Date post: | 19-Dec-2015 |
Category: |
Documents |
View: | 219 times |
Download: | 2 times |
Advanced Advanced Troubleshooting Troubleshooting
TechniquesTechniques
Chris Conlon- Fall 2002Chris Conlon- Fall 2002
Overview of TopicsOverview of Topics
►Troubled beginnings- when computers Troubled beginnings- when computers don’t startdon’t start
►Lost but not forgotten- Data RecoveryLost but not forgotten- Data Recovery►Your friend and mine- the Registry Your friend and mine- the Registry
EditorEditor►How to succeed as a UA without really How to succeed as a UA without really
trying- Automating Taskstrying- Automating Tasks
If you can’t get to WindowsIf you can’t get to Windows
► Safe Mode- F8Safe Mode- F8► Boot off of the CDBoot off of the CD
Recovery Console (2k/XP) vs Repair OptionRecovery Console (2k/XP) vs Repair Option Security Policy Setting –otherwise you’re locked outSecurity Policy Setting –otherwise you’re locked out
► BIOSBIOS Delete, F1, F2Delete, F1, F2 Escape first to disable silent bootEscape first to disable silent boot
► Quick boot is the enemyQuick boot is the enemy Resetting the NVRAM/PnP dataResetting the NVRAM/PnP data Boot Sector virus protection vs OS reinstallBoot Sector virus protection vs OS reinstall
► Check Beep Codes – RAM or Video Card?Check Beep Codes – RAM or Video Card? Doc Memory on Tools CD—RAM testingDoc Memory on Tools CD—RAM testing
Basics- Tools of the TradeBasics- Tools of the Trade
►MSConfigMSConfig Best method-easily repairedBest method-easily repaired
►Startup Group and Run and Run- keyStartup Group and Run and Run- key►Services in NT/2000/XPServices in NT/2000/XP►.INI Files.INI Files
Basics- Tools of the TradeBasics- Tools of the Trade
►SyseditSysedit Can edit old startup filesCan edit old startup files
►Autoexec.bat, Config.sys, System.ini, win.iniAutoexec.bat, Config.sys, System.ini, win.ini►Good for Multimedia drivers, and old thingsGood for Multimedia drivers, and old things►That pesky Norton Uninstall (navapw32.dll is That pesky Norton Uninstall (navapw32.dll is
missing…)missing…)
Startup CPLStartup CPL
► Installed as Installed as control control panel utilitypanel utility
► Similar to Similar to MSConfigMSConfig
► Easy to useEasy to use
Analyzing the Boot LogAnalyzing the Boot Log
►Use the BLA on the Tools CDUse the BLA on the Tools CD►Reads the Bootlog.txt file generated Reads the Bootlog.txt file generated
by Windows and “decodes” it.by Windows and “decodes” it.►Maybe it’s useful to you…Maybe it’s useful to you…
That Pesky DriverThat Pesky Driver
Windows installs the same bad driver over and Windows installs the same bad driver over and over….over….
► Finding the hidden folderFinding the hidden folder C:\windows\inf\catC:\windows\inf\cat Deleting the .inf fileDeleting the .inf file Only works for unsigned drivers not shipped on Only works for unsigned drivers not shipped on
windows CDwindows CD
►Delete from device managerDelete from device manager► Always try to “Update Driver” not “Reinstall Always try to “Update Driver” not “Reinstall
Driver”Driver”
When all else fails…the BIOSWhen all else fails…the BIOS
►Entering the BIOSEntering the BIOS►Seek and Destroy!Seek and Destroy!
Eliminate Quick BootEliminate Quick Boot Turn off Power SavingTurn off Power Saving Resetting PnP DataResetting PnP Data
►Disabling un-needed peripheralsDisabling un-needed peripherals IR, COM, Parallel, integratedIR, COM, Parallel, integrated
►Low-Level FormatLow-Level Format
Showing Hidden DevicesShowing Hidden Devices
►Use the registry file on tools CD to Use the registry file on tools CD to show hidden devices in device show hidden devices in device managermanager
►What’s a hidden device you ask?What’s a hidden device you ask? Unplugged PC Cards or USB devices, etc.Unplugged PC Cards or USB devices, etc. ““Ghosting” network adaptersGhosting” network adapters
Port ScanningPort Scanning
► Port Scanning Port Scanning yourself is a yourself is a good way to good way to look for trojanslook for trojans
1.1. Superficial – Superficial – netstat /anetstat /a► ListeningListening► EstablishedEstablished► Port #’sPort #’s
Active PortActive Port
►Does not seem to work well with 2k/XPDoes not seem to work well with 2k/XP►Basic Port Scanning for older systemsBasic Port Scanning for older systems
Reasonable at looking for TrojansReasonable at looking for Trojans
SpyWorks or SpyWare?SpyWorks or SpyWare?
► Very Robust suite of Very Robust suite of somethingsomething
► Port ScanningPort Scanning► Intrustion Detection Intrustion Detection
ToolsTools► Intrusion Defense Intrusion Defense
ToolsTools► Key loggers and Key loggers and
other sketchinessother sketchiness
Hard Disk TroublesHard Disk Troubles
► Using Norton 2002Using Norton 2002 Disk Doctor (FAT32 Preferred)Disk Doctor (FAT32 Preferred)
►Repairs errorsRepairs errors Limitations under NTFSLimitations under NTFS
► Scandisk v. chkdsk /fScandisk v. chkdsk /f► fdisk, format (boot disk)fdisk, format (boot disk)
Lose all data and start over (6mo)Lose all data and start over (6mo)►FAT32 v. NTFSFAT32 v. NTFS
Fdisk /mbr (when switching OS’s)Fdisk /mbr (when switching OS’s)►DelPart.exe – Win 9x over NT/2KDelPart.exe – Win 9x over NT/2K
Low level formatLow level format
Scandisk and Chkdsk /fScandisk and Chkdsk /f
►Scandisk fixes simple errors on Scandisk fixes simple errors on floppies and HD’s (First Line of floppies and HD’s (First Line of Defense)Defense) Doesn’t fix things very wellDoesn’t fix things very well
►Chkdsk /fChkdsk /f Scorched Earth data recoveryScorched Earth data recovery Makes a mess- last resortMakes a mess- last resort
Norton UnEraseNorton UnErase
►2 Ways for HD’s2 Ways for HD’s Recycle Bin ProtectionRecycle Bin Protection Boot off the CD – works very wellBoot off the CD – works very well
►Can recover DELETED files quickly and VERY Can recover DELETED files quickly and VERY effectivelyeffectively
►Use NDD to recover Damaged files firstUse NDD to recover Damaged files first
Floppy RecoveryFloppy Recovery
►Same Basics, scandisk, chkdsk /f, nddSame Basics, scandisk, chkdsk /f, ndd►Can also use hex editor to grab TEXT Can also use hex editor to grab TEXT
ONLY from files.ONLY from files. Slow and TediousSlow and Tedious Use searchingUse searching
►Winhex on Tools CDWinhex on Tools CD
How to succeed as a UA How to succeed as a UA without really trying…without really trying…
Automating Tasks (or Automating Tasks (or borrowing)borrowing)
Network EnemaNetwork Enema
►New for Fall 2002New for Fall 2002►Safer on Windows XPSafer on Windows XP►Less filling same great tasteLess filling same great taste
Which would you rather Which would you rather have?have?
► Netconfig.exeNetconfig.exe Instantly enables DHCPInstantly enables DHCP Removes Proxy Removes Proxy
SettingsSettings Configures for LANConfigures for LAN Removes DNS entriesRemoves DNS entries Removes Static IPRemoves Static IP Releases and RenewsReleases and Renews No reboot –runs in 10sNo reboot –runs in 10s