Author Topic: Need some advice re consultant psychiatrist's computer  (Read 3780 times)

0 Members and 1 Guest are viewing this topic.

Gillie2tat

  • Guest
Need some advice re consultant psychiatrist's computer
« on: July 22, 2004, 10:12:06 PM »
I wonder if you people would look at my checklist for the Consultant Psychiatrist at work.  He came to me to say that he needed me to download a removal tool for Sasser worm which he's managed to get onto his puter and the removal tool for which he can't download because said computer is constantly shutting down.

We looked at the relevant Microsoft pages together and I explained what they were all about and what the different instructions were telling him to do.  I then found out that he didn't have any Microsoft Critical Updates and Security patches in place, no firewall, he's on Broadband and I'll bet his antivirus software whatever it is is way out of date!

I have this evening put together a pack of URLs for Avast!, Kerio, Firebird, Netscape, Spybot, THunderbird, Eudora, Pegasus and Adaware so he can download these himself and at least try the different e-mail and browser solutions, and downloaded as many Critical Updates and Security Packs as I could find related to Windows XP (the relevant operating system) on Microsoft, I have also downloaded your removal tool and the Microsoft one and saved relevant web pages to disk as he can't get online to get them himself and hasn't got the necessary protection.  Since I haven't heard from him I assume he's managing to follow the instructions on the Microsoft pages which include switching on the XP firewall as an emergency measure till he can download the Kerio firewall or something else more sensible than the XP one.

The plan (at least mine) at the moment is:-

(1) get rid of Sasser using the online removal tools from yourselves and if necessary Microsoft and if necessary reinstall XP

(2) get the security patches I have downloaded for him installed BEFORE he goes back online

(3) go online straight to Windows Update to find out if there are any other Critical Updates and Security Patches he needs and

(4) get him to download Avast and get rid of whatever antivirus he has if as I suspect the subscription for his updates is out of date, plus a decent firewall (either Sygate or Kerio).  Then I plan to have him run a full system scan with up to date Avast!, Spybot and Ad Aware if we haven't had to reinstall.  And while we're at it get him onto safer browser/e-mail system than the Microsoft ones which I think are probably what he's using at the moment.

I may not have got all of the updates but if he has at least got some of the protection he needs he should be able to go straight to Microsoft and get the relevant patch numbers from Windows Update the first time he goes online.  I've also told him to attend the Turbo Charging your Computer class and the upcoming new Computer Security class at Virtual University so he can learn how to maintain his machine properly!

This is the first time I've actually done technical support work of this sort and I'd appreciate it if you would advise me if there is anything else he should do at present.

I understand the computer is a Sony laptop but I don't have any other details at this stage.  It does however have the capability to run XP and he didn't mention any problems with it other than the virus.
« Last Edit: July 22, 2004, 10:19:13 PM by Gillie2tat »

Gillie2tat

  • Guest
Re:Need some advice re consultant psychiatrist's computer
« Reply #1 on: July 22, 2004, 11:32:22 PM »
OK re-read the helpful posting at the top of the postings list page, and I'm going to print it off for him tomorrow (don't have a printer at home).  It will help him to decide what to do next - naturally I have no idea what kind of surfing he's been doing or purchases online or anything of that sort.

Thanks for having that information there for all of us!
« Last Edit: July 22, 2004, 11:32:56 PM by Gillie2tat »

whocares

  • Guest
Re:Need some advice re consultant psychiatrist's computer
« Reply #2 on: July 22, 2004, 11:44:22 PM »
Hi,

if he has confidential/patient data on his PC, he should DEFINITELY reinstall from scratch !!! and CHANGE ALL PASSWORDS..

because his PC is insecure/not safe !!!
Sasser brings a backdoor, and it even has an exploit itself which allows hackers to gain FULL CONTROL over the machine..!

to be able to backup the data & settings, he could:
- disconnect from network
- clean out Sasser & co. with avast's Cleaner (OFFLINE)
- enable XP's built-in firewall (OFFLINE)
optional then:
- go online, update windows, download/install AV/avast, Firewall etc etc.. ;)
Afterwards:
- backup and then format & reinstall according to "VirusRemoval" below
 ;)

Gillie2tat

  • Guest
Re:Need some advice re consultant psychiatrist's computer
« Reply #3 on: July 23, 2004, 08:34:47 AM »
OK thanks.  Will check what sort of maintenance contract he has with his puter supplier and how old this thing is before I start trying to do a reformat!!  THanks for the warning about the risk to confidentiality, you are absolutely right and will mention that to him.  He probably does have patient data on it.

I've got a lot of the updates downloaded now so will be able to secure this beast once and for all.   If as I suspect his antivirus is out of date, will get him to download Avast for a full system scan as a priority.

Thanks so much!
« Last Edit: July 23, 2004, 08:36:19 AM by Gillie2tat »

Max M.Wachtel III

  • Guest
Re:Need some advice re consultant psychiatrist's computer
« Reply #4 on: July 24, 2004, 01:26:32 AM »
To stop shutdown-
run/ type:  shutdown -a
If that dosen't work create a file-
If you need to buy time handsfree so it won't shut down, then start notepad and cut and paste the following in the notepad window:

@echo off
:loop
shutdown -a
goto loop

Save this to your desktop as stayon.bat, then you could double click on that to run while you d/l your updates.

Gillie2tat

  • Guest
Re:Need some advice re consultant psychiatrist's computer
« Reply #5 on: July 24, 2004, 12:09:58 PM »
He ended up using Microsoft's FAQ on how to stop it shutting down using the command prompt box and that worked for him - sounded reasonably confident yesterday but still not using a firewall and got the firewall lecture from me by which time he was looking rather more dismayed!  Yes he does have patient data so I have explained that he'll need to reinstall because machine's security has been compromised.

Oh well he's running Spybot and not swapping disks with the puters at work so the problem is not what it might have been.

I said I would help with the virus and getting machine set up with firewall and scanned with Avast, Spybot and Ad aware till it's clean as it can be then he'll have to seek professional help for getting it reinstalled, probably from the manufacturer if it's still under guarantee.  I gave him a Cd-R with the Avast free virus removal tool and Microsoft patches on it and he has printouts of how to turn on the Microsoft firewall till he can download something more sensible, how to switch off System Restore, how to boot into Safe mode and how to backup the registry - and I also printed off the information you've given me here and the information at the top of the forum listings about how to make a puter as secure as possible for going online.  Don't know if he's actually reading it all but he can't say he doesn't know where to get it now:) and I think I've about done as much as I can, it's up to him now.

Remember I've never actually seen this laptop or what it's doing.  But I think he'll be more careful in future.

Thanks everyone!