So here is a question for everyone, When you beta test software such as IE8 or Firefox 3.5, do you have a special machine to load them on, how long to you test them for, and what do you feel the best practices are?

I have been remiss in doing a lot of beta testing mostly because I don’t want to loose any access or break anything on my machines, so I fifugred I”d ask around so I can give better reviews on this blog.

So it seems that we have a real nasty couple of viruses (virii?) that came out in the last couple of weeks. The Virut.CE and Virux viruses are two of the worst viruses I’ve seen in a long time.

You see, I spent the better part of evenings in the last week trying to remove the virut.ce one from a friends laptop. The issue is that, even if you clean it completely off, you will need to do a repair install of Windows and reinstall every other program on the machine. Why you ask?

1) It adds code into normal executables. I’m talking explorer.exe, svchost.exe, and any other .exe file it can find.

2) It destroys the Software hive of the registry. This alone means you would need to restore it from the repair directory. Unless you have a recent backup of the hive safely off the machine, you loose just about any registry keys from software on your machine and have to reinstall them

3) It keeps coming back. Every tool from Kapersky to Malewarebytes winds up finding it, trying to remove it, and yet it still comes back.

4) Initially it prevents access to task manager and explorer. This is partially because of the Registry infestation.

5) It hits flash/external usb drives. If there are executables on your external or flash drives, you are screwed. scan them and if its on them, format them.

6) It Will spread over your network! If a machine is infected with these monsters, unplug its network connection immediately. It will infect network shares and spread across your network.

It is a pain to wipe and reinstall systems, I know, but there are a few things you can do to make it a little bit easier.

1) Use a boot CD and a clean external drive. Booting off a Linux or Windows boot cd (BartPE, ERD Commander) You can at least transfer documents to an external drive. Booting off the CD also means you won’t be activating the virus, so you are safe plugging and external in.

2) Format the drive and delete the partitions using the Boot CD. This helps insure that you don’t have it sitting in memory, and that the drives are clean. I recommend formatting the drives first, then wipe the partitions, then go ahead with the reinstall.

3) Remove all power from the machine for 5 minutes before starting the reinstall. This makes sure your memory has been cleared out.

I don’t know what joy people get from writing such destructive things. I do know that while its not really celanable, the latest virus definitions for your antivirus will stop it before it starts, which hopefully will help mitigate it. Also it seems that it comes through html intially, which means any site could unknowingly be hosting it.

The Virus itself opens a back door to an IRC network, where your machine will be loaded with all other sorts of nasties. And so you all know, my friends machine initially was taken down by this monster within 5 minutes of being infected. Yes, totally infected and downed inside of 5 minutes!

Hopefully you don’t have to deal with this for a friend, let alone a client network.

So, being in the world of IT, there are many hats we all tend to wear. Sometimes many at once, sometimes at different times. Within all of the different hats there are certain things that stay the same, and can make each of us better. Here is the list of things I tend to do to try and make life easier, not only on me, but on my clients and company.

1) Plan Plan Plan! I can’t stress enough how important a good plan is for anything. Whether it is a move (physical or jsut moving shares), a new deployment, or even trying to fix a problem. Having a plan of attack will always make things go smoother.

2) Keep an open mind! We as techs tend to keep our sight narrowed, but this honestly is one of the worst things we can do. Closing your mind to the possibilities, no matter how far out they might seem, limits us, and can cause problems down the line. A great example was years ago when I was learning how to build machines I spent 6 months trying to figure out why I was getting no sound. The one thing I didn’t try until I was cleaning up my work area was making sure I had the jacks plugged into the right spots. Turned out I have the mic plugged into the speaker spot and the speakers pkugged into the mic. My narrow focus on a hardware problem cost me a lot of time and wasted energy.

3) Think of worst case scenarios! If you think of all the things that can go wrong, come up with what you would do if those things do happen, things will go a lot more smoothly. Not only will it save you time, but you will come out looking even better in the end because you thought things through. As a rule of thumb I always add time beyond what it should take when planning out a project as a standby in case things go wrong. As Scotty from Star Trek Said about multiplying his repair time estimates by 4, “How else do you think I got known as a miracle worker?”

4) GOOGLE!!! It never hurts to google thoughts and ideas. You can come up with both potential issues, find out if people have done things the way you are planning, and other ways to complete a project.

5) Check and Double Check everything before you start! Just to make sure you didn’t miss something. Ona recent in house project not only did I map everything out, but I went over the mapping 5 times to make sure I knew everything inside and out before I started.

Using these sorts of guidlines will not only help make you  a better IT guy, but in what can be a thankless job, will make you look great to your bosses and the people who count!

I can’t express how important it is to make sure you not only document your network, but what a pain it is when you don’t.

6 weeks of planning and having to map out Active Directory comes to a head for myself this week as I take care of the last parts of the redesign. Of course a lot fo this time could have been prevented with the proper documentation.

And I don’t mean just listing out what harware you have and how its connected. Active Directory, Network Shares, Security on the shares, all of it should be documented. Not just in case you need to change things, but to show what work has been done, so others can understand what has been done, how things are set up, and more importantly why they are done that way.

It also help out when trying to track down potential causes of issues. It doesn’t matter if its SBS or not, it should be done. Use Visio, make a network notebook, whatever floats your boat, but just do it

So it seems that a company called Beyond Trust did a little research into Microsoft’s disclosed vulnerabilities, and found that 92% of them could have been avoided if people didn’t have Admin rights.  You can read the full article at Computer World.

Honestly, I would have thought it was quite obvious that this was a big problem. Even with the UAC in Vista and Windows 7, it is a problem, and Microsoft just won’t admit to it.  Someone needs to hit them with a clue by four I think.

So, as I was at work today, I got a call to go out on my 7th virus removal in the last 6 weeks. Yeah 1 a week at different clients does seem a bit much, but considering how skittish people are at running Windows Updates, things like this happens.

To those who want to know what I tend to use to clean machines of malware, let me tell you.

First off turn off the System Restore. Malware loves to hide there and it is nigh impossible to clean out of the restore points. Kill them, get rid of them.

Now then the software I use includes Ad-Aware, Malwarebytes, Spybot, and HiJack This. If possible keep these programs with their latests versions on your USB thumb drive. They are invaluable.

Make sure that they are as up to date as possible (yes sometimes you need to run them without checking for updates cause the malware will prevent updates from being downloaded) in safe mode.

Just remember google is your friend in these instances, and removal of the malware can take a long time. If you can just wipe and reload the machine, that of course is the preffered method, but use your own judgement.