The seasoned advantage: A PC repair story.

A little background for the foundation before I start:  For roughly 14 years now, I have migrated from fiddling with computers to repairing them professionally.  Along the way, I have made some blunders… some BAD blunders.  From not wearing an anti-static band to plugging a PCI riser card into a powered-up and running server (POP goes the riser card – D. Muntz, if you are reading this, you should remember that night.).  I say that to make this point, not only to the IT Professionals but everyone who performs a repair, installation, construction, and maintenance on other people’s property;  “Mistakes make us better at our job”.

That said, I wanted to share a story from this week that could have turned out to be quite disastrous.  I received a PC, from a well-respected friend who trusts me to handle their PC issues.  It seems it was suffering from the infamous BSOD (Blue Screen of Death).  These can be a number of things, but the ones that stick out are corrupted drivers, bad memory and failing hard drives.

Since the PC would not boot and went straight to the BSOD, I decided to try the easiest thing first.  I loaded my trusty Memtest Live CD and booted into it.  Almost instantly after the memory test began, I saw errors in multiple memory addresses, confirming that the memory was indeed bad.

I replaced the module with a test module that I have lying around, just for these instances.  The PC successfully booted, and into the Windows environment, I went.  As of now, the issue had been discovered and resolved, however, I began to notice things… bad things, in the form of pop-ups.  “Virus this, PC Cleaner that, Backup your PC, You need to purchase ….”  Clearly, the machine suffered from a malware infection.  Also, I noticed that it had no network connectivity.  Upon further research, none of the network interfaces were loading.  Checking the system services revealed even more issues.  There were a number of system services that were stopped and could not be restarted.

I could not, in good faith, return the machine back to the owner like this.  Instead of fighting hours of a losing battle, I decided it was time to wipe this puppy clean and start over.  Before doing so, I grabbed my trusty external hard drive and began backing up vital directories and files.  While doing this, I noticed that the PC had Microsoft Office installed and activated.  Over the years, I have found that the majority of people DO NOT retain the product keys or packaging that this software comes in, so I decided to use a tool that scans the PC and reports back with a list of the product keys of registered software.  This was copied on to a flash drive for future reference.

Now, with the user’s files backed up and the product keys safe in hand, I initiated the full system restore.  After about 20 minutes, I was faced with a “factory setting”, working PC.  The retention of the Office product key proved to be a life-saver, as the software needed to be activated once again (big problem dodged there).  I then copied over all of the files and the PC was just about back like it should have been, working network services and all.  All that was left was about 140 updates from Microsoft.

At this point, I generally format my external drives so that when I need them again, they are not full of old files from a previous repair. However, for some reason, I decided to keep them until the PC was delivered.  I started the above-mentioned updates and left for the evening.

When I returned the next day, the replacement memory that was ordered arrived and it was time to change out the test module for the new one.  The PC was already off, so I made the swap and powered the machine on.  What happened next was any technician’s nightmare.  “Please insert bootable media and try again”…  WTF?!

Several reboots later, a Clonezilla attempt, another recovery attempt and I was left with a deceased hard drive.  It must have died sometime during the night amongst the plethora of Microsoft updates.  That’s okay, I will just copy the partition with the system recovery to another drive… NOPE, dead too.

DAMNIT!   What now?  Since this was a Samsung PC, the Operating system product key is made specifically for special OEM media from Samsung.  I looked on the back of the PC and found another disturbing sign.  It was a “Display Model” sticker from Best Buy, which means that the owner most likely did not receive any type of recovery media, manual or box for that matter.

At this point, all is lost.  I decided to place one of my refurbished hard drives in the machine and made what I thought would be a futile attempt at contacting Samsung support and requesting recovery media.  To my surprise, they were very accommodating and processed a new set of recovery media to be mailed straight to me.  After that, I walked back into the workshop and I saw it… glowing like it had an aura.  It was the external drive that I decided not to erase!  The customer’s info would alive!  The PC may be late, getting back to the customer, however, it will be fixed, it will be right and if you are wondering… no, the customer will NOT be charged for the replacement drive or any additional labor.

So, in closing, I wrote the long-winded story above, to make a point.  I have been faced with this before and did not have the wherewithal to create a backup.  It was only after making a huge mistake, that I remembered what needed to be done and it paid off.  Cherish your mistakes and your blunders, as they are what make you better at what you do and make you …. “Seasoned”

– Matt

Secure Conscious : What users need to know.

It’s been a while since my last blog entry.  So I decided to write this entry, based on a recent conversation with a customer in reference to Security and Antivirus.  This may be more of instruction than personal blog material, however I felt compelled to do it.

 Let me open with a statement that I want to make perfectly clear.  Antivirus products are like pizza toppings; no two I.T. Professionals will agree on the best (or some figure close to that).  Also, I will be writing this for the general user, so some I.T. Professionals may find it quite basic and lacking in technical depth.

 I have been in the I.T Field for roughly 14 years.  Antivirus programs have evolved quite considerably from the beginning days, however the basic principle remains the same, across many different products.

  • Act as a liaison between the buffer and memory, compare each file against an entry in your definition database.
  • Delete, disinfect or Quarantine files that match the ones in the definitions.

In later years, a new development changed the Antivirus programs and made them much more efficient and took loads off of the development and research teams that were used to compile the definition databases.  This was called the Heuristic AV engine.  With this, Antivirus programs could effectively detect new threats that were not already listed in their definitions.  The Heuristic engines were composed of many different variables that raised alert flags within the system when certain criteria were met.  The local installation of the Antivirus program would then give a choice to the user, whether to accept or block said suspicious file.  These were also, in the background, sent to the Antivirus companies for further analysis.  Analysts would confirm the new-found threat and include the definition in next month’s definition update.

 For years, this was the way Antivirus programs worked, and to this day, some of them still use this method.  However, with the advent of the “Cloud”, came a new and better way of dealing with virus definitions.  There are a few notable products that use this technology, however I am going to use one in particular, who helped pioneer this approach, Panda Security.  Now that most internet speeds are high enough to handle this constant connection, it was feasible to eliminate the need to compile definitions every 30 to 45 days. Instead, Antivirus programs could stay connected to their databases online.  The difference this made, is that new found viruses and threats could be sent to the database and within a matter of 6 minutes, everyone else that used that particular Antivirus program was protected against the new found threat.  This made the spread of viruses much slower (within the circle of users for that particular product).

 Another great leap forward was the utilization of the Windows subsystem: VSS (Volume Shadow copy Service).  Webroot security has implemented the use of this service in order to battle malicious threats that hijack a user’s files and holds them for ransom.  One threat in particular is the Cryptolocker virus, which encrypts a users files and gives them 10 days or so to pay the ransom before access to the files is permanently lost.  Webroot, can restore the files, using the copies in the VSS system, since the encryption is, at the moment, unbreakable.

 Now that I have given you a crash course in Antivirus technology, I want to drill down to the bedrock of the reason behind my post.  NO ANTIVIRUS PROGRAM IS 100% EFFECTIVE! Remember this, and you will already be ahead of the game.  There are a few things, as a user, that you need to know when dealing with threats and the internet as a whole.

  • Get familiar with the interface of your Antivirus program.
  • Look at hyperlinks in your email before you click them
  • Be cautious of free software
  • Learn how to close your browser without clicking the “X”
  • Use Internet Explorer for downloading Chrome or Firefox ONLY.
  • Learn how to determine a secure website vs. non-secure.

 Let’s start with the 1st one, Getting familiar with your Antivirus interface.  If you have ever fallen victim to a rogue Antivirus program, then you will know exactly where I am going with this.  Many times, embedded in websites, are Javascript commands that pop a small window up (usually in the bottom corner), that appear to be an alert from your Antivirus; stating that you have n amount of viruses.  It instructs you to “click here” to begin removing them.  Once it finishes with the “scan”, it tells you that you need to purchase the upgrade for 39.95 in order to complete the disinfection.  This is what is known as a rogue antivirus program OR ransomeware.  Believe it or not, I know of MANY MANY people that gladly paid that 39.95 and didn’t know any better.  The best way to counter this is to get familiar with the way your Antivirus program looks and reacts.  That way, these “warnings” should look out of place and are easier to pinpoint.  How do I  know what my antivirus looks like when I get a virus, without actually “getting a virus”?  Simple.. there is what is known as as the eicar test file (which originally stood for: European Institute for Computer Antivirus Research).  You can obtain this test file from AND ONLY FROM:

 Second, inspect hyperlinks in your email before you click on them.  Hackers and programmers in general are very good at making hyperlinks appear to be for a particular website, when in fact, you will be directed to somewhere totally different.  Most of the time, once you click it, it is too late.  Generally in every email program, when you hover over a  link, the address that it takes you to will be displayed on the bottom-left of your program window.  For instance, you receive an email about your online bank password expiring.  They need you to click the following link:  When you hover over the link, the bottom display shows an entirely different address like: This should be a red flag, indicating that you need to delete this email immediately and NOT follow the link.

 Next, Be cautious of free software. If you think that programmers sit at their computers and write thousands of lines of code, just to make a piece of software for you and not charge anything for their time, the server space or the bandwidth it takes to accommodate downloads, think again.  These pieces of software are usually made available in exchange for your email address, personal address, phone number OR they can contain scripts that monitor your web surfing profiles or worse, record passwords and report back to their developers. Ever started getting penis enlargement emails?  Think back, there was most likely a free piece of software, free game or free online dating profile that you acquired recently.

 Next, what happens when you click to see that cat video and it takes you to a page with a big warning in the middle about your PC’s performance?  You know it is a scam, but the “X” on the window does not look like a regular “X” for closing Windows.  Good observation, most of the time, those “close” buttons will actually trigger the execution of a malicious script.  How do I safely close this without interacting with the suspicious button?  The answer is:  Alt + F4.  Pressing these two keys will effectively close whatever the “active” window is on your screen, in this example, it would close your internet browser.

 Sit around a group of I.T. Professionals long enough and you will start to hear the jokes fly, in reference to Internet Explorer.  This is not due to some comedy embedded in the browser, this is a psychological mechanism for coping with a magnitude of problems stemming from this horrible, wretched, unsafe browser.  I could write an entire paper on why you do not use Internet Explorer, but for now, just take my word for it and leave it for when you need to download Google Chrome or Firefox.

 Finally, learn how to distinguish when you are on a secure website.  Generally, you want to concern yourself with this only during times when you are entering personal information on a website. In the VERY TOP of your browser, you will see the URL of the site you are currently visiting.  A secure site should start with “https://” notice the “s’”, it stands for secure.  Get used to looking for it and if you do NOT see it, do not fill out whatever information it is asking for.

 As I stated in the beginning, this entry in intended for the general user.  My fellow I.T. Friends would have two or three more pages of Dos and Don’ts, however knowing and following those that I have stated above will keep you more secure than you would without.  If you take anything away from this, please remember that having an Antivirus program is not a license to compute without concern.  Antivirus does nothing if not accompanied with a little common sense and knowledge.

To my fellow I.T. guys that follow my blog, I know it’s killing you that I left something out, so feel free to comment below.