Rescuing a Windows Box

I don't write about geek stuff very often on this site because that is not really what has my passion, but it is something I've been doing for several decades now, and most of that time as a profession. So every now-and-then it is going to happen. Last night my brother called me up with computer problems, and together we walked through a few simple steps over the phone which got him up and running again after a bit of work. Turns out he'd clicked on a friend's link in Facebook, and this put a Trojan Horse on his computer, which in turn blocked his PC from accessing the Internet. Damnation! Here is what we did to rescue him - some simple steps that will probably help a lot of people out there.

The first thing I wanted to determine was whether or not local networking was functioning. He has a hardware router installed, and both his Windows PC and his son's Wii use the router to access the Internet. He already told me that his son's Wii was still able to access the Internet just fine, so the problem was not with the router.

The first thing you need to do is get yourself a DOS prompt, or command prompt. If you are using "Classic" menus in Windows, then you go to your "Start" menu, select "Run", and then type in "CMD" and hit Enter. You'll then have a black command prompt open on your screen. This will let you do some simple debugging. But in order to do that, you first need to find the IP address of another device on your network. Note that this article probably will not be of much use to anyone whose modem connects directly to their PC - sorry.

You should know the IP address of your router. If you've forgotten it since you installed it, then if you have a gaming system connected, you should be able to go into the network settings of the gaming system to find out what it's IP number is. It will look something like this :

Now from the command prompt, type "ping". It should give you a bunch of mumbo jumbo information that you probably will not understand. Look for one bit that tells you about "packet loss". There should be 0% packet loss. And the transit times listed should be in the range of about 1 millisecond (ms). This is a normally functioning network. If you get a lot of packet loss, or really high times, you may have an issue with your network card. What you would do in that case is if your network card is on the motherboard (most likely), you would reboot and go into your computer BIOS and look for the option to disable the on-board network card. Do that, then toss in another network card into one of the slots (if your PC has them, if not, you are screwed). And Bob's your uncle.

My brother's network was working fine to other local hosts, so we knew the hardware was fine. It was looking like a virus of some kind. I asked him a few simple questions like : who has Administrator access to this PC? I recall when he bought it, I told him to set up accounts for each family member, and make sure that he is the only one with Admin access. Fortunately he did do that and stuck with it, so we knew right away that whatever happened to the PC, happened while he was using it. When I said that, a light bulb went off over his head - he recalled something strange happening on facebook, and thought at the time it could have installed something on his system. I told him that whenever I see a friend on facebook whose account has clearly been hacked, I send them a message telling them that I'm unfriending them because they were hacked, and if they get things sorted out they are welcome to friend me again. Does not matter who it is or how close a friend they are - facebook is a dangerous place for stuff like that.

My next question was : do you have anti-virus installed? Busted! He did not. Oi! So how were we going to get some anti-virus software on there? In my house we'd just use another PC to download it, then burn it onto a CD and put it onto the infected machine. I also keep a copy of the Ubuntu Live CD on hand, which let's you boot right off the CD no matter what has happened to your PC. No luck with him though.

Luckily my Windows Skillz were not too rusty, and I recalled that Windows has "Safe Mode" as well as "Safe Mode with Networking". Safe Mode in Windows basically just enables the bare minimum of the Operating System, which normally allows you to do debugging and repair like this. I was betting that the latter would work for him, and get him online long enough to download some free anti-virus software that would get things going for him. I was not exactly sure how to force Windows into safe mode, but a quick google told me to keep hitting F8 while the PC is booting, and you will get the menu which gives you these options. Sure enough, it worked and he booted to Safe Mode with Networking, and was able to use his web browser to download a copy of Avira Antivirus. The URL is really easy to remember -

He got that downloaded just fine - the version that is free for home use. But soon discovered that Safe Mode would not let him install it. That was easy to fix - he just rebooted and let normal Windows come back up, after which he was able to install Avira. He just chose the default options, and as part of the installation it found a couple of Virii and wiped them out for him. Bingo - everything worked fine again. When I install Avira I always take the Custom install, and selected most of the defaults except one. I forget the exact wording of it, but it asks you whether you want to do a "deep install" or something like that, and explains that this option is able to protect you against more types of virii, but results in a slower boot of your system when you boot it up. I always choose the slower boot because it gives you more protection.

It took a few hours for Avira to do a full scan of his system, but this morning he reports that everything is back to normal.

Not bad for a Linux guy, eh? :-)



I have the same problem - many people I know are on the Windows platform but we are all Mac at home and portable. Windows at work as well... helps to keep your skills up and running for the inevitable 2 hour call from the BIL in edmonton ;-)