Jump to content

Stuff I use


Guest ghot
 Share

Recommended Posts

Once a computer is infected....installing programs to deal with said infection.....usually get eaten alive by the infection. A decent computer hacker will make SURE his malware does TWO things, if nothing else.....

1. Infects the System Volume Information folder (hidden) where all your restore points are stored.

2. He will also make sure that you CAN'T install antivirus, malware removers etc.

I have fixed PC's and mainframes for 30 years.......I've seen infections so bad, that they literally EAT w/e malware removal programs you try to install. They best way to clean your comp and keep it clean is (I hate to say it) but format your hardrive, reinstall Windows (with the internet cable UNHOOKED). Install software in this order:

1. Your Operating System....w/e it is/

2. Your motherboard chipset drivers

3. The latest DirectX (assuming you're installing Windows)

4. graphics card drivers, then sound card drivers.

5. MOST IMPORTANT...before you rehook the internet cable...install a firewall...I like Zonealarm (free) it works...its easy to learn and it blocks incoming and outgoing.

6. Then head straight to www.microsoft.com and get ALL the updates.

THEN you MIGHT stand a chance of getting a clean computer.

Here is a guide I personally wrote for a few friends to ease their way into Windows installs and clean, fast, functional machines:

1. Install Order: [internet Line...UNhooked, physically]

a. Windows XP (or w/e OS you will be using the most.) [if you need to install SATA drivers or set up RAID, do so when Windows says to.]

b. Motherboard Chipset Drivers (from chipset manufacturer)

c. Latest version of DirectX from www.microsoft.com

d. Video Card Drivers (from GPU manufacturer)

e. Sound Card Drivers (if applicable)

f. any wierd, system specific drivers you may need. aka Network, peripheral devices (printers, cameras, phone etc)

g. DEFRAGMENT.........DEFRAGMENT.........DEFRAGMENT.........DEFRAGMENT.........DEFR

AGMENT.........

h. Now install your' backup software, i.e. Norton Ghost.

i. Reboot your' computer 2-3 times and DEFRAG again.

j. Now run your' backup software and save an ENTIRE copy (image) of your' primary HD. "Store" the backup (image) on a "partition" on your'

secondary harddrive.

k. Name it FRESH or something to remind you that this is a copy of a fresh Windows install.

2. Other software (antivirus, firewall etc) [internet Line....STILL unhooked]

a. Install these programs in this order: Firewall, then Antivirus. I recommend ZoneAlarm Firewall (free version)

b. Set your Firewall to HIGH and any program that asks for access to internet....think before you allow it.

c. Install your Internet browser. I recommend Mozilla Firefox (free)

d. NOW rehook the LINE that supplys your internet connection.

e. Set up your default Network Connection in Control Panel / Network Connections

f. Turn on these services: Automatic Updates, Background Intelligent transfer, Event Log [Control Panel/ Administrative Tools/ Services]

g. Go STRAIGHT to www.microsoft.com and get all the recommended updates.

h. Next, go STRAIGHT to your AntiVirus site and get all the latest Virus Defitions. Then go OFFLINE however you can!!

i. Now make another backup of your entire primary HD.....with the date incoporated into the name aka: APR11.xxx

3. Tweak Windows to suit YOUR desires:

a. First we gonna need a little Microsoft program: TweakUiPowertoys (Win XP) or TweakUi (Win 98).

b. Next we gonna need a few shortcuts: Go to START / search (files and folders) for regedit, it should be in the system or sytem32 folder....

right click on its icon and choose: send to/ desktop (create shortcut).

c. Go to START / All Programs / Accessories and right click on: Windows Explorer and choose: send to / desktop (create shortcut).

d. Right click on the desktop and choose: Arrange Icons By...and make sure Auto Arrange is checked and Aligned To Grid, isn't checked.

e. Right click on the Windows Explorer icon and then click properties. On the shortcut TAB at top, the first text box you should see, should be

labled "Target". Delete w/e is in there and type in its' place: explorer.exe /n,/e,c:\program files (where c = your primary hardrive). This

will force Windows Explorer to open to the Program Files folder....which we will use a lot!

f. Now we need to install Tweak Ui Power Toys. Just double click it to install. (depending on version, you may have to have internet UP).

g. 90% of the Tweaks I use, for speed and ease, can be accomplished through Windows settings here and through the use of Tweak Ui.

so, go to START / all programs and you should see: Power Toys for Windows XP ....run it...go through each area on left side and TWEAK till

you are satisfied.

4. Tweak OTHER Windows Settings:

a. Double click on our Windows Explorer shortcut. At the top of the Windows Explorer window, click on the "View" button and choose: Details

b. Click on the "Tools" button and choose: Folder Options. On the General Tab, choose: Use Windows Classic Folders. Now click on the

View Tab. You will see many checkboxes. The following settings are for a stand-alone computer running Windows XP Pro.

If your computer is NOT hooked to other comps, uncheck: Automatically search for network folders and.....Then, click the circle labled:

Show Hidden Files and Folders. Scroll down a little and uncheck: Hide extensions for known file types, and uncheck Hide protected

Operating System Files. Put a check mark in: Remember Each Folders View Settings and Show Control Panel in My Computer.

Uncheck: Lauch Folder Windows in a seperate process and Use Simple File Sharing. Now at center-top area, click the Apply to all Folders

button and then answer Yes, then you can close all those windows.

c. Ok now, right click My Computer icon on your desktop and choose: properties. Click on the Advanced Tab, and in the Performance section

click the settings button. Put a dot in the Adjust for best Performance circle. Then click on THIS pages' Advanced tab. In the top two

sections, put a dot in the circles called: Programs. In the bottom or Virtual Memory section, click the Change Button: Put a dot in the

Custom Size circle. We need to set the paging files' Initial size and maximum size to the SAME value. You will see near the bottom, the

Recommended: XXXXMB. Type this value in BOTH the Initial and the Maximum size boxes. Then click the SET button, and any and all

OK's Yes's Applys etc., if asked to reboot, do so! Setting the Page File / Virtual memory this way, keeps it from becoming fragmented.

d. Now...right click your desktop and choose properties. Click the Desktop Tab. Click the Customize Desktop button at bottom. Here you

can change icons, remove icons etc. Close the Desktop items page. Now, at the top, click on the Appearance tab and in the top two

dropdown boxes, choose: Windows Classic Style and then, Windows Classic. Click Apply. To the right click the Effects button, and

UNcheck all boxes. EXCEPT: If you use an LCD, then you will WANT to check the box labled: Use the following method to

smooth edges of screen fonts, and then in the drop down choose: Clear Type. Close that window and click on the andvanced button in

lower right. During tweaking and setup I recommend setting the desktop background color to black. Ok now at the top, click on the

Settings Tab. Here you can set ur screen resolution and color quality....I recommend the highest setting for both, that you and your'

hardware can support. At the bottom you will see another Advanced button, click on this to get to your particular Video Card Settings.

e. Windows built in ZIP program is not very good. I recommend Winzip 7.0...there are other ZIP programs, but Winzip is one of the most common.

IF, you have another program for handling ZIP files and wish to disable Windows built in ZIP intergration, go to START / Run and type:

regsvr32 /u %windir%\system32\zipfldr.dll If you ever wish to re-enable it, type the same command but leave out the /u

f. I also recommend using the Classic taskbar and start menu. They are much more intuitive and easier to navigate. Right click the Taskbar and

choose Properties. On the window that opens, click the Start Menu tab at the top. At bottom left click Classic Start Menu. Next click Customize

in the lower right corner. In the check boxes, I suggest you make sure that Display Run and Enable Dragging and Dropping are checked,

and uncheck: Use Personalized menus. Now would be a good time to go through Power Toys for Windows / Tweak UI again. Some of the settings we will do next involve editing the Registry (dangerous) so any that CAN be set in Tweak UI, should be.

5. Registry tweaks:

a. First, we need to get to know the registry. Earlier we created a shortcut to the Registry Editor (the Icon looks sort of like a Rubics Cube), double

click the icon to open the Registry Editor. You should now see a window with 2 panes. The left pane contains the 5 HKEY's. The HKEYS......

ARE Windows XP. The desktop etc., is merely the Graphical User Interface (GUI). It exists to make it easier to perform tasks in Windows.

CAUTION: Any edits made to the registry are IMMEDIATE!!! So, It would be a good idea to backup your registry BEFORE you attempt to edit it.

To back up the Registry simply click on File / Export at the top left of registry Editor, and choose a name for the backup. For example, regback1

IF you make a mistake while editing the Registry, merely double clicking the backup file you made, will restore the registry. So make a backup now.

b. Even though the HKEY's "look" like folders, they do NOT act like folders. They can not be renamed or deleted. Ok, now click the plus sign by

HKEY_CURRENT USER and then click the plus sign by Software. In the Software Key are all your installed programs. Notice at the bottom left

side of the Registry Editor window, you can see the "file path" pointing to where you happen to be in the registry. To illustrate how to actually edit

something, we will now ....edit something. In this case we are going to edit an entry in the registry, that will allow Windows Menus to open faster.

c. By use of the plus signs on the left pane, we will open the "branches" to: HKEY_CURRENT_USER \ Control Panel \ Desktop. Single-click the Desktop in the left pane. Now, you should see many entries in the right pane. The right pane is where we do 90% of our registry editing. In the right pane, double click the MenuShowDelay in the name column. This will open another window in which you can change the menu delay value. You can type any number in here from 0 to 65534, the number you enter is the time delay in milliseconds. The default is 400 which is about 1/2 second. IF the MenuShowDelay is NOT in the right pane, then go up to the Edit button (top left) click it and choose NEW then String Value, then type: MenuShowDelay (each word is capitalized and NO spaces between words). Then just double click the newly created MenuShowDelay value and set to whatever speed you like. Mine is set to a value of 1, but that may be too fast for some people. A good number to try first is: 100, it's fast but not "hectic fast". There, you have just succesfully edited the registry. The following will be a list of recommended registry entries, that will make windows more responsive and eliminate some of Microsofts' stupider ideas.

d. To turn Off Windows Picture and Fax Viewer:

HKEY_CLASSES_ROOT \ SystemFileAssociations \ image \ ShellEx \ ContextMenuHandlers then, delete the ShellImagePreview key.

To reduce the Hung Application Timeout:

HKEY_CURRENT_USER \ Control Panel \ Desktop then double click the WaitToKillAppTimeout value. The default is 20000 (20 seconds).

...the recommended setting is: 2000 (2 seconds). Also in this key is the HungAppTimeout value, just set it to the same value.

To add Encrypt/Decrypt to right click menus:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced ...create a new value by going to

Edit then NEW then DWORD Value and then type: EncryptionContextMenu for the name of the new value. Now double click the

EncryptionContextMenu value and enter 1 for the Value Data, and click OK.

To speed up Disk Cleaner:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ VolumeCaches \ Compress old files ...just

delete the Compress old files folder from the left pane.

6. The SERVICES Jungle:

Windows XP comes with about 90 services, turned on by default. While only about 25-30 Services are actually needed to allow Windows

to function properly. The remaining 60 or so Services either use up system resources or are downright security risks. NOTE: If your computer

is "networked" with other computers, be careful NOT to turn off any Services that are required for your' network to function. The Services are

located in: Control Panel / Administrative Tools / Services. [Make sure that the "Extended tab" is chosen at the bottom...this will provide

descriptions for each sevice when you highlight each service] The object here is to disable and/or stop any services you don't need. Below is a list

of Services that mainly are security risks and should be set to manual or better yet, disabled and then stopped. Just double clicking on a Service,

will bring up a dialog box which will allow you to change the default settings. This list is from www.tweakXP.com ...this list contains services

that should be changed for a gaming machine (in other words a FAST machine).

Below are a list of windows services that we recommend you change to the manual setting.

Alerter

Application Layer Gateway Service** (only if Windows firewall is not used)

Application Management

Background Intelligent Transfer Service

ClipBook

COM+ System Application

Distributed Link Tracking Client

Distributed Transaction Coordinator

Help and Support

IMAPI CD-Burning COM Service

IPSEC Services

Logical Disk Manager Administrative Service

MS Software Shadow Copy Provider

Net Logon

NetMeeting Remote Desktop Sharing

Network DDE

Network DDE DSDM

Network Location Awareness (NLA)

NT LM Security Support Provider

Performance Logs and Alerts

Portable Media Serial Number

QoS RSVP

Remote Desktop Help Session Manager

Remote Procedure Call (RPC) Locator

Remote Registry ***DISABLE***

Removable Storage

Routing and Remote Access

Server

Smart Card

Smart Card Helper

SSDP Discovery Service ***DISABLE***

System Restore Service ** (ONLY stop this service if you have an alternate backup system like Norton Ghost)

Telnet

Themes

Uninterruptible Power Supply

Universal Plug and Play Device Host ***DISABLE***

Volume Shadow Copy

Windows Image Acquisition (WIA)

Windows Installer

Windows Management Instrumentation Driver Extensions

Wireless Zero Configuration

WMI Performance Adapter

Fast User Switching Compatibility ** (only if fast user switching is not used or the machine has one user only)

Protected Storage

Windows Time

TCP/IP NetBIOS Helper

Secondary Logon

Print Spooler ** (only if the pc does not have or use a printer)

Indexing Service

Error Reporting Service

Computer Browser

Internet Connection Firewall (ICF) / Internet Connection Sharing

7. Secrets to easy Windows life:

a. NEVER buy/install a security SUITE...use stand alone products, for example: Use Notron Antivirus...NOT Norton Security Suite.

b. NEVER use two Antivirus or two Firewall applications.

c. DO USE 2-3 Anti Spyware applications. (they will NOT interfere with each other)

d. ALWAYS get the latest Microsoft Updates (they are released on the 2nd Tuesday of each month)

e. ALWAYS update your' anitvirus, and spyware applications, definitions (check every 1-3 days for new definitions)

f. Make sure that there are NO applications in: START / programs / startup (it should say "empty")

g. Download and learn to use: HijackThis (it is by far the easiest and fastest way to find out if you've been infected)

h. Go to this site: http://www.oreilly.com/catalog/winxpannoy2/ and GET THE DAMN BOOK!

i. Download and learn to use: Glary Utilities (free) http://www.glarysoft.com/ (the fastest way to a slow computer is a "bloated registry")

j. DEFRAG your hard drive before and after you install a program. DEFRAG after you UNinstall a program.

8. Websites everyone should have added to favorites and / or bookmarked:

a. http://www.microsoft.com

b. http://www.tweakxp.com/ .......or....... http://www.tweakvista.com/

c. http://miranda.ctd.anl.gov:7123/

d. http://www.spywareinfo.com/%7Emerijn/programs.php AND http://hjt.networktechs.com/

e. http://www.houseofhelp.com/v2/

f. http://forum.networktechs.com/showthread.php?t=50

g. http://www.virustotal.com/en/indexf.html

h. http://virusscan.jotti.org/

i. http://www.mozilla.com/en-US/

j. http://www.zonealarm.com/store/content/home.jsp

k. http://www.spybot.info/

l. http://www.lavasoft.com/

m. http://www.ccleaner.com/download/

n. http://www.freewebs.com/coilscollection/ <--- My site

o. http://www.glarysoft.com/

p. http://www.malwarebytes.org/

q. http://www.ccleaner.com/

9. Summary:

In short, have a good stand-alone antivirus, a good stand alone firewall, a good backup system, 1-3 stand alone spyware applications,

a good registry cleaner, the latest chipset, video card, soundcard drivers. Check for updated definitions for your anitvirus and spyware apps once every 3 days. Check for Microsoft Updates on the 2nd Tuesday of every month. Whenever your system seems to be running slower....assume that you are infected until you've proven otherwise. Defragment your hard drive once a week or once every 2 weeks at the outside. Run a Registry cleaner once every other day or so. Get the book mentioned in 7h..it is by far the most complete Windows XP book available. Get and learn to use

HijackThis....I can't stress these last two items enough. Following these simple procedures will make even an old computer faster, more secure and far less prone to errors.

Edited by JeanInMontana
remove title as it is misleading
Link to post
Share on other sites

Bit of a link over load. Are you representing any of them?

Hi Jean, I'm Ghot...I'm 52 years old have 2 degrees and can code in four albiet old languages) the only reason I post these things is to help people, which is I'm sure, the same reason you post :) ....Physics and Electronics..if you care :)

Link to post
Share on other sites

...and just on a side note....I would think knowledge rather than authority would be more appreciated :) All the info I've posted has been posted elsewhere is books and on websites for years, by experts in the industry......I'm not trying to impress any1 or usurp any1's authority...I just like to help people with hardware and software problems..... I'm rather well know on many software forum sites. You have a great product here...keep up the good work :)

Link to post
Share on other sites

You never want to mess with the services unless instructed by an experienced technician. Disabling or altering the services puts you at risk for many ill effects. It's all a myth that people think really makes a change. Bottom line, leave them alone. There's a lot of myths that have been debunked, check out this list of known myths. Never disable or turn off System Restore either, it does valuable things such as making full registry backups and more.

Link to post
Share on other sites

You never want to mess with the services unless instructed by an experienced technician. Disabling or altering the services puts you at risk for many ill effects. It's all a myth that people think really makes a change. Bottom line, leave them alone. There's a lot of myths that have been debunked, check out this list of known myths. Never disable or turn off System Restore either, it does valuable things such as making full registry backups and more.

You never want to tell someone what to do unless you at least read their profile......I've worked on PC's and mainframes and all the related software for 30years bro. I can site about 20 references that instruct you to do just that, including Microsoft. But if you want to leave remote registry (for example) running, feel free. I'm sure every hacker on the planet will thank you. :)

Link to post
Share on other sites

According to his post his site is hxxp://w w w.freewebs.c0m/coilscollection/, which interestingly enough, freewebs is blocked by one of my security hosts files :) .

First off my site is www.freewebs.com.coilscollection/ not: .c0m and second off your the first person who has ever complained.

check the counter.....

secondly...many half ass hosts files on the web are ...well crap....try MVPS hosts file here:

http://www.mvps.org/winhelp2002/hosts.htm

Thirdly..the difference between you and I, is that I actually DO research BEFORE I post :/

image1ma0.jpg

Link to post
Share on other sites

Oh yes, because the people who designed the software and services are going to tell their users to disable them or alter the default settings. :)

The above is obvious sarcasm.

Listen up son, you want to prove me wrong ...do it...don't just flame...its...well immature :/

I'm not going to go do YOUR research for you. You say MS doesnt advise turning off some services (or setting to manual)...PROVE it. Likewise , try very hard to remember that ANY1 (hackers included) can read these posts....IF you want to advertise your lack of knowledge about the default services settings...I sincerely doubt a hacker will just laugh at your ignorance and pass you by ^^

Link to post
Share on other sites

First off my site is www.freewebs.com.coilscollection/ not: .c0m and second off your the first person who has ever complained.

check the counter.....

secondly...many half ass hosts files on the web are ...well crap....try MVPS hosts file here:

http://www.mvps.org/winhelp2002/hosts.htm

Thirdly..the difference between you and I, is that I actually DO research BEFORE I post :/

image1ma0.jpg

Yeah, I know, I was nulling the link deliberately (same reason I used hxxp instead of http) and I'm not complaining about your site, I haven't even visited your site. I was simply pointing out that it is listed in one of the security based hosts files that I use on my pc.

Link to post
Share on other sites

Yeah, sorry, I wasn't trying to insinuate anything or start an argument I was just pointing something out. I have nothing against Ghot, and actually use a lot of the same practices myself (ie disabling services etc.) and I had and have no intention of questioning his knowlege or anything because for all I know he probably knows a lot more about PC security and optimization than I do as I have no formal education, just years of research, trial and error and independent study.

Link to post
Share on other sites

There is something with the link. I'm guessing its a credit for the clicks, or if you sign up at freewebs. The site doesn't load for me with the link as posted, Google search, brings us Coils Collection, and a smattering of sites where guess what? Links to freewebs.com.coilscollection in many posts and since Malwarebytes ranks very high in Google searches, now so does coils collection. Some would call it spam.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.