Bill Matern wrote:
> PAT,
> I had a similar problem before. A good lesson was learned by my kids
> about downloading stuff from web pages. It took me days to clean the
> mess up.
> The procedure that worked the best for me was using as many "free"
> spyware removes as possible: Spybot search and destroy and others. I
> needed three (don't remember the other two) before I got the mess
> cleaned up. I don't know if this will work for you or not, but it is
> worth a try.
[snip]
> [TELECOM Digest Editor's Note: The problem is now cured, and it was a
> thing about running one Spybot thing after another. I had found out
> earlier that all the facilities worked fine under a non-administrator
> account called 'ptownson', so I thought why not run the Spy Bot and
> AdAware and Grisoft AVG under that account also since all three of
> those things are at least partially dependent on IE 6.0 to run
> correctly anyway, which they were refusing to do under the admin
> account. By running them over and over, getting to the point of
> 'found and cured X files; could not cure Y files since they are
> locked, reboot and let (whoever) run first thing once again, while
> those files are still unlocked, etc. It took some doing, but then
> on one test of the results, presto, things were back to normal again.
> PAT]
Pat,
You have my deepest sympathy: there's nothing more frustrating about
computers than having a child trash one just by following a link or
trying to play an online game.
Adware and spyware has gotten a lot more tenacious and intrusive since
it started, and it's an order of magnitude more difficult to remove
than a virus. After all, virus writers don't get paid (hmmm ...), and
adware vendors do, so they've gotten very good very quickly. Of
course, the ad/spyware vendors depend on children to spread their
sleezeware, but the damage and wasted time they cause is what an MBA
would call an "externality": cleanup is _your_ problem.
The good news is that there is a lot of help available and you've done
the most important thing already, which is to admit you need it.
Here's the list I use when I set up a new machine for my SOHO
customers. HTH.
1. Copy the system partition as soon as the OS and any "office"
software has been registered. Since new disk drives typically
have at least 20GB of storage, it's a quick and easy precaution.
In event of a software meltdown, I simply roll the copy back
over the original and they're back in business twenty minutes
later. [This is, BTW, an excellent use for the ~2GB drives you
have hanging around in your old 486 or can get for free at
the recycling center. You can plug the drive in for the backup,
and then take it out and put it on a shelf out of harm's
reach, thus guarding against both software _and_ hardware
failures.]
2. If children will have access to the computer, take these
precautions:
A. Enable a power-on password to prevent late-night
adventures.
B. Set a password on the screen saver, and set the timeout to
5 minutes. This keeps the kids out of _your_ account
and helps limit damage to your data.
C. Warn the user to NEVER use the Administrator account
for day-to-day tasks.
D. Install the hisecws (or hisecws4) security template,
and use it to post a logon warning that all internet usage
will be logged.
E. Use a group policy to prevent users erasing their history
files, and show the owner how to check.
F. Install TeaTimer or similar monitoring software to flag
attempted registry changes. Of course, the kids always
click "yes", but there'll be a log and it'll help to
keep the adults out of trouble as well.
3. Make sure the owner knows about backup options and the
costs of each one: online vs. CD-RW vs. disk, etc. I make
sure the user knows that it's a question of "When", not
"If", especially with children involved. I emphasize the
need for backups just before any family gathering, just
in case.
There's another option that you should consider: set aside your old
computer for use by the kids, and warn them they if it breaks, they
get to keep both pieces and you don't want to hear any whining. I do
this with mine, and the one time it got adware on it, I told them I'd
get to it in a couple of weeks and in the meantime they could walk to
the library or stay after school and use the machines there. It's
never happened again.
I know this is locking the barn door, but (especially in your job)
it's only a matter of time before something slips past your first line
of defense. Next time, the result can be a shrug and a few minutes of
copying while you enjoy a coffee break. Sound good?
William Warren
(Filter noise from my address for direct emails)
[TELECOM Digest Editor's Note: It does all sound like good advice. I
know that the password on my Administrator account (all my logins and
passwords actually) are on autologin. That is to say, I turn on the
computer, sit back and wait while it boots up, the 'network user name'
and 'network password' boxes are filled in automatically, all the
programs which are 'run on start up' such as the atomic clock synchronizer
the 'tclockex' program (which provides fancy script and additional
features to the Windows clock) starts, Zone Alarm and AVG get started,
etc. Sometimes also one or more virus scanning programs run as needed.
Then, and only then, do I start doing my thing. And _despite_ the
hardware firewall (cable router and modem), the Zone Alarm software
firewall, an email 'spam examination program' and other goodies, I
still get jumped on now and then.
It appears the 'Administrator' profile got trashed by something, which
is what caused Internet Explorer to quit operating. I went in the
Documents and Settings, renamed that profile to 'Administrator.old',
then shut down, powered back up and let Windows build an all new
profile for Administrator. The 'ptownson' profile (also an
administrator account) worked okay. Now I can be on 'ptownson' or
on 'Administrator' and log off that account and switch to the other
one which I do sometimes. But for some reason I am unable to switch
to the old 'Administrator.old' account to benefit from his files,
etc. Apparently just renaming one profile to something else, to force
Windows to construct a new profile for who you want to be does not
in the process require the old user 'Administrator.old' to come to
life any longer. Ergo, things like the Outlook Express mailbox name
and address book is now unreachable. I log out of 'ptownson' or
'administrator' and attempt to login in as 'administrator.old' (in
order to access his files, etc) but it just won't work. PAT]