Discussion on:

What is on your recovery/utility CD?

The recovery/utility disk has been a mainstay of IT support and network administrators from the beginning. These disks are important whether you are working as a professional or just fixing your parents computer so they can see digital photos of their grandchildren.

But the question is, with the storage capacity of CD-ROMs and thumb drives these days, what do you put on your recovery/utility disk now?

Is there a standard set of applications that we all agree should be included on a recovery/utility disk?

I'd put a Linux mini distribution on it with full file system support. There are several nice packages that fall around the 200 Meg range (FIRE, Morphix) which leaves plenty of space for other utilities. I'd also recommend Spybot, fport, vision (same company as fport), and tools along those lines. A good command line virus scanner, or links to a web based one (I use trend micro?s) is a definite plus. It's going to be different depending on what your company is running, too.

I carry at least 2 CD's with AdAware, Spybot S&D, Spamihilator, AVG AV, Win2K SP4 and SP3 (just in case SP4 bombs), NAVCE 8.0 with latest updates on 4 floppies, and of course FDisk, Format, etc. I also keep an assortment of network diags, monitor drivers (yes, I periodically download them from manufacturer's sites) NIC drivers, Partition Magic, and the list goes on. One of the CD's is a "give away" to my clients with AVG, AdAware, Spybot S&D and Spamihilator. The cost is minimal, but the returns are great! I can't count the number of small businesses I've gotten contracts with just because I gave them something before we even talked about service contracts. Each tech/support/analyst will have their own favorites. Hopefully, we can all learn from each other and carry those tools with us that we need. There'll be separate tools for UNIX (and all it's flavors) and the wonderful world of Windows.
Look forward to following this discussion.

Good list. Another very handle tool I havn't seen listed is Iolo's System Mechanic. great for cleaning up registries after alot of service (After all the sypware, adware, virus removial"

This was free until recently. Same people who put out Reg Cleaner. Still the best registry tool bar none and well worth its price of less than $30

The list is getting better I also add "PC Bug Doctor" and ComExplorer I use in some cases...

I agree with "tshanks", each of us working on the IT universe certainly has our own set of tools and utilities carried on in CD, floppies, and in same cases still ZIP disk. I live in Brazil, and has travelled from great to small towns. For more than 25 years I lived at Sao Paulo city the major towns of my country, but I am involved with computers late 1973, and on the PC?s world since 1983. Always I treated the computers users like want to be treated, with responsability and respect, and with extreme confidentiality. What I see on the disk, I am not looking into. And in all this years, I never forgot to give to any client, friend, friends of clients a good support, good suggestion and also a complete set of indispensable freeware tools, what I call of "survive tools". And teach each one how to do simple things to have the computer in order, with a minimum of troubles when they happen.

So, Recovery and Tools CD, is a metter to be discussed. Currently I am working out how to implement a boot CD to be used not only in emmergencies, but also as start in any new hard disk installation. A great number of PC in Brazil still is using Win98SE, few using Windows Me and in some cases Windows 2000 Pro. Windows XP Pro is coming, but the users has some difficulty to learn how to manage them. And the changes of HD, still is highly used for Win98SE/Me.

While boot CD is quite common, I still also use a set of floopies, mainly when I need to do some BIOS update.

Thus, my Boot CD and floppies include the same set as your, but with some other tools, like AFDISK, PARTManager, some tools for network usage, password recovery etc.,

It's great to think another tech thinks of giving a tool cd.

I gave my Knoppix 3.4 live cd away. They are always amazed when they saw me using it to access their harddrives, copy files out, etc. Even amazed when they sawme surfing internet to download files, email, etc with their broadband connections. Also type letters and spreadsheets with it.

I carry a Knoppix 3.4, one cd with spybot s&d, adaware, spysweeper, latest Firefox 0.9.3 and latest Mozilla 1.7.2, Stinger on a boot floopy disk, a win98se boot disk, a win XP boot disk. I also carry a spare 40Gb harddisk to copy their data.

Hung

I actaually have a handfull of cd's to take to end users when problems arise. First, I have a linux tool to reset the admin password. Next, I keep a copy of XP SP1 handy for SFC.exe, and other problems (recovery console, etc.). I also have a cd with all of the boot files, and much of system32 and windows dir. Then I have a cd with many utils, including spyware cleaners, outlook fixes (scanpst, pstbackup, etc), shortcuts to great locations, specific M$ patches, and AV tools (like sasser fix). I have 2 cd's with drivers for the most common systems here, and network drivers and video for others. These are the Must Have's of my job. Aside from that I still keep good ol floppy boot disk for win ME and a secure drive eraser/scrubber. Other tools on another disk are for specific updates for the apps that we use in the department

Sounds like some great programs. I would love to have a good recovery and utility CD myself. If any of you have a good one send me one or the links to download the files. I have purchased a few on E-bay that seemed like a waste of time. Send what you think is good to me. I especially like Tshanks free one he talks about. Any help appreciated.

Mike Hughes
303 N. 1st Street
Wilmington, IL 60481

The best tool I start with is Bit Defender's LinuxDefender_Live! CD - it is a bootable CD that can scan, remove and repair viruses on Windows systems and you also have a wide range of tools available on the CD. The CD is based on Knoppix so it works on just about any current system. The link is:

http://www.bitdefender.com/bd/site/products.php?p_id=40

Thanks Steve. Just what I am looking for.

Hung

I'm at a not-for-profit homeless facility where money is pretty tight. So I make do with donation 98 PCs and a small group of indentical XP's that were a group purchase. Therefore, I have one set of tools for the Win 98's and another for the XPs.

For the XP's, Norton Ghost and an USB external hard drive are God-sends. And every so often, I'll Ghost my own XP as I'm always adding something here and there and it's nice not having to reinstall the (rather *remember* what the)whole kit-n-kaboodle (is.)

In an old black Dell Poweredge CD case, I keep a coupla 98SE CDs, assorted NIC driver CDs, a coupla boot 98SE floppies, and a coupla Ghost boot floppies. Oh, and Publisher 97 CD which I load from CD rather than the network(yeah you read right, remember this IS a NFP) othewise it would take forty-forevers. Most everything else is on the network shared folder. And it rarely takes long to get a NIC to talk TCP/IP which allows it to get a TrendMicro scan before I install the Novell network client. I should setup a bootable catch-all CD with XTerminator, Spybot, et al on.

I provide staff with bug removal CDs, but never thot about having one to take home with XTerminator, Spybot S&D, AVG, Netscape/Firefox, etc. on it. Thanks tshanks for a great idea.

TB Brickster, and others:
check out techsoup.org, a donated software (and some hardware) portal for for non profit entities...

My cd's include WINPE (presintallation environment) which is analogous to windows xp live. You would be amazed how much quicker it is to remove spyware when the computer booted *Not from it's hdd* and therefore no c:\windows\system32\ stuff is in use. Run adaware se and webroot spysweeper at the same time... sounds strange but you are trying to get it done in under an hour.

OR use the native windows xp environment from WINPE, which supports most hardware to network backup the important files, and then reformat/reinstall software.

Go to : http://ultimatebootcd.com also get JV16 Power Tools for registry cleanup. There are other diagnostic utilities you can download, the freebies are as good as most of the commercial products.

You can get it (along with some other good stuff @ http://www.lurkhere.com/~nicefiles/

Warning: Do Not make changes using Hijackthis! unless you know what you're doing. It is better to save the log and send it to an expert before deleting items.

There's a nice Quick Start Guide for HJT @ http://s89223352.onlinehome.us/mirror/hjt/

I have seen HiJackThis mentioned several times in discussions regarding spyware, etc. What does HiJackThis do that Spybot S&D and Ad-aware don't?

Perhaps someone can give us a quick review of what it does, how it works, and why you need it in addition to the other apps mentioned already?

I keep a copy of KNOPPIX handy. It's a bootable Linux system with a suite of tools, including Mozilla, which you can use to rule out hardware issues and download other utilities. It does not install itself on your hard drive; instead, it decompresses its core into a memory partition it creates on bootup. Consequently, I can use it to test out Windows PC's as well as Linux boxes in case of problems, without actually writing anything to the hard drive (just in case...).

Absolutely the best hard disk recovery software known to man. Sometimes will even recover data from sectors marked BAD by Windows Scandisk. Works on ALL hard drive formats from ALL Intel/AMD PC operating systems (and MacIntosh HD if attached to a PC. And TiVo.) I have it alone on a bootable CD and it is my first line of attack whenever I run across hard disk problems. It is not free, but the first time you recover lost data, you will forget how much it cost ($89).

www.grc.com

Other security related utilities also available at that site.

One that I would include would have to be Belarc Advisor, just so you can get a good idea of what hardware and software are installed on a system. It's also great for doing audits of your company's PCs.

We have a Norton System works 2002 disk for win doctor and disk doctor ofo of the cd, revealer, atomic dog, the installer for Adobe reader and Winzip as well as a W98 disk. I have Checkit5 on disk, but would LOVE to have Checkit 4,(the on floppy that boots, to checkout hardware and system boards. We've bee considering buy check it topermanently install on a 4 gb W98 hard drive.

I created a couple of checklists that I use to battle spyware. Despite that, I still have to manually edit the Windows Registry on occasion to get rid of some nasties such as WinTools, KeenValue, and Incredimail (Incredi-anything). Here are my checklists:

Spyware Removal Checklist

1. Boot into Safe Mode with Networking (some spyware can only be removed in Safe Mode).
2. Open Add/Remove programs and remove any application that both you and the principal user do not recognize or deem to be spyware.
3. Launch HijackThis and click the Scan button. (WARNING: Reference the HijackThis tutorial
at http://www.spywareinfo.com/~merijn/htlogtutorial.html before removing anything.)
4. Install Spybot Search & Destroy, update it, and run it on the infected system.
5. Install Ad-Aware, update it, and run it on the infected system.
6. Reboot and run both Ad-Aware and Spybot again until the system is clean.
7. Launch Internet Explorer and browse the Web to verify Winsock was not broken while removing
spyware. If you cannot browse the Web, run the WinSockFix utility and perform another Web test.

Spyware Prevention Checklist

Consider using Firefox for all web browsing unless functionality of business critical web applications require Internet Explorer. If you can use Firefox exclusively, then steps 2, 3, 5-9, & 11-15 still apply.

1. Open Internet Explorer, click Internet Options, click the Security tab, and click Default Level on each Security Zone.
2. Install all Windows Critical Updates.
3. Install Spyware Blaster and click the link to Enable All Protection.
4. Install a recognized popup blocker such as the Google Toolbar.
5. Either manually disable the Messenger service or run GRC's Shoot the Messenger applet.
6. Either manually disable the Universal Plug & Play service or run GRC's Unplug & Pray applet (Windows XP Only).
7. Run GRC's DCOMbobulator, click the DCOMbobulate Me! tab and then click the Disable DCOM button.
8. Execute DSOStop2 and click the Protect Internet Explorer button.
9. Execute HTAStop and click the Protect Internet Explorer button (Windows XP Only).
10. Install IE-Spyad.
11. Run GRC's SocketLock utility.
12. Test browse the Web.
13. Rename the default Windows Hosts file located at %windir%\system32\drivers\etc and place the Gorilla Design Hosts file in the same directory.
14. Test browse the Web. If it is significantly slower than the first test, revert to the original Windows hosts file.
15. Educate the principal user on Internet best practices.

Ad-Aware - http://www.lavasoftusa.com
CWShredder - www.spywareinfo.com/~merijn/downloads.html
DSOstop2 - http://www.wilders.org/downloads.htm
Firefox - http://www.mozilla.org/products/firefox/
Google Toolbar - http://www.google.com/options/index.html
Hosts File - http://accs-net.com/hosts/get_hosts.html
HTAStop - http://www.wilders.org/downloads.htm
IE-Spyad - http://www.pcworld.com/downloads/file_download.asp?fid=23332&fileidx=1
Shoot The Messenger - http://www.grc.com/freepopular.htm
SocketLock - http://www.grc.com/freepopular.htm
Spybot Search & Destroy - http://www.safer-networking.org/en/download/
Spyware Blaster - http://www.javacoolsoftware.com/spywareblaster.html
Unplug & Pray - http://www.grc.com/freepopular.htm
WinSockFix - http://www.spychecker.com/program/winsockxpfix.html

Very good list Pea. Glad to see Firefox at the top. All users are on Netscape with one Opera holdout. I've pretty much got the list of Firefox extensions I want all users to have, just need to figure out the drill to put it and Thunderbird in an install setup. Yeah, I know the info's on the web and will do it in my copious amounts of spare time.

Thx for DSOStop2 and HTAStop, gotta check them out.

Just did a regular cleaning on a customers computer (I set up the unit 8 months ago-complete re-format), and though all three of the spyware removal tools that I normally use (Adaware 6.0, Spybot Search & Destroy, and Swat..W/of course a final check w/ HijackThis).

It finally came up clean after numerous runnings of each tool, I knew there was something left as it still wasn't up to the previous speed and Adaware was still reporting a browser hijack attempt from a file and a file copy in C:\Windows that it just couldn't delete except on startup and it wouldn't run the scheduled Adaware scan on startup . Downloaded Bazooka Spyware Scanner and sure enough it found the offending spyware program and file(s). Bazooka isn't an automatic spyware remover and doesn't find/or look for everthing of course, but the manual removal instructions are to the point, and very complete. After using it multiple times where other scanners fail I would highly rec. the free utility now to add to that list.

I would add also SpySweeper to that list. One of the best according to PCMag and I agree.

Agree entirely, Bazooka is one of the specific tools that is VERY handy. Toss another one at you, Mcaffee's free Stinger (in safe mode) as an occasional lifesaver.

AdAware (Free)
Spybot Search & Destroy (Free)
Spywareblaster (Free)
IE-Spyads (Free)
Bazooka (Kephyr)(Free)
Sygate Firewall (Free)
AVG Anti-Virus (Free)
MRU Blaster (Free)
XenTweak (Free)

Stinger (Mcaffee, Free)

Use of Avast anti virus tool is highly recommended.

Always run a thorough scan.

It is more effective than many well known AV software. Updates to virus definition files are free twice a week.

I Use Ad Aware, Spy Bot and Avast all one after the other at boot time and every 4 hours thereafter.


asoorma5@operamail.com

I had this posted on the wall of the repair shop, as it's easy to forget.

#1 Before we do ANYTHING, IF the computer is running Windows ME or Windows XP, disable system restore! Otherwise Windows 'helpfully' keeps a copy of the problems in the system restore folders and will keep re-infecting you from there.

Spyware forums will all tell you to run your scanners first, Hijack This LAST. You don't have to wade through as much crap that way.

CWShredder is no longer supported or updateable, the fellow running it gave up. He's a college student and didn't have the time to keep up with it, or the DDoS attacks that kept shutting down his update sites.

When running the virus scans, on systems that don't have virus scanners installed (heaven forbid, but they're out there), I'll put in AVG on their behalf (I recommend upgrading to the end user), then run the Housecall Utility at Trend Micro.

Sounds weird? Well I find that no ONE virus scanner gets them all, but when Housecall goes through the system, it will find things that AVG won't, The process of searching will activate AVG when a virus or trojan is found, and invariably AVG will find ones that Housecall doesn't.

To help find hidden background processes, I highly recommend a sweet (free) little utility called RegCleaner by Jouni Vuorio. This tool will allow you to see (and remove if you wish) everything in the startup list without having to mess with the registry. Once all the scans have been done, I use the 'registry clean' function to remove any leftover invalid entries. I've used this program on hundreds of computers and have NEVER had it mess up the registry. It's also great for manually uninstalling malware that just won't come out.

Follow all of the excellent advice given by everyone here, and at the end of it all, re-enable system restore in XP and ME systems.

Also, if you DO use free scanners, please donate to the authors so they can keep helping us fight this spyware war! Build the donation into the cost, if you must, or ask the client to donate.

Regards,
Gryf

Gryf,

You're absolutely right about running HijackThis last. That was an oversight. I also agree about using RegCleaner. In addition to RegCleaner, I have run two other utilities for cleanup after spyware removal since RegCleaner doesn't catch it all:

HDCleaner from Kurt Zimmermann Software- http://home.tiscali.de/zdata/mainpage.htm

CCleaner (Crap Cleaner) - http://www.ccleaner.com/download114.php

In addition, if you use a HOST file to block spyware, also use eDexter. It will speed up your downloads and replace the empty boxes that occur when you use the Hosts file to block ads:

http://www.accs-net.com/hosts/eDexter.html

If anyone has positive or negative input on those utilities, I would like to know.

Your response was both well thought out, and professional. I'm a retired high school computer science teacher who has an A+, and worked for CompUSA as a tech for several years. When I taught I had checklists too. They help on Monday mornings especially, or in my case for a substitute if I was "sick" that day. The URL's at the end were icing on the cake. You took the time out of your busy life to save us all the time in ours. BRAVO!
**Hats Off To You, Dude!**

Thank you. I use those checklists at work. Now, as Benjamin Franklin quipped: "Gentlemen, we must now all hang together, or we shall most assuredly all hang separately." Further, "An ounce of prevention is worth a pound of cure."

I have been battling spyware for nearly three years now. First at a local financial corporation and now with the US Army. It began with annoyances such as Gator and Bonzai Buddy. Now, the problem is a virtual tidal wave.

I'm constantly browsing the web for tips to combat it. I contacted the Army RCERT about the issue and there is no approved removal tool. Consequently, I went vigilante and now use those cheklists daily. I failed to say that with a really intense infection, I run Pest Patrol as well as Ad-Aware and Spybot.

Good luck, guys. Thanks for your responses!

I won't argue your points, (though I do it differently).. But: HTAstop breaks the Add/Remove Programs module on (my)Win2k systems. Yes, I saw you said 'XP only' but a bolder NOT FOR Win2K' might be advised.

As well, I (personally) use SpywareBlaster for passive protection. Don't Use the Google toolbar or Firefox.

Do my registry tweaks through XenTweaks' GUI as it works.. Have tried the things you recommend, they're a matter of taste. We wind up at the same place nearly.. Check out XenTweak on a newly installed XP system sometime, and decide for yourself.

There's a lot of spyware hunter out there. But there are not no-brainer software. Some found items are not really spyware. Try also Security Task Manager to see all running background programs & drivers incl. security rating (http://www.neuber.com/taskmanager)

neuber

Nice little tool, thank-you.

I?ve been totally beaten by the inability to access certain sites on the net. I?ve checked the usual culprits in IE6 and tried Firefox instead but one quick download of WinSockFix from your complete list and the job was done.
I?m only a one man band but TechRepublic articles like yours are an immense help.
Thanks again

I use and recommend Spyware Blaster http://www.javacoolsoftware.com/. It prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests;
Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox;
Restricts the actions of potentially dangerous sites in Internet Explorer. There is a link to Spyware Blaster from the main Spybot user interface page. It is Freeware for manual updates, and only $10 to enable automatic updates. Currently it has 3089 item in its protection database. If you absolutely need ActiveX enabled in IE, this utility is a must have!

first a quick free spyware scanner, available as a standalone or as an installable.

1) xblock
http://www.xblock.com/update_free.shtml
http://www.xblock.com/download/xcleaner_setup.exe
http://www.xblock.com/download/xcleaner_free.exe

The setup can install to run a turbo mode scan on system start. This feature is very useful for home sytems, just to keep the noise down to a dull roar.

2) Spybot and Adaware as given above. Note that you can download the Ad Aware reference file separately, which is good for a manual update.

3) SpywareBlaster

4) HijackThis, a good cleaner for squirrely startup strings and browser settings (use with extreme caution)

5) I now recommend the Avast Home edition as a free antivirus over the AVG. Updates whenever you go online (dial up or broadband) and has support for scanning IM as well as some major P2P networks. Scanner also has a built in cleanner which will also handle fixing registry keys written by virus and trojan attacks. Also can do a system scan on reboot similar to chkdsk. Very much a low maintenance product. Requires a free registration for a 14 month license.

6) be sure to check out this list of bad/trojan spyware scanners:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

7) useful sites include

www.spywareinfo.com
www.spywarewarrior.com

One of my favourites has to be the Ultimate Boot CD available from http://www.ultimatebootcd.com. Version 2.4 is a mini Linux distro with a mass of tools. Details are also given on how to make a Windows version but I stick with the original.

In addition a disk with Spinrite, JV16 (mentioned elsewhere) along with the usual MS patches, service packs, spyware removals (Spybot is my fave) and antivirus removal tools.

Been using a rescue disk on CD based on Barts PE, You can build it to your needs via plugins and gives you a Windows XP like system all running from a CD.

Plugins I use are -
A43 File Explorer
ERD Commander
Ghost
Adaware
File Recovery Pro
McAfee Stinger
F-Prot AV
Remote Desktop
Off by One Browser
Putty
WS FTP
Nero
Beyond Compare
AnalogX
Partition Magic 8

There are loads more plugins from various sites with quite an active community supporting this.

It also has full network support for most Nic's, DHCP etc. The only drawback is you need 128Mb of Ram to use.

We have been using a customized build of Bart's PE for about 6 months now. It has been the best thing I have used. We have Novell, TCP/IP, and Wireless Services, Avast Registry Editor, Registry Restore Wizard, Mcafee Commandline Virus Scanner and the Stinger tool, Symantec Ghost, Network diagnostic tools, Disk defrag tool, File and disk recovery tools, system info tool, and a password reset utility.

Hi,

I've been using Bart's and a bunch of utilities on it and would like to use Ghost with it as well but Ghost32 errors out on startup everytime. Has anyone else had this problem with a standard Ghost32 config by the Bart's instructions? I can use the Ghostserv and Ghost Explorer off the Bart's PE disk but not Ghost32.