I think this is going to be an ongoing thread. I’m gathering my tools and taking it a little at a time.

The essential problem I’m working with is my wife’s Windows XP based system. She uses it primarily for games and she’s running slow. I COULD simply strip it down and rebuild it, which would be a hassle and wouldn’t teach me anything, so I’m going to work through it more slowly to see what I can find. I’ve worked inside Windows before on low level routines and Windows based software at a pretty raw level. I’ve also edited the Registry on systems before this and worked at very low levels down to the hard disk. This will be different because I need to check the computer for possible infection. Did something slip past our protection?

—–

SIDE NOTE: I should point out that I’m not religious about operating systems. I work daily on my Macbook Pro where I run OSX of course, but also Windows (98, XP, & Vista), DOS, and Linux (Ubuntu & Knoppix). I’ve written at the OS kernal level in Unix, Linux, & DOS, at the driver level on Windows, and consider any or all of them as tools to get the things done that I need to do. Most of the clients I work with are Windows-based, so Windows is particularly important to me. Many of the tools I use are ONLY available on Windows, so again it’s important to my work. While I’ve worked in literally dozens of languages (C, C++, FORTRAN, BASIC, Pascal, Forth, Smalltalk, and more), right now I’m mostly working in Ruby and Python and writing web-based applications. Working through the low-level Windows stuff will be a good chance to refresh my memory about what goes on there.

—–

We have pretty strong protection on the system with a ZoneAlarm Firewall and AV software enabled. It’s needed because my wife is decidedly NOT a computer person. She doesn’t want to worry about it. It’ll be a good test bed for some experiments on working over the machines.

There are several tools I know I’m going to be using:

Process Explorer - available at

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

This incredibly handy software lets you look at what’s running on the system. You can select a process and right click and do a lookup for it on the Internet to find out more about it. I download it onto any Windows system I’m working if I can to help me identify what’s going on beneath the surface.

Knoppix - a Linux system designed to run from CD. For some of the work, I’ll boot the machine into a Linux system and use it to scan the disk from a position where even the most clever virus software can’t affect me. I can also do other things from there as well to check the Windows system itself. Knoppix is available at

http://www.knopper.net/knoppix-mirrors/index-en.html

I downloaded a 700Mb ISO file that I burned to CD to turn it into a bootable Linux disk. Once I’m ready to work, I’ll need to get a virus scanner loaded and updated to check the Windows system with. Once I set it up, I tested the disk on several of my Windows systems to make sure it worked OK and I could get the virus scanning software I needed.

I’ll spend some time explaining things in more detail as I go along, but this gives me a starting point.