Sunday, June 3, 2012

FixMeStick


When extra-devious malware defeats your antivirus, or when you can't install protection because malware has pwned the system, you (being a tech genius) might try a bootable rescue CD. However, many users don't have the tech skills to burn an ISO image or deal with the often-arcane interface of bootable solutions. For them, FixMeStick ($49.99 direct) will do the job. The design of this USB-based security tool centers on making malware cleanup as easy as possible, even for users with limited tech abilities.

Getting Started
To start using FixMeStick ?on an infected system that can still boot into Windows, just insert it and wait for Windows to launch the "Run FixMeStick" program. Users with more security knowledge may have chosen to disable USB autorun; in that case, launch the program manually.

This little program does no scanning. Rather, it configures your system so that at the next reboot the FixMeStick will show up as an operating system option on the boot menu. To help users who may not have seen a boot menu before, it displays a screenshot and explains what to do. From here you just click the button to reboot and run FixMeStick.

FixMeStick is the default option when the boot menu appears. Pressing Enter will launch it immediately, but if you don't it will auto-launch in 30 seconds. After a few minutes of setup in the background, it's ready to go.

If Windows won't boot at all, running FixMeStick may still be simple. Turn off the PC, insert the USB key, and turn it on again. If you're lucky, your PC is configured to boot from USB. If that doesn't seem to work, tech support can explain how to tweak the BIOS so it will boot from the device.

Fully Automated
The next thing you do to advance the process is...nothing! FixMeStick does everything for you. In fact, its main screen recommends that you just go take a break for anywhere from 30 minutes to a couple hours. Cleanup on my infested test systems took 30-40 minutes.

Unlike a bootable rescue CD, this USB device is fully writeable. That means it can check for program updates and download new malware definitions that will be stored right on the USB key. After initializing the three scanning engines it launches right into a full scan. A warning banner appears if the scan has discovered malicious files.

On completion of a scan, it offers two choices. Most users will just choose to fix the computer, without worrying about details. I live for details, so I chose to view the results before fixing problems. One, two, or all three antivirus engines may have detected a given threat. FixMeStick lists the engines that detected each threat, along with the threat name used by that engine's company. There's an option to keep a given file rather than send it to quarantine, but you should only use that under instruction from tech support.

Once FixMeStick has finished cleaning up, you exit the program, unplug the device, and reboot into Windows. Your browser opens to a debriefing page online. Here you can share your FixMeStick experience on social networking sites, offer feedback, or contact the help team.

Collateral Damage
Why would you need to contact the help team after a successful cleanup? Because FixMeStick can be a bit heavy-handed, wiping out files that it shouldn't. When its engines detect a valid file infested by malware, it can't disinfect the file back to its original status. All it can do is toss that file into quarantine. If this happens to an essential Windows file, you may be hosed.

One of my malware-infested test systems seemed to boot Windows but never displayed the desktop. That's a problem usually solved by bringing up Task Manager and manually launching Windows Explorer. However, Task Manager reported explorer.exe missing, apparently wiped out by FixMeStick. Another test system went into a noisy, never-ending cycle of login and logout, each with its own musical accompaniment.

I solved the first problem myself by booting back into the FixMeStick and using its Undo Quarantine feature. As the product warned, this completely undoes the most recent cleanup, restoring all files including the nasty ones. I rescanned, but this time chose to keep explorer.exe. That did leave me with an infected explorer.exe, but at least the system booted.

Remote Support
For the second problem, I supplied FixMeStick's log file to tech support. They identified the problem and supplied me with instructions for getting connected to their remote control chat-based help system. In a coming update, which existing FixMeSticks will pick up automatically, this process will just require clicking a button. At present, it's a bit more complex.

A special key combination opened a Linux command window for me. By carefully typing in a list of commands supplied by tech support, I installed Firefox, downloaded and installed their support software, and launched it.

At this point tech support took over. The support agent identified the missing file and put a clean copy in its place. After that the system booted properly.

rashard mendenhall rachel zoe penn state football mt rainier national park rose parade mount rainier national park drop dead gorgeous

No comments:

Post a Comment