Disinfecting Your PC

 
 
By Larry Seltzer  |  Posted 2004-08-17
 
 
 

What would you do if your Windows computer suddenly became unresponsive? Or if you could no longer access the Internet?

Viruses and spyware can cause that, even when youre running up-to-date protection against them. Tools arent perfect, and its possible that some malware sneaked by.

If you cant get online, youre stuck with the tools built into Windows XP. Your first step is to reboot into Safe Mode. This will prevent much of the software on the system from loading, including whatever might be causing your problem, but will still leave you in a position to correct it. To get into Safe Mode, press F8 as soon as your system beeps on boot-up and select the appropriate option from the menu that appears.

One way to get back to a working state is with System Restore, accessible from Help and Support on the Start menu. Unless youve told it not to, Windows periodically saves the system state so you can restore it relatively easily. System Restore undoes changes such as program installations, intentional or otherwise, but leaves your documents and most other changes untouched. Its a rather coarse tool, though, and you might want to avoid endangering other changes youve made—or perhaps youve already disabled it.

A better way may be to take a surgical approach to cleaning your Windows start-up. There are a dizzying number of ways, which malware can exploit, to start programs when Windows boots. Windows XP comes with two programs you can use to check whats launching at boot time.

The better program for viewing the information is System Information, located in the System Tools section of the Accessories group on the Start menu. Click on Software Environment, then Startup Programs. Youll see a list of the programs that start with Windows, including in each case the actual program location and parameters, the user name under which it is run (or an indication that its run for all users), and the location of the command to start it with Windows—either a Registry key or a folder.

But what are all these programs? If you have another system that can still get online, or a friend to help you over the phone, you can search a database of start-up apps at www.sysinfo.org . If not, youll have to guess, based on each programs location and the trial and error of removing it.

Unfortunately, System Information is read-only. You cant change the settings. The safest way to proceed is with Windows System Configuration utility (click on Start, select Run, then type msconfig and press Enter). The narrow window is not resizable, but you can double-click on the column separators to make them fit the width of the data. Click on the Startup tab to reveal a list of programs with much of the same information you saw in System Information. Uncheck the programs you want to disable, close the utility, and reboot and those programs will not load.

If this hasnt gotten you back online, your problems may lie in Internet Explorer. These difficulties are often caused by programs called Browser Helper Objects (BHOs). They plug right into IE, adding toolbars and changing behaviors, often for the worse. Many tools for removing BHOs exist, but without Internet access theyre probably not available to you. You do have Windows Registry Editor, through Start | Run | regedit. (The instructions that follow require you to know what youre doing in Regedit. If you dont, you run a serious risk of making things even worse.)

Click on Start | Run and type regedit to start. Browse on the left side to this key: HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows\CurrenTVersion\ Explorer\Browser Helper Objects.

The keys that youll see each have a class ID (usually written as "CLSID"), which is a 128-bit value like {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}. Each of these keys corresponds to a BHO loaded by Internet Explorer; a feature at www.sysinfo.org identifies the BHO that corresponds to each CLSID.

You could prevent Internet Explorer from loading BHOs by deleting them from below the Browser Helper Objects key, but we wouldnt advise it. Just right-click on a given BHOs key, select Rename, and add NOLOAD or the like to the front of the key. This will stop the BHO from launching and is easily undone if need be. Quit Internet Explorer; when you restart the browser, it should be BHO-free.

These steps may not be a cure-all, but they should be enough to get you back up and running and online.

Larry Seltzer is the editor of eWEEKs online Security Center.

Check out eWEEK.coms Desktop & Notebook Center at http://desktop.eweek.com for the latest news in desktop and notebook computing.

Rocket Fuel