K2 Enterprises 109 South Cate St Hammond, LA 70403 Voice: 1.985.542.9390 Fax: 1.985.542.9339
More choices and better solutions for your CPE needs!

PC Cleanup War Story
January 2006
Will Fleenor, CPA, Ph.D.
Partner, K2 Enterprises

Recently I spend many hours cleaning up a seriously ill PC.  If you run across this problem some of the following may be useful. As IT professionals who deal with these situations daily know, it takes much more than anti-virus software and anti-spyware to clean a bad machine.

Results:

§        871 Incidences of Viruses
§        7765 Incidences of Spyware
§        1512 Bogus IE Add-ons
§        1741 Registry Problems
§        36 Critical Updates needed to loaded before Windows update would install SP2
§        Many more Windows updates after installing Windows SP2

 The PC had Norton anti-virus software running.  However, the virus signature subscription expired 4 months ago. Microsoft Anti-Spyware was loaded and running fine although it clearly was not up to the challenge.

1.      First I attacked the viruses. I ran the trial versions of BitDefender, CA’s eTrust, AVG Anti-Virus, Trend Micro’s PC-cillin Internet Security, and F-Secure Anti-Virus.  Each time I unloaded the previous anti-virus software before load the new anti-virus software. I did not try a new version of Norton anti-virus both because it has rated so poorly in recent reviews and because we have found it to be a real resource hog.  IMPORTANT! Always unload Norton Anti-Virus before attempting to load another anti-virus software solution.  Failing to do so will likely lock up your PC.  BitDefender was first and just could not get everything although it saw lots of the viruses it could not get out of memory.  Each successive product found more viruses. Only F-Secure got everything. F-Secure from F-Secure Corporation http://www.f-secure.com/products/anti-virus/fsav2006/ is a top rated product that combines anti-virus with top rated spyware, an idea that is long overdue. http://www.infoworld.com/article/05/09/19/38FEspy_1.html  To the best of my knowledge, it is also the only one of the top rated products that also spots rootkits. F-Secure is the company that discovered the Sony BMG rootkit. They are headquarters in Helsinki, Finland, and have offices in the USA, France, Germany, Sweden, the United Kingdom and Japan. I am extremely impressed with this product.  You will find the report after a scan very useful.

2.      Spyware. Microsoft’s free AntiSpyware product appears to be inadequate at this point, at least in extreme situations like this one. This is consistent with what the trade publications have been saying for the past 4 months. Spy Sweeper from Webroot has been the top rated product in many recent reviews and did find 7721 incidences of spyware that Microsoft AntiSpyware missed.  However, F-Secure found even more. None of the products removed all the BHO add-ons to Internet Explorer.

3.      Windows Update took forever. Loaded 5 patches before update would even run. Loaded 36 patches before Service Pack 2 would load. Loaded dozens of patches after SP2 loaded. To Microsoft’s credit, everything went smoothly. It just took a lot of time.  That is the user’s fault (an not Microsoft’s) because they were not following Microsoft’s recommendations with respect to patches. 

4.      BHO add-ons to Internet Explorer. There were so many that it was taking over 30 seconds to open IE and often it would not open without rebooting the computer. The Add-on manager in IE will not delete add-ons and requires you to turn them off one at a time. An unreasonable task when you have over 1500. Using newsgroup postings (use Google to search Groups and not Web pages) I found a product that Microsoft MVPs recommend called ToolbarCop. (http://windowsxp.mvps.org/toolbarcop.htm). It was a great tool that allowed me to select multiple add-ons and disable the entire group or delete the entire group. Unfortunately it would not load until I cleaned up the registry errors.

5.      Registry errors.  Over 1700 including lots of stuff that was keeping programs (like ToolbarCop) from loading properly. Once again newsgroup recommendations provided a good solution. Registry Clean Expert http://www.registry-clean.net (free download but the free download only fixes two problems each pass so I had to purchase the full product) did the job.  Excellent product. It not only fixes registry problems and cleans the registry but also provides an excellent interface for managing startup DLLs. Highly recommended.  Be sure and go to registry-clean.net and not registry-clean.com.

The machine runs great (at least until the user gets it back). It was a good learning experience.  In retrospect I should have flattened the machine and started over.

Conclusion:  These issues were a nuisance (rather than a danger) in this case because the machine belonged to a college student that does not own a credit card.  The level of the mess was clearly exacerbated by the way the computer was being used.  However, all the threats are real and are security threats that business users face daily.  Trojans and key loggers can capture and communicate to hackers sensitive and confidential business data, passwords, credit card information, and much more.  Reasonable assurance in the area of security can only be achieved if everyone (including end users and not just IT staff) is trained and involved in keeping their computer systems safe and clean.