Treatment of Infected Computers

General Computer Information
Hardware Troubleshooting

Not all computer problems are caused by viruses and malware. While I like to think of computers as my little silicon-based lifeform friends, they are really just machines and machines break down. Here are some basic hardware troubleshooting steps:

Open the computer and run it open after cleaning out all dust bunnies. Be careful when

you clean; use compressed air and be gentle. Observe all fans (overheating will cause
system freezing and/or crashing). This includes the fan on your video card if you have one.
Obviously you can't do this with a laptop, but you can hear if the fan is running and feel if the
laptop is getting too hot. For a desktop, without touching anything, hold your hand close to
the inside of the case and feel how hot things are getting.

Test the RAM - I like Memtest 86+ fromht t p: / / www. m emt est . or g. Obviously, you have to get

the program from a working machine. You want the pre-compiled bootable ISO (.zip). Unzip
the file you download by double-clicking on it and drag the contents out. You will now have a
file called memtest86+-4/00.iso (the version number may be different). You can delete the
.zip file now. Put in a CD-R disc and start a third-party burning program such as Nero, Roxio
or the freeI m gBur n (unless you have Windows 7, which can burn .isos natively). You will
need to burn the file as an image, not as data. Refer to your burning program's Help if you
don't know how to do this.

Leave the CD-R in your optical drive and restart your computer. When you restart the
computer you will see messages:

1. Possibly a message that says something like "Press F12 for temporary boot menu". If you have this message, press that function key. Use your arrow key to select the CD/DVD drive and the computer will boot from the Memtest86+ CD you made.

2. If you don't see a message about a boot menu you will need to go into the BIOS to
change the boot order. This message will say something like "Press F2 to enter Setup".
Press that function key and you will enter the BIOS. Find the section about boot and change
the boot order to CD/DVD drive first, hard drive second. Save your changes and exit Setup.
The computer will boot from the Memtest86+ CD you made.

The test will run immediately. You can remove the CD while the test is running. Let the test run for an hour or two unless errors are seen immediately. If you get any errors, replace the RAM. It is extremely important that you get RAM that is compatible with your motherboard (and the RAM already in the machine). Crucial Technology has a Memory Selection Tool on theirwebsit e.

Test the hard drive with a diagnostic utility from the drive manufacturer. If you aren't

sure what drive you have or can't find a utility for it, Seagate's SeaTools for DOS can test non-Seagate drives. Download the file and make a bootable floppy or CD with it. If you are using XP or Vista you need third-party burning software such as Nero, Roxio or the free

ImgBurn. Windows 7 can burn .isos natively. Burn as an image, not as data. Boot with the
media you created and do a thorough test. If the drive has physical errors, replace it.
http://seagate.custkb.com/seagate/crm/selfservice/search.jsp?DocId=201271( how- t o)
The power supply may be going bad or be inadequate for the devices you have in the
system. The adequacy issue doesn't really apply to a laptop, although of course the power
supply can be faulty. For a desktop, test by swapping out the PSU for a known-working one.
If you have one of the higher-end video cards that requires a separate power supply
connector, make sure it is in place.
Test the motherboard with something like TuffTest fromhtt p:/ / www. t uf ft est . com or
programs from the Ultimate Boot CD. Sometimes this is useful, and sometimes it isn't.

If you have an OEM machine (HP, Dell, etc.) and it is still under warranty, use the OEM's hardware diagnostics if there are any. For instance, on some of its machines Dell has a small diagnostic partition on the hard drive accessed by pressing F12 (usually) at startup. Although my experience is that OEM diagnostics aren't always accurate, running them will often produce an error code which you can give to the technical support person. Then you don't need to argue with some bottom-tier rep about why reinstalling Windows on a broken hard drive is useless.

Another good way to test if problems are caused by hardware or software (Windows) is to
boot with a Linux Live CD (or Linux on a USB thumb drive). If the system behaves beautifully
under Linux then you know Windows (software) is at fault. If you can't run Linux, then you
know the hardware is bad. I use Knoppix but there are plenty of other Linux Live distros. A
"Live" CD/USB distro means that the Linux operating system runs entirely in RAM (memory)
and doesn't touch your hard drive. You might want to use the bootable USB thumb drive
when you have a computer with a single optical drive (like a laptop) and the optical drive is
what you want to test. Obviously you can't burn a DVD in the drive if it is in use by the Live


Testing hardware failures usually involves swapping out suspected parts with known-good
parts. If you can't do the testing yourself and/or are uncomfortable opening your computer,
take the machine to a professional computer repair shop (not your local version of

What to do if you didn't back up

Let's face it, sometimes disaster strikes and you didn't back up your data. A lot of the data recovery success (and cost of the process) depends on what caused the disaster. Please note that data recovery is time-consuming and therefore not cheap. Even if we are able to recover data, we cannot warrant that all of the data you need will be recovered. We will do our best, which is a lot better than that Very Big Computer Store will do for you (they will normally not attempt to save your data, but simply reinstall Windows); however, we do not take responsibility for your data. There's no sweet way to say this: you should have made backups.

If the hard drive is unbootable or too badly corrupted and the data on it is important, then all
is still not lost. The data recovery wizards atDr i veSaver s can perform what certainly look
like miracles. If you decide to use DriveSavers you are eligible for a discount. Data recovery
from a company like DriveSavers is not inexpensive, but in our admittedly awed opinion
completely worth it if your data is vital. It is my understanding that some insurance
companies will now cover data recovery expenses so check with yours.

Reinstalling Windows

Post-disaster - either because of hard drive failure or because of viruses/malware that have
damaged the operating system beyond repair - you will be faced with the necessity to
reinstall Windows. Whether we do this or you do this, you will need:

1. A CD/DVD of the Windows operating system and a Certificate of Authority bearing
the Product Key - If you bought the computer from a system builder, the Product Key is
normally on a sticker on the side or back of the computer (it will be on the bottom of a
laptop). If you bought a retail copy, the Certificate of Authority with Product Key was in the
box, usually on a brightly colored sticker marked "DO NOT LOSE THIS". We hope you didn't
lose it, because without the proper Key it is not possible to reinstall Windows without buying
a new copy. If you have proof of purchase, you can contact Microsoft for a replacement
copy; otherwise you will be stuck buying one. For this reason, I strongly suggest that you do
not buy a computer at a yard sale or flea market. You won't have any assurance about what
you are getting, whether it will work, and whether you have a legal copy of Windows. If you
have an OEM ("Original Equipment Manufacturer") computer such as one from HP, Sony,
Compaq, eMachines, etc. you may not have physical disks or you may have a Recovery

Legally, a system builder who preinstalls a Windows operating system must give the
customer a way to return the computer to factory condition. They can do this by

A. A physical CD/DVD with the actual operating system on it. If an OEM version (as opposed
to retail), there must be a Product Key sticker on the computer. If you have the Product Key
sticker, a local computer shop may be willing to install Windows for you since the product
key is your license, not the physical media.
B. A physical CD/DVD with an image of the operating system as installed at the factory -
sometimes known as Recovery or Restore Discs.

C. An image of the operating system on a special partition, sometimes hidden, on the hard drive. When an OEM does this, they give you a utility with which to make physical restore discs, usually only one time. DO THIS. DO IT NOW. Label the discs you make and put

them somewhere safe where you will find them again.

Refer to your computer manual for which method was used. You can start the Factory
Restore process on most OEM machines by pressing a Function key (like F10) or a
combination of keys (like Alt+F11) when the computer starts up. The key(s) press varies
from computer manufacturer to computer manufacturer and sometimes even for different
models made by the same company. If you don't have a computer manual, you can find out
how to restore your computer to factory condition on the computer manufacturer's website or
call its tech support.

If you purchased a used computer from "a friend", yard sale, or unscrupulous local computer
shop and did not receive the Product Key, I'm afraid you will have to buy a copy of Windows.
The only other alternative is to install a free operating system like one of the Linux
distributions. This is not as horrible as you might think. ;-)

2. Various drivers - All hardware inside your computer (or connected to the outside, like a
printer) including the motherboard (the large circuit board that everything plugs into) has
related software called a "driver" which tells the operating system (Windows) how to use the
hardware. For example, Windows might recognize that you have a sound card plugged into
the motherboard, but if the proper drivers aren't installed Windows won't know what to do
with the sound card and you won't have any sound. You should have received installation
media for the drivers when you bought your computer.
3. CD/DVDs (or installation executables backed up for programs you downloaded

from the Internet) for whatever programs you would like to reinstall. An operating

system (Windows) does not come with word processors, spreadsheets, etc. If you have
Microsoft programs such as Works or Office, be sure you have the necessary Certificate of
Authority with Product Key. OEM machines normally come with bundled preinstalled
software and you should have received a way to reinstall that software - you might have
separate CDs or it might be included on a Recovery Disc.

