The big decision
When you get a Windows virus, take a deep breath then ask yourself:
- Should I just try to remove the virus?
- Or is it time to reinstall Windows again?
- Or is it time to buy a new PC (or switch to a Mac) ?
Here is a recent story about how I recently helped a friend deal with such a crisis.
My friend calls me in a panic, ”I think I have a virus and I can’t use my PC anymore and I’m going on vacation in 7 days. Help!” I said come on by and she dropped off her 2004 HP Pavillion 9000 laptop with Windows Vista and (cough, cough) 2G of RAM.
Kill the pig
Time is of the essence so I want to take the course of least resistance — kill the virus. However, I learn that her McAfee Anti-Virus software has expired and since the install program also replaced the Windows Firewall with a McAfee equivalent, she’s been running without a firewall. Yikes.
Lesson #1: Think long and hard about replacing the Windows Firewall with some 3rd party tool that can leave you exposed when your credit card expires and they can’t re-bill you because the expiration notice went in your SPAM folder or you changed email addresses. Windows Firewall is pretty darn good.
Google is your friend
Turns out she caught the Airline Ticket Virus which is a trojan horse for delivering the System Recovery Virus which (in plain English) pops up a fake Windows-looking dialog box that says your computer has all kinds of problems and please pay $80 to fix them. So you think the Airline Ticket is the virus and the System Recovery is your friend.
Lesson #2: When in doubt, verify everything on the Internet using Google Search. Search for the name of the email, the name of the attachment or the title of the popup window. Somebody has documented this somewhere. You aren’t the first. Snopes is also your friend in case Google or the Internet are lying to you.
To make matters worse, the System Recovery Virus hid the following files by tweaking one of the Windows file attributes:
- Everything in My Documents
- Everything in \Users\Public
- All the Shortcuts on the Start Menu
So you really think your computer is messed up. Then, to make matters even more grodo, the attribute is stored in the file so all your backups preserve this “file is hidden” flag as well. It fooled me, but fortunately my friend was using Carbonite (more on this later) to do the backups.
Resistance is futile
Now back to the original decision. The evidence suggested that her computer was really messed up. My first thought was to download Microsoft’s free anti-virus software.
Lesson #3: Consider using the anti-virus, anti-malware software that comes with Microsoft Security Essentials. It’s possible that Norton or AVG or McAfee are incrementally better, but free and never expires is a hard combination to beat.
However, the virus figured out some way to block my ability to install or run any software. I could have tried to figure out a way to beat it (and blew off my afternoon) but at this point, my decision switched to “Should I reinstall Windows?”
Lesson #4: Every 1-3 years, you will probably need to reinstall Windows. It’s just the way it is. The Windows Registry is frail. Un-installers don’t always work. You can get into DLL Hell. Resistance is futile.
To reinstall Windows you need one of 3 things:
- Recovery partition on your hard drive.
- Recovery DVD or CD that you (hopefully) made.
- The original OS install disks that (maybe) came with your computer.
Fortunately, this HP did not have a hard drive failure. If it did, I would have been screwed and would have told her “It’s time to buy a new computer”.
Lesson #5: Read this carefully! MAKE SURE YOU HAVE / MAKE A RECOVERY DISK! A recovery partition on your hard drive is not enough protection because the hard drive can (and will) fail. HP has it’s own Recovery Manager program. Having a recovery disk is like putting a hide-a-key on your car. Don’t get stranded.
Restoring from a recovery partition is pretty simple. For the HP, I just had to press F2 while it was rebooting. Your magic F key may differ by manufacturer.
Take a hike
Reinstalling Windows is a lot like hiking up a mountain:
- You make a lot of great initial progress
- But there are all sorts of false summits and treacherous pitfalls along the way
- But most people can actually do it with a little guidance
In just 20 minutes, I had reinstalled Windows just the way it was when the PC was brand new back in 2004. It was zippy and happy and dying to have 8 years of patches (er, upgrades) applied to it.
Lesson #6: Now is the time to uninstall all the free useless software that comes bundled with the PC. Just go to the Control Panel and Remove Programs. This is quite liberating. I call it PC liposuction.
The hike has just begun. Don’t be afraid, Windows Update is a good thing and it’s surprisingly resilient. You may have to run it many times in a row depending on how old your computer is. For the 2004 HP, I ran it 8 times to get 257 updates and 2 service packs over 2 days. A service pack is an update that is so ginormous, it needs its own name. During that time, I had multiple reboots and a couple of blue screens of death aka BSODs aka crashes (the treacherous pitfalls).
Lesson #7: Unlike Macs, PCs have 2 cooks in the kitchen. In this case, HP made the hardware and Microsoft made the operating system. To reinstall the operating system on this PC, I needed Windows Update and HP Update. It just wasn’t clear when to run which program so trial and error is the only way. Like mountain hiking, be prepared to backtrack a few times before getting to the top.
After my initial batch of 102 Windows Updates, I tried to run the HP Health Check Update (a really crappy piece of vital software) and it crashed with a BSOD telling me that my RAID driver was missing. That sucked since HP Update is the way to upgrade that driver, but you need to be persistent. I just kept running Windows Update and retrying HP Update and finally I got to the point where I could update the RAID driver and all the other drivers (video, network, modem, trackpad, sound, etc).
Lesson #8: Hardware update programs and device driver installers for Windows look about as integrated as Young Frankenstein. Some of them look like they were written in the DOS age and they all want you to accept their terms of service. Half the time you can’t tell if they are done or hung, but be patient. By the time you are done clicking Next and Yes you’ll feel just like you did after you signed all the paperwork for your home loan: worn-out, confused and in need of a shower.
However, the real summit of the mountain is now in sight. Well…almost. Now you need to run all the upgrades and service packs for Microsoft Office! But that only took a mere hour or so.
You have arrived
You are at the top of the mountain! It’s time to set up a safe camp site.
Lesson #9: A secure web browser with safe email and a password manager will make you a happy camper. I recommend Google Chrome, Gmail and Lastpass. This combination of free software is just unbeatable. Never reuse passwords. Never name passwords after your dog, husband or birth year. Might as well just lay out a welcome mat for cyber-thieves.
Gmail has the best SPAM, Phishing and Virus detection of all the web-based email programs. It also has the most ergonomic UI — especially if you turn on the keyboard shortcuts and other cool Lab features like Undo Send or Reply + Archive.
Back up to normal
Finally, it was time to recover my friend’s files so I reinstalled Carbonite which was trivial and Carbonite recognized that I had done a complete restore and didn’t just start overwriting my backup. That was a relief and made Carbonite worth the money just for that one feature.
However, when I restored the data files, they were all hidden so I couldn’t find them in Explorer or a DOS window. Carbonite claimed to have restored them but they were nowhere to be found. At this point I was running out of time so I called Carbonite and they figured it out in a flash. Nice. Great customer support — just when you need it.
Lesson #10: Always have a backup. Have a second drive in your computer that uses RAID. Have a local backup on your network like Time Machine. Have an offsite backup like Carbonite. You can never have too many backups. Then do the occasional restore to see if it really works.
When you go through a sequence like this, you really learn a lot. I’m not sure how my friend would have survived doing this on her own or taking it to Fry’s or Best Buy to get fixed. Everyone’s situation is a little different. If it wasn’t for the fact that she was running Quickbooks I would have told her to “go buy a Mac” but that’s my answer for everything. However, I would recommend that she upgrades from Vista to Windows 7 but that’s a whole different post.