Removing viruses, trojans, and other malware from your Windows computer

Removing viruses, trojans, and other malware from your Windows computer

These steps are easy when you know exactly when your Windows computer  has been infected (e.g. inserting a USB stick, visiting a website with malicious software on your browser).

At the time of infection or shortly after infection, perform the following steps:

  1. Immediately turn off your computer and unplug it from the network / internet (remove the network cable or if you are using wireless, try to turn off the wireless connection / router – if you are not sure, just leave it).
  2. Reboot Windows and go into safe mode. You only need the basic safe mode without any networking, etc.
  3. To get into the Windows Safe Mode, as the computer is booting press and hold your “F8 Key” which should bring up the an options menu as shown below. Use your arrow keys to move to “Safe Mode” and press your Enter key. More information on safe mode can found on the Microsoft site by searching “Windows safe mode” along with your version of Windows.
  4. Use the Microsoft system restore to restore your computer to an early point before the infection began. This restore will revert system changes done by the virus, trojans, and other malware. The restore does not impact the “My Documents” and personal settings, so keep that in mind if you saved infected files to My Documents folders.
  5. System restore may be found differently depending on your version of Windows. The easy way is to use the built in Windows help (F1) in safe mode and search for system restore to find the program. If on Windows Vista/7, use the search on “restore system”. There are also instructions off the Microsoft site.


Fix Audio Quality Issues in Windows Movie Maker 2.6

Fix Audio Quality Issues in Windows Movie Maker 2.6

If you are experiencing low, degraded, or bad audio quality in the movies you created in Windows Movie Maker 2.6 (MM 2.6), check out possible solutions below.

The solutions are aimed at when you are adding audio to a movie such as adding soundtracks with wav and mp3 files. The quality of these input audio files may be high, but for some reason the output file (movie file you save) and the movie preview (storyboard or timeline) in MM has worse audio quality than the audio files you used for the soundtrack of the movie.

Check existing codecs

Playback issues for movies are often related to codecs installed on your machine. Codecs are likely the cause of most sound input issues since MM may use different codecs for playback when the audio files are in your collections as supposed to when the audio file is now part of your soundtrack. Solving issues with codecs is difficult since everyone computer will have different ones installed and being used during the MM preview and playback. Possible solutions are:

  1. Observe if codec icons show up during movie playback or preview. Check the options for these codec icons.
  2. Change audio codecs: you could uninstall audio codecs being used and use the Window defaults or install new audio codecs.
  3. For advanced users, use a tool like G-Spot and check if you have the required codecs for an audio file installed.

Check Windows Movie Maker filters

In Windows Movie Maker, try going to “Tools > Options > Compatibility” and unchecking all the filters ending in .ax. It is possible these .ax filters are causing low audio quality in the movie preview and saving. This solution is common if you have installed a bunch of new codecs and filters. Also, if audio quality was fine before and now is low, it may be due to installation of new filters.

When saving the movie…

Check audio export settings during saving of movie

After you have completed your editing in MM and are ready to save your movie, look in “other settings” and select the appropriate audio settings. Note configuration of settings may work best with WMV output and may not solve problems with people saving to DV formats.

Convert soundtrack files to stereo or use alternative profiles when saving

Use alternative output file profiles (either the Windows Movie Maker defaults or custom profiles) within MM when saving the movie. Sometimes your audio may be configured to be mono only or stereo only which affects the soundtrack in the saved movie. WMV formats may allow more customization.

Audio file tuning

Here are possible solutions to common audio problems. They may not be useful if you really have codec issues, but can work if there are problems with the audio files used for your movie soundtrack.

  • If using MP3s, convert MP3s to wav. Use Audacity/TMPGEnc if you need to convert audio channels on sound files (e.g. mp3, wav) used in your soundtrack.
  • Play around with MP3 bitrate: e.g. if MP3 is at 256Khz, reduce it to 192Kbps @ 44.1kHz.


Find and match open ports and services in Windows

Find and match open ports and services in Windows

When running Windows, operating system tools allow you to find the mapping of a open TCP/UDP ports to a running service or application.

Netstat: Displays protocol statistics and current TCP/IP network connections


> netstat /?

to find information about the options and usage for the command. To find all connections and listening ports, use:

> netstat -abo

To list the executables used in creating those connections, and finding the process ID for each connection. Using these commands, you can find all the open ports and process IDs listening on the system you are executing the netstat.

Task manager: Matching process IDs to processes

After obtaining the process ID from netstat, Windows Task Manager can be used to find out what those processes are. First add the PID column to the Task Manager processes list. After that, look for the process IDs you are interested in and found from netstat.

Tasklist: Getting service executable information

svchost.exe is a common service found in the task manager process list and sometimes there are several instances.

If you are using XP Professional, Vista, or Windows 7, to find more information on svchost, use the following command

tasklist /SVC

to find the executable name, process ID, and possibly some service information details.

System administration 1: Useful Commands and Locations on Windows and Unix/Linux

System administration 1: Useful Commands and Locations on Windows and Unix/Linux

This post lists common commands used in Windows and Linux/Unix system administration, server support, and troubleshooting.


The first command indicates the command name (searchable with a man page). The parens indicate useful extensions

File Searching, Browsing

Command Usage/Function
ls (-al) List files and directories
find (./ -name  or expression ‘in quotes’) -print Find files given filename and other parameters.Some usage patterns are below.-exec is powerful since it defines what to do with the file(s) found by the find command. For example, you can use grep to look for information inside those files (see below).
find / -type f -exec grep -l “string_here” {} ; Find files containing a string called “string_here”
find / -type f -print -exec grep -l “string_here” {} ; >Find files containing a string called “string_here” and output the lines from those files that contain that string. -print will show which files were found.
find . -name ‘*s’ -print To see which files within the current directory and its subdirectories that end in s
grep Display files and extract information containing word / pattern after the command
egrep Extract line containing word / pattern after the command
pwd Print (output to console) current working directory
less, more Console content control/reader
Rm (-Rf) Remove (with recursive and forced)

ampersand (&) – Executed after a UNIX command makes the command run while providing the command prompt back. Using & allows you to continue to type more UNIX commands.

Common use of the ampersand ( & ) is at the end of commands that open their own windows like a web browser or an editor..

The amperand (&) means something different when used immediately after a greater than (>) for output redirection or after the pipe symbol ( | ) for passing output to other commands.


Command Usage/Function
man Manuals (help pages) for system commands.
ln –s Create symbolic links between files
ftp File transfer protocol program
ssh Secure Shell
bash Bash shell (running activates bash shell on console if it is available).
Rm (-Rf) Remove (with recursive and forced)
nslookup OR dig OR host Domain name service lookupdig -x <ip> or nslookup <ip> does reverse lookup
whois Query
traceroute Trace network route
lynx Text based HTML browser
mount, unmount Mount or unmounts file systems
date Date/time on system
runmqsc (WebSphere Messaging Queue MQ) ex. runmqsc <queue>

- display all channels info
STOP CHANNEL('<queue>')
RESET CHANNEL('<queue>')
START CHANNEL('<queue>')
wget GNU tool to retrieve web or file content.
Example of using wget to create of backup of a website (web archive) stored on your local computer. See the wget manual for more options.Get/backup website content for offline viewing:

[dark_box]wget -c -m -k -K -E -P/tmp http://url_of_the_website[/dark_box]

Get/backup website content for offline viewing. Limit rate to reduce load on the target website and ignore robots file. Ignoring the robots file is helping for backuping up everything under a website and for WordPress blogs.

[dark_box]wget -c -m -k -K -E -P/tmp –limit-rate=300k -e robots=off http://url_of_the_website[/dark_box]

Here is what each option means:

  • wget > Download web content
  • -c continue from partially downloaded files, useful for finishing a partial wget in the past
  • -m or –mirror > recursively with time-stamping (), while
  • -k -K > converting links for local viewing
  • -E or –html-extension > and add .html extension for html files if not present.
  • -P or –directory-prefix=… > Download the web content to the directory indicated; in this case /tmp.
  • http://&#8230; > Location where to start the web backup / archival
  • ––limit-rate (e.g. –limit-rate=300k ––wait=2> To limit your download rate and prevent overloading or taxing the performance of the web server

ystem Administration

Command Usage/Function
prstat: report active process statisticssar: System activity reportermpstat : Report per-processor or per-processor-set statistics Check CPU utilization, per CPU statistics. (e.g. sar 1, sar -u 10 60, mpstat 10 60)(e.g. Stats by zone: prstat -Z, Stats by Projects/users prstat -J)
useradd (Solaris) Create a user Example: useradd -d /export/home/smithjo -m -k -s /bin/bash -c “John Smith” -g100 smithjo
userdel (Solaris) Remove a user. Example: userdel -r smithjo
The -r option removes the users home directory and login information
groupadd (Solaris) Modify a user’s information like group
usermod (Solaris) Modify a user’s information like group
rpm (Redhat based systems) Package manager
ifconfig (-a) Display IP address information including loopback and inet interfaces, sometimes in /usr/sbin
hostname (-f) Obtain hostname information of server
domainname Display a servers domain name
pkgadd (Solaris), yum (Fedora, RPM)package-cleanup Package manager tools (e.g. yum install <program name>
chownchmodchgrp File ownership and rights management. E.g. chown <new owner> <filename>chmod 664 <filename> for rw-rw-r
File compressions and ExtractionCompressgzip -c file1 file2 > foo.gztar cf – target_file_or_directory | gzip -c > target.tgzgtar -cvzf target output.tgzUncompressgzip -dc output_file.tar.gz | tar -xf – Related commandsCreate a tar file:tar cvf <tar.filename> <>Extract a tar file:tar xvf <tar.filename>Check the contents of a tar file:

tar tvf <tar.filename>tar (-xzif)


unzips a zip filegunzip :unzips tar.gz files

sendmail Mailer
mail Email management
tail (-f) See near end of file or stream file with -f
passwd User password management
su Assume root user or user specified after command. Will prompt for password.
sudo Assume root user only for command following sudo. Will prompt for password.
df (-akh) Reports on disk space on mounted and mounted file systems
md5 Checksum command
cron Scheduler
uname (-a) System/machine information
ps (-ef) (-Al) List (all) processes and their details
kill (-HUP) Send signals to process. E.g. kill -9 <pid> kills a process with pid specified
shutdown (now) (-r) Shutdown operating system e.g. -r restart afterwards “now” shuts the system down right away without a time delay
netstat (-an) Network information for system, port listeners and addresses. E.g. netstat –rn to view existing kernel IP routing table


Command Usage/Function
gcc (or cc) C compiles
pico, nano File editors
make Builder program

Useful Concepts for Linux/Unix

Directory Structure

Logs, spoools, and file resources (mail, logs, temp, etc.): /var

Configuration Files: /etc, /etc/rc.init (startup scripts). /etc/

Unix “blackhole”: /dev/null

Core Command locations if not in path: /usr/(s)bin, /usr/local/(s)bin, /usr/sfw/bin/ | Solaris: /usr/openwin

Devices (I/O): /dev

Mounted Systems: /mnt, /media

Code Libraries/Modules: /usr/lib, /usr/local/lib

Stored source: /usr/src

Services: /etc/services – example of entries in services file (ports and protocols associated with the ports.

netstat         15/tcp
ftp             21/tcp                 # File Transfer
ssh             22/tcp                 # Secure Shell
telnet          23/tcp

Platform Specific

User settings ~/.<user setting folder>

e.g. ~/.kde/share/apps stores KDE desktop settings and configurations.

Checking serviers and ports in netstat

less /etc/services | grep <service name>

netstat -a | grep <service name>| grep <keyword, e.g. LISTEN>

Checking Memory

Check Total physical memory:

# prtdiag -v | grep Memory # prtconf | grep Memory

Check Free physical Memory:

# top (if available) # sar -r 5 10 Free Memory = freemen*8 (pagesize=8k) # vmstat 5 10 Free Memory = free

For swap:

# swap -s # swap –l


Command Usage/Function
certmgr.msc Certificates
ciadv.msc Indexing Service
comexp.msc Component Services
compmgmt.msc Computer Management, central administration panel for Windows. Can also be used to access IIS administration console.
control mouse Open control panel for mouse
defrag, dfrg.msc Disk Defragmenter
devmgmt.msc Device Manager
diskmgmt.msc Disk Management
eventvwr.msc Event Viewer
fsmgmt.msc Shared Folders
gpedit.msc Group Policy
lusrmgr.msc Local Users and Groups
msconfig Startup files and processes configuration
ntmsmgr.msc Removable Storage
ntmsoprq.msc Removable Storage Operator Requests
perfmon.msc Performance monitor
regedit Registry editor
rsop.msc Resultant Set of Policy
sc query Find function. E.g. Find a Windows services called “WSearch”sc query | FINDSTR /i /r WSearch
secpol.msc Local Security Settings
services.msc Services and Process manager
wab Windows address book
wmimgmt.msc Windows Management Infrastructure (WMI)

Remote Desktop Management related commands

ERROR The terminal server has exceeded the maximum number of allowed connections

If you encounter this error, you can either reboot the terminal server you are trying to remote desktop to or log into the machine as an administrator.

To log in as the administrator:

mstsc /v:<ip address e.g. /console

By using /console at the end of the command you will be logging in as if you were at the server. Alternatively, if you are using Windows Server 2003, run this comment instead (replace /console with /admin)

mstsc /v:<ip address e.g. /admin

If you can telnet or ssh to the server you can use the following command. This command will kill all active RDP sessions to free one so you can connect.

tsdiscon /1

tsdiscon /2

tsdiscon /3

tsdiscon /4

Session cleanup

When you execute the commands above, log in as an administrator on the machine. That log in allow you to use the console on the server.

Remove any disconnected users via the Terminal Services Manager

Start > All Programs > Administrative Tools > Terminal Services Manager

Click on the name of your server and the right side should show a list of users. If the users are disconnected, reset the users to free up the two normal remote desktop connections. Right clicking the disconnected user and selecting “Reset.”

It is good practices to only use the console to disconnect inactive sessions and not for anything else. Make sure you disconnect inactive user sessions first with the instructions above, otherwise if you get disconnected again you will have to physically access the server.

Remote Desktop sessions should always be closed using the Windows <<Log Off>> function rather than disconnecting by closing the window as using the X to close will disconnect from the session but leave it active.


Random thought:

Despite carefully following installation and configuration procedures for various programs, they still tend not be smooth.