bootable media and
then try the above mention of disconnecting the hard disk during the boot to
force booting from the CD or floppy (with driver support for the CD drive).
Comodo's tools aren't portable but something to use when you tote the
corrupted disk to your host to get files off of it and onto removable
storage media. I don't know if Paragon's free backup program can be made
portable. You might copy only some files that are obviously data files that
the user wants to keep only to find out later there were config or other
files the user would also like back, so you might want to save all of the
old disk's files to put on storage discs to refer to later. I'd save
everything as an image (so I could also get at the old registry .dat files)
just in case it comes up later that something else needs to get recovered.
