Rescuing Windows: Trinity Rescue Kit
Update: Added link to MVPS hosts file website.
My friend’s daughter’s VAIO Windows XP laptop has been giving her fits–it’s slowed to a crawl–so I volunteered to take a look at it. Norton 360, which was installed on the machine, told me that everything was okay from a malware standpoint. It turned out to be mistaken.
The first things I did were fairly routine:
- I installed Service Pack 3, which the Windows Updater told me was waiting and ready for installation.
- I downloaded, installed, and ran Spybot S&D, which found 300 and removed 300 items of spyware, mostly tracking cookies. Spybot also created a HOSTS file, which I later supplemented with entries from the MVPS hosts file.
- I downloaded, installed, and ran Lavasoft Adaware Free, which found and removed only a few items, but identified one as a major Trojan.
Then I decided the try the Trinity Rescue Kit (TRK), a Linux Live CD specifically crafted for cleaning Windows computers. I jacked the computer into my hub and booted to TRK CD. I used a wired connection because it was easier than booting TRK, then configuring it to connect to a security-enabled wireless network. It can be done, but, as far as I am concerned, is definitely in the “why bother if you don’t have to” department.
The picture below shows the main menu and the output of the command to mount the hard drive of the laptop. (TRK does not include a screenshot tool–I had to take pictures and clean them up the best I could. Click any picture for a larger image.)
I won’t discuss all the items in the menu; TRK includes a help routine, but I will mention the items that I found most helpful.
First I ran the cleanup routine, which offers options to clean up temp files, uninstall folders from Windows updates, failed print jobs, recycle bins, and a few other items. Each cleanup routine scans the hard drive, calculates how much space can be freed, and then offers a “Continue yes or no” prompt.
I then ran several virus scans. When you select a scan, TRK downloads the anti-virus program, installs it to the RAMdisk, then scans the hard drive. F-Prot, the one I ran first, found and cleaned 21 infections. ClamAV, which I ran next, identified and removed another culprit: A free screensaver package called “popular screensavers” which had a payload of malware. The machine was, as they say, majorly infected, despite the presence of Norton.
TRK also includes the Midnight Commander, Old DOSsies like me will recognize the resemblance to Xtree, which can enable you to easily navigate the file system, copy and edit files, save data to external media, and so on. This would be especially useful to Windows users trying to use TRK, because Windows and Linux use complete different terminology to identify hard drives and partitions–with MC, a user can poke around until he finds that valuable spreadsheet or work document, and, using the MC menu, copy it. The picture shows C:\Documents and Settings for the Windows default user on the right and the contents of the TRK RAMdisk on the left.
I can recommend the Trinity Rescue Kit.
One last note: While I was running the Spybot scan, Norton 360 decided to do an “idle scan.” Why I do not know–the computer was certainly not idle. I opened up the Norton 360 interface and could not find a way to stop the scan–if there is one, it is buried many fathoms deep.
The Norton scan collided with the Spybot scan; I had to wait for Norton to finish and then rerun Spybot.
Norton does not seem to work and play well with others.