PDA

View Full Version : My Health Check


bensthelens
09-15-2009, 07:11 PM
Hello,

fillerfillerfilller
Ben

14049752
09-15-2009, 07:20 PM
Things you're missing and my thoughts:

Any sort of hardware diagnostics? If you're doing this on site, you might be able to get away with skipping this.

Rootkit scans, including manually knowing what to look for in regedit, the drivers folder, etc.

Two online antivirus scans is pointless and can be very time consuming. Choose one. Don't rely so much on all of these "click the button to fix the problem" programs.

Instead of just restarting the system several times, why not actually see if everything works? Open up some common programs, make sure webpages don't redirect or have spyware pop-ups, etc...

bensthelens
09-15-2009, 07:21 PM
You do realize that it's against the terms of service agreement to use eset online scanner and make money off of it, right?

No i wasnt aware! I am now - thank you!

bensthelens
09-15-2009, 07:22 PM
Things you're missing and my thoughts:

Any sort of hardware diagnostics? If you're doing this on site, you might be able to get away with skipping this.

Rootkit scans, including manually knowing what to look for in regedit, the drivers folder, etc.

Two online antivirus scans is pointless and can be very time consuming. Choose one. Don't rely so much on all of these "click the button to fix the problem" programs.

Instead of just restarting the system several times, why not actually see if everything works? Open up some common programs, make sure webpages don't redirect or have spyware pop-ups, etc...

Thank you - raised some good points!

Helps me tweak the fix time!

Ben

angry_geek
09-15-2009, 07:22 PM
That process will miss most of the fake av infections out there. Every situation is different, but there are some common steps to take. First is to create an image of the drive or at least back up important data. You need to first boot into normal mode, as you need to see exactly what your customer is seeing. Run appropriate tools and steps to remove whatever infection you're dealing with. You should add a lot of tools to your kit, combofix, hijackthis, several of the sophos tools, include a few different rootkit detectors. Once you've gone through the process of removing the infections, do a visual inspection of the system32 folder, hidden devices, and scan the registry for services that aren't listed in the management console. I used to do a lot of manually removing infections, and still do, but some of these new infections are changing daily causing manual detection to be tricky sometimes. I don't even use spybot anymore as mbam does such a better job. Don't turn off system restore. You may need it, or it may be already disabled by the infection. Once your done cleaning the system, you can clean up the old restore points.

bensthelens
09-15-2009, 07:27 PM
That process will miss most of the fake av infections out there. Every situation is different, but there are some common steps to take. First is to create an image of the drive or at least back up important data. You need to first boot into normal mode, as you need to see exactly what your customer is seeing. Run appropriate tools and steps to remove whatever infection you're dealing with. You should add a lot of tools to your kit, combofix, hijackthis, several of the sophos tools, include a few different rootkit detectors. Once you've gone through the process of removing the infections, do a visual inspection of the system32 folder, hidden devices, and scan the registry for services that aren't listed in the management console. I used to do a lot of manually removing infections, and still do, but some of these new infections are changing daily causing manual detection to be tricky sometimes. I don't even use spybot anymore as mbam does such a better job. Don't turn off system restore. You may need it, or it may be already disabled by the infection. Once your done cleaning the system, you can clean up the old restore points.

thank you - great reply! many points I will take on board!

studiot
09-15-2009, 10:50 PM
I don't offer a paid for 'Health Check'. Customers are past masters at subverting anything you do and will blame you for anything that happens to their computer in the next 10 years following such a check.

You don't want the aggro.

That doesn't mean you can't point out the obvious, and maybe generate extra business from doing so.

Suppressing things with Msconfig is not a good place to start either. Better to read it (Autoruns is even better) and adjust the registry accordingly.

Why safe mode? You can't adjust any of the insane customer settings from here, that prevent proiper running of the pc.

Why delete system restore files early - you may well need them.

Why CCleaner early? That's just when blanket cleaners cock it up for you.

Why run unecessary AV, perhaps that is not the problem.

Many commercial organisations would throw you out if you did unauthorised updates, before they were proved for their network.

Why defrag? How long are you allocating for doing this and how long do you think the customer expects to pay for?

What I am basically saying is

Attack the problem, don't just do things for the sake of it. Every action should have a reason behind it.

bensthelens
09-16-2009, 09:10 PM
It doesn't seem much of a healthcheck to be honest.

Looks more like running a few virus apps and clearing out some old files. You could do all that and the system fall over a week later from something you could have spotted easily.

Surely you'd want to look at which hardware was potentially letting the system down - e.g. check out the common CPU/memory/disk/network performance counters whilst you're doing stuff to see the bottlenecks.

How about sfc.exe to check the sytem files are intact. Chkdsk to report on file-system and/or disk errors. A hard disk app to report on disk errors (slow sectors etc).

Thanks! will take all that on board - some excellent points learnt!

Doctor Micro
09-18-2009, 10:25 AM
There's nothing wrong with the concept of a computer health check. We do something like this for many of our commercial and business clients who are on a maintenance agreement. The purpose is to make sure the computer is up-to-date, malware-free, running as well as it should, and to spot any potential issues before they become more serious and cause further problems.

The process you originally described, while none of it can hurt, is very time-consuming and much of it unnecessary, unless something you discover or observe leads you to run a particular routine for good reason. I can appreciate the fact that you might be looking for a structured "cookbook" type of approach, but the amount of effort and time involved in what you originally proposed is very inefficient.

Let me draw an analogy. If you go to your doctor for an annual physical, there are a few basic things that the doctor or the nurse will always do. Take your temperature, check your blood pressure, and listen to your heart and lungs. While they are doing this, they ask you how you are feeling and if you have any complaints, and they observe you, using their knowledge and experience to note anything out of the ordinary.

This is the same type of approach that you can use for a computer health check. Ask the customer if they have any specific complaints or issues. Turn the PC on and observe. Take note of the processor, amount of installed memory, hard drive space remaining, how long does it take to boot fully into the windows environment, are there any error messages, how many icons are in the system tray, what service pack is installed, are there any hardware items in device manager that are not working or disabled, what browser are they using and is it the most current version, do adobe and java need an update, how fragmented is the hard drive, are system restore and automatic updates turned on, what antivirus are they using and is it up to date.

Most of this can be checked or noted in about 15 minutes or less. How much time it takes after that will depend on what you find.

atlanticjim
09-18-2009, 12:24 PM
1+ Doctor Micro.

As my other business is healthcare, I naturally use this approach. I find it very difficult to guarantee a fully functioning machine without a complete N&P. Therefore I rely on the client telling me the symptoms and address them. (as well as all the CheckUp items mentioned above.)

angry_geek
09-18-2009, 01:20 PM
I agree. It seems as more of a cleaning procedure than a "health check". I usually don't get people that just want to make sure the machine is healthy. I don't seem to get a hold of them until there's a problem. For businesses on agreements, I do a lot of remote monitoring or periodic checking.