Written by Jerry Stern
Editor, ASPects (article reprint from the July 2005 issue)
The web evolves. Software security isn’t what it was. There was a time when backing up a computer was a reasonably straightforward operation, if a little time-consuming. Just run Archive Backup and back everything up to DC2120 tapes. Of course, that old program later became Backup Exec, was bought out at various times by Colorado, Conner, Seagate, and Veritas, and will likely be part of Symantec by early July.
Data backups are still a great idea. That is, if you can talk Windows into keeping all your business data in one place that isn’t on the C: drive, then that’s great, and easy. I do that here; all my data is on a D:\ partition of the hard drive, and I have a batch file that I run before major backups that copies my Internet Explorer shortcuts from c:\Documents and Settings (etc, etc, etc…) over to a folder on d:. Then I burn an uncompressed DVD disk, and store that away.
And then there’s the operating system itself. For that, the best bet is a disk image program. A disk image program creates a compressed snapshot of a drive, usually created from a boot disk or CD, and some burn it directly to multiple DVDs. Ghost is the best known of these programs, but there are others, including some from ASP authors. With an up-to-date disk image, restoring an entire partition or drive takes only a few minutes.
All right, so those steps are all very traditional, and bring us up to around 2003. And then came spyware and adware. When an adware infection gets past your software blocks, it can suddenly bring along dozens of its cousin programs, and it may not be possible to start any software for burning a new data backup. An image program is still a good idea at this point, to be sure that no data is lost during the cleanup process, but that’s not prevention.
So just what will you need to have ready to do a spyware cleanup? As a cleanup technician, I would just love to have a process list of the computer as it was when it was built or when it was known to be clean. That’s a list of every program that autoruns on the system. That would save a lot of searches; the automated cleanup tools are good, but everything that depends on a detection
database is out-of-date 100% of the time, and if there is a list of what should be on the system, everything else can be removed.
Method 1, rough but helpful: Press Control-Alt-Delete, go to the task list for processes, press Alt-PrintScreen (nothing will appear to happen), exit the task list, go a word processing program or a good graphics application, and paste the new image of the task list, and then print it. If the list was too long to fit on one screen, be sure to repeat the process, after scrolling down in the task list, and capture all the entries.
Method 2, more complete, but requires special software. Download the latest version of ‘HijackThis’. It doesn’t need installation; you can run it from a USB pocket drive. Although this is a cleanup program, it is also useful to use to create a record of your startup processes, and it is much, much more complete than the printout from Task Manager–-it includes startup entries and registry keys affecting startups and security settings for Internet Explorer; not just Windows. Run the program, tell it to scan and create a log file, and print the log file.
Don’t rely on saving these lists; you’ll want a printout during any cleanup, and when you really need the lists, you probably won’t be able to print them.