Windows Troubleshooting Help

One of the things that strikes fear into the hearts of Windows users is the Blue Screen of Death or BSOD. This screen tells you that a serious error has occurred and the computer was stopped for the computer's own good. It contains some strange, apparently meaningless numbers and if you're lucky the name of a file. /but what causes BSODs and how do we prevent them? Let's go through some of the most common issues.

1. Driver issues - Device drivers are pieces of software that allow the operating system to talk to the physical hardware devices, for example graphics cards and printers. When a device driver does something it isn't supposed to Windows stops the system and throws up a BSOD. A commonly seen example is the IRQL_NOT_LESS_OR_EQUAL error which is frequently caused by faulty drivers. How do we know when a device driver is at fault? Well sometimes the BSOD will tell you. Read it for any mention of a file name like nv4disp.dll (Nvidia video card) or ks-959,sys (Kingsun infrared). This is most likely the culprit. You will have to update your drivers. Do a Google search on the named driver to get more information. Here is a nice article on how to update drivers. It's on Apple's website. Here's another one on Microsoft's site.

2. Hardware - If you've updated the suspect driver and still get the same BSODs then there could be a problem with the hardware itself. Try removing the hardware and see if the BSODs still occur. If they stop then reconnect the hardware, it might have been improperly seated the first time. If the BSODs start happening again then you definitely know where the problem is.

3. Memory modules - Memory is where the computer stores the program and data it is working on. This is not to be confused with long-term permanent storage such as hard drives. Memory is for short-term fast access to software and data while it is being worked on. Defective memory will cause BSODs and data corruption. Two good programs for testing memory are memtest86+ and Windows Memory Diagnostic. Download the programs and make bootable CDs or floppies (!?) then reboot. Enter the BIOS and set the computer to boot first from the CD or floppy drive. The tests should then run automatically. If the memory fails try testing one module at a time in different slots. The results should tell you which module or slot is defective.

4. Viruses and other malware - It's also possible that a virus is causing the BSODs. It's a good idea to practice preventive techniques and regular scans. Some viruses try to disrupt antivirus programs so you may need to boot from a rescue CD or connect the hard drive to a clean computer. A driver mentioned in a BSOD could be a virus. A quick search on the Internet should tell you.

One of the most popular topics on the Internet is malware removal. Cleaning a malware infection can be time-consuming and frustrating and result in lost time and productivity. Most of these infections are preventable.

In this article I will try to lay-out a comprehensive prevention strategy. It will be written for the non-IT professional, Windows XP user. Much of the content, however will also be applicable to other OSs, perhaps with some minor modifications.

Let's begin.

Step 1: Use genuine software.

I've seen a lot of forum posts detailing malware infections that came about from using pirated software. Often someone will post "Help, I installed a cracked NOD32/Kaspersky/Whatever and now my PC is acting weird" or something similar. Really, using pirated security software is like asking a criminal to watch your house. If you can't afford to buy commercial security products there are a lot of good, free alternatives available. It's not only a legal issue, it's a security issue.

Another risk comes from using pirated Operating System software. It would be very easy for pirates to slipstream malware into a Windows install. You wouldn't even know it was there, it could hide for years transmitting your information to the Internet. The same can be said about any pirated software, there could be some nasty code hiding in there. Use genuine updated software, it might cost more at first but it will benefit you in the long run.

Step 2: Use security software and a hardware firewall.

This is down to personal preference. I've seen some claims that some people run their PCs without security software and that they've never had an infection. Good for them, but as for myself I'm not going to wait for the day my PC gets infected. Here's what I use:

Antivirus (Real-time and on-demand)

Real-time Antispyware monitor

On-demand Anti-spyware scanner

Hardware Firewall

Software Firewall with HIPS

Rootkit finders

I can't tell you what the "best" antivirus is because I honestly don't know and the topic is too subjective. Just find one that is suits your needs. The factors are: detection rate, update regularity, cost, size, and resource consumption. I've been using AVG Free 7.5 for a long time without getting infected. A lot of people, however, will say that they don't like AVG and it has a poor detection rate, etc.

For anti-spyware I use Windows Defender and AVG Antispyware. Can't say much about these two, never had any spyware so I can't tell you how good they are. They seem to get mixed reviews, however, so do some research.

For a software firewall I have Comodo Firewall with Defense+ enabled. A software firewall decides what network traffic is allowed to go in and out of your computer. It may seem redundant to have both a hardware and software firewall, but a software firewall will protect you both from malware trying to connect from your computer to the Internet and attacks originating from other computers. Hardware firewalls will only protect you from incoming attacks from outside the network.

Defense+ is a behavior-based anti-malware tool. It will report or block (depending on configuration) suspicious software activity. A word of warning: the Comodo software is very powerful and highly configurable, but it can get very annoying with all the popup prompts. If you can work through that the popups will (mostly) stop when Comodo has learned your system's behavior.

Rootkits are software designed to hide itself and other objects (files, folders, etc.) from view. These are increasingly used by spyware to hide themselves on an infected computer. For finding rootkits I use Rootkit Revealer from Sysinternals and IceSword and GMER. No one tool is going to find every rootkit, and there are a lot of false positives. If you think you are infected there are a lot of helpful articles and forums on the subject online. More paranoid users can try running everything in a virtual environment or a sandbox. This way, no data is actually written to disk.

Learning to use these tools properly is a matter of patience. But the rewards are a more secure computer and a better understanding of how your computer works.

Step 3: Do everyday tasks on a limited user account.

In WindowsXP, applications run with the privilege level of the logged-in user. Most applications don't need to be run with administrative privilege. By running as a limited user you limit the potential damage that malware can do. Most pf the registry is off-limits as are other users' data. It's true that some malware might be able to circumvent this and elevate their privilege, but most malware can't. Why expose yourself to unnecessary risk? Save the admin account for when you really need it. For old software that need administrative privilege, there are ways to make them run under limited accounts. These often involve editing file, folder, and registry permissions.

Step 4: Make sure your software is updated.

A lot of malware try to exploit vulnerabilities in popular software, from operating systems to browsers to media players. An example of this is the Blaster Worm, which exploits vulnerabilities in Windows. A patch has been available for years but as late as last week (August 2008) I saw a forum post detailing the same symptoms. Another example would be the exploits targeting the popular Adobe Flash software. To counter these software companies periodically release updates and patches.

Make sure you have the latest updates installed. These not only address security issues, but often improve performance and stability as well.

Step 5: Practice safe surfing and computing.

Don't open unexpected e-mail attachments. If you really have to verify with the sender what it contains. If the sender is a stranger don't open it. If you really, really have to then scan it before opening. If you're going to insert strange flash drives, floppies and CDs into your PC disable autoplay on all your drives and drive types. Scan before opening anything on the drive.

Don't enable scripts by default on Internet sites. I use Firefox with the Noscript add-on. Scripts are enabled in Firefox but Noscript blocks them. I can then allow scripts only on sites that I trust. Don't go to warez and porn sites. These are a major source of malware. Download only from trusted sites and even then scan before opening. Don't click on ads that promise you cash prizes. Learn to distinguish real links from dummy links.

If you're going to use your flash drive on a strange computer create a new folder called autorun.inf on the drive root. Make it hidden and read-only. This will prevent malware from putting an autorun.inf file on your flash drive's root.

Don't trust pop-up windows. These will usually say you've won some sort of prize, or your computer needs to be optimized, or your computer is infected and you need to download certain software to remove it. This has long been a strategy for spreading malware and recently fake virus alerts have been appearing again and deceiving users into downloading fake antivirus software. (Thanks to ditrackster for pointing this out)

These are just some suggestions, you get the idea.

Step 6: Use Google.

If you are not sure about something or just want to learn how better to secure your computer, do a Google search. All of the problems I've had on the computers at home were resolved by reading articles found on Google or asking questions on Internet forums. I've never had to pay a technician to fix my PC in years. Return the favor by answering other people's questions and helping them with their computer problems.

Step 7: Make regular backups of your files.

This is not a prevention method, but it will make recovery from a nasty malware infection, failing hardware or physical damage to the computer faster and easier. You can make backup images of your hard drive to make it easier to get your system running again. It would also be a good idea to burn your data to CD or DVD and/or upload them to the web.

Conclusion

You will have to find a balance between security and ease-of-use. These steps will not ensure that your PC will never get infected, but I believe that these will prevent most common problems. I hope you find this article useful. If there are any corrections or improvements I need to make feel free to point them out.

If you've ever tried troubleshooting problems on Windows computers then you've probably used Task Manager. This program shows you what processes are running on your computer and their CPU and memory usage. Oftentimes Task Manager just isn't enough. For troubleshooting problems that require more than just clicking "End Task" use Process Explorer.
Some useful features of Process Explorer:
- Shows parent-child relationships. You can see which process was started by which other process.
- Highlights processes that have just started or are about to end.
- Displays the software publisher and whether or not there is a valid digital signature.
- Shows the path (directory location) each process starts from.
- Shows what DLLs and files each process has open.
- Able to suspend (as in "pause") a process instead of killing ("stop") it.
Here's a simple real-world case:
A customer came to me with her flash drive saying she couldn't open any of the folders in it. So I plugged it in and double-clicked the drive in My Computer, which probably wasn't the smartest thing to do. I then tried double-clicking (again, not so smart) on the folders in the flash drive. The folders wouldn't open, instead a new window of explorer popped-up showing My Computer. I tried typing in the complete path of the folder in the address bar, e.g., J:\folder which did the same thing. However, J:\folder\ (note the trailing backslash) worked. As I suspected malware had replaced the folders with executable copies of itself, using the correct folder names. I started Process Explorer and looked for anything suspicious. I saw two instances of something called system.exe. I knew this was the malware process because of two things:
1. No publisher and no digital signature.
2. The starting location was listed as J:, the flash drive.
I suspended the two processes before killing them both**. Afterwards the folders opened normally. I told the customer she had to clean the virus off of her flash drive to make the solution permanent. I hadn't cleaned it myself because we were a photo printing shop with only one computer and lots of impatient customers. Even so, the service she got was a lot better than what she received at a nearby computer shop, who had simply given up on her problem.
**Why suspend first? Because sometimes malware processes come in multiple instances to protect each other. When you kill one the others will just start more, like a Hydra. But if you just suspend them this behavior is not triggered.

You will see many references to the Windows registry in Windows guides and tutorials. The registry is a database that contains configuration information for the system, hardware, applications, and users. Manual editing of the registry should be a last resort. An incorrect configuration can cause strange system behavior or even make the system unbootable. However as long as you understand the changes to be made and are careful editing the registry is a safe operation. As with all things computer related be sure to backup the registry before making any changes. Here's an article on Microsoft's webiste: The Windows Registry

I recently tried Linux (Ubuntu and Mandriva) and now have it installed on two computers here at home. I've also installed Mandriva on an office computer and a computer in a photo studio. Contrary to popular belief I've found that Linux is easy use and easy to learn. There is also a lot of software available that is not only free but works very well too. It is also very stable and secure. I haven't had any system crashes nor random reboots. I haven't had to worry about malware either. Linux is free software, meaning it comes with a lot of freedoms that don't come with traditional proprietary software. These freedoms are that you may run, copy, modify, and distribute the software. In addition anyone you distribute the software to receives these same freedoms.
Linux isn't perfect, there have been challenges and setbacks. But there is a lot of information on the Internet in the form of tutorials, documentation and friendly and helpful web forums.