What we'll be covering in this instructable:
- The 5-Steps of Troubleshooting.
- Known causes of performance problems.
- Proper techniques and mannerisms for managing foreign systems.
- Useful freeware programs that can be used to make the job easier.
Step 1: Introducing the 5-step Troubleshooting Process.
The 5-step process includes the following steps in detail:
- Identify the problem.
This includes the 5 w's of deduction. (who, what ,when, where, and why)
- Who is recognized as the operating environment of the system.
- What is the problem we're solving for.
- When is the time the problem affects the system. (Average the time if the problem loops at an interval)
- Where is the area where the problem persists.
- Why is the reason why the problem is on the system and why the problem occurs.
- Identify the magnitude of the problem and determine if you can fix the issue.
Identifying the magnitude of the problem requires that you know what you can and can't do.
An example would be a problem on a Windows 7 system that requires administrative privileges to fix.
- This shows that you can't apply the solution without elevated privileges; therefore, you require permission.
- List all potential causes and start with the most probable cause.
The potential causes should include hardware, software, and firmware.
- Hardware is determined as physical entities of a system that you can physically interact with.
- Software is determined as a program that you can't physically interact with other than I/O devices.
- Firmware is determined as a program that is embedded in the hardware of the system.
- Make a plan that accounts for all known side-effects of the plan.
There is a possibility of a side-effect coming from unknown or foreign sources.
The most common source of foreign side-effects is an unsafe network or background process.
- Apply the plan to fix the problem and document the solution for future reference.
Use what you've deduced and induced from the previous steps to test the solution.
There is a higher chance that the solution could cause another problem, or the solution isn't the right one.
- If the solution causes another problem, then document that problem and apply the process again.
- If the solution doesn't fix the problem, then refer to the 3rd step and choose another potential cause.
This process should be mandatory as a policy for those who intend to troubleshoot a problem with a higher possibility of successfully fixing a problem on a system. DO NOT ASSUME THAT YOU CAN FIX ALL PROBLEMS WITH THIS PROCESS!
Step 2: Fixing Long Boot / Shutdown Times.
Problem: The system's boot time is longer than the user anticipated.
- Who: 32-bit version of Windows 7. (Home Premium)
Knowing the version of Windows 7 will give you an idea of the available features and known bugs.
- What: We are solving for a long boot time and a long shutdown time.
- When: The problem occurs every time the system is properly booted and shut down from in the OS. The problem occurs for an approximate of 10 to 15 minutes; rare cases have been known to last 30 minutes to hours.
- Where: The problem appears to consist with the booting of the operating environment; this could implement an insufficient hardware error. (An insufficient hardware error is also known as having inadequate hardware running the software)
- Why: This is what we'll be solving for with our 5 step solution.
The magnitude of the problem is the time it will take to fix the problem. If it takes an average of 10 minutes to start the system and stop the system properly; then you can easily spend hours testing solutions.
The list of potential causes are as follows: (Lists from the most probable to the least probable cause)
- The hardware is insufficient in comparison to the software.
- There's a modified setting that hinders the booting time of the system.
- There's an issue with the BIOS firmware or there's a conflict between the BIOS and the OS.
The plan we're building will account for the following side-effects: (All are very likely to happen)
- Insufficient available connectors on the motherboard for drive expansion. (SATA/SSD)
- DOA Hardware if purchased through online sources
- Software incompatibilities with the new storage device or broken file paths.
The plan to fix the system consists of adding a faster storage device that uses a faster version of SATA as well as better RPM and possibly better storage than the previous storage device. (SSDs are good for speed but not good for large storage capacities for the same price of a hard drive)
We can determine this from the speed of the drive, the age of the drive, the overall damage done to the drive by dust and falls, and the method used to manage data. (PATA is outdated, and SATA 2 is becoming obsolete)
Determining this will be linked to a freeware program that will test for drive errors, cyclic redundancies, and will provide a large list of in-depth information pertaining to the drive specification.
Step 3: Recognizing and Removing Viruses, Malware, Spyware, Worms, and Hackers.
Keep in mind when you're dealing with this issue; THIS WON'T APPLY TO ALL FORMS OF ATTACKS AND IT MIGHT NOT APPLY FOR FUTURE DERIVATIVES OF THE ATTACKS.
The most common virus that you'll come across is a Trojan. A Trojan virus is common because of how easy it can be embedded in program code as well as being capable of bypassing antivirus programs by hiding behind legitimate code as well as being toggled by running the program and using hidden background processes on the system.
The best method used to combat a Trojan virus is to remove the source of the virus as well as performing a thorough scan from file scans, network port scans, and scan through other connected devices on the network and other users who have connected to the network. (Even if it was momentarily, an average LAN file transmission speed for mobile devices can be anywhere from 5 Mbps to over 100 Mbps for most NICs from the last decade. (from 2004 to current time)
Using our methods will be less effective towards a hacker since we'll be dealing with a sentient being who most likely has a decent knowledge of data encrypting, network spoofing, VPS connections or botnets, and has the potential of being anywhere in the world. (Russia, China, and Middle-Eastern countries are notorious for using hackers for government projects)
Who: This refers to the threat if it were from a foreign source.
What: We're attempting to fix a system that's being attacked by malicious code.
When: The problem occurs constantly because the code is toggled during the boot.
Where: The area could be anywhere on the hard drive, and we can all hope that it's not affecting the firmware.
Why: The reason why malicious programs are made is usually to scrape information from the user to sell, to make a botnet out of the compromised systems. (A botnet is a large network of compromised systems used to combine their processing capabilities to carry out malicious attacks on large targets, usually by DDoSing servers)
The magnitude of the problem pertaining to a virus is the preventive measures to prevent spreading the virus to other systems and to determine the location that the virus infects and the location where the virus resides.
The magnitude of the problem pertaining to a hacker is much tougher and the best practice is to improve the policies that governs the users of the system to improve security measures, you will also require a back-up of your system to archive your personal files while your computer is reformatted as a preventive measure of leaving open access to the renewed system. (The backup will only be allowed access in a controlled, offline environment that is most likely based on Linux)
The potential causes of this would be a malicious download containing dangerous code inside of the program code. If your antivirus recognized a pattern that matches the templates hosted on the servers it will then send out the data to alert and isolate the program from administrative read/write permissions and waits for your approval to remove the malicious file from your system through the client.
The potential cause of a hacker is close to impossible to determine. The idea of a blackhat hacker is to cause problems for a system that's connected to a server. The best method to handle a hacker is to isolate yourself from a network and then have your software backup ready to restore your system to prevent the hacker from using a back-door that could have been inserted into your system. (The etc/hosts file in your System32/drivers can provide a software-based DNS cache that the local network will use to re-route addresses to a manually specified addresses)
The possible side-effects of handling a virus is that it could replicate and even modify crucial system files. This imposes a greater threat than one of the most annoying scripts that modifies boot files known as the MoneyPack ransomware file. The ideal thus far is a lesser chance of recovering a personal file that might not include the virus embedded in it, so keeping backups of your system is imperative.
There are no side-effects of handling a hacker; mainly because the hacker isn't about to take any chances to boost his/her ego by toying with the possibility of legal reprimand. Usually the best method to prevent a hacker from furthering the damage on a network is to isolate that hacker from the network, this doesn't remove the threat of the hacker, but it halts all incoming and outgoing packets from reaching wherever the hacker may reside. (Unless the hacker is at 127.0.0.1, if that's the case then your hacker is a bot on your own local machine that was probably implemented through malicious code, so disconnect from the network and handle the malicious code as you would a virus (see above paragraphs on all parts))
Fixing the problem with viruses is determined by the type of virus you're dealing with. Some of the most common methods of recognizing viruses and malware is by using legitimate software that is known to work in real-time if your processor is capable of handling real-time scans while you work. Don't forget to maintain a backup of your system for future resolutions; a 1.0 TB external USB 3.0 hard drive can be found online for dirt cheap these days. (A Western-Digital Passport external hard drive is $70 or £42 at BestBuy's website)
The main method in solving the problem with a hacker is to isolate the machine from the network and renew your DHCP setting to give a new address if the hacker is using the IP address to locate your server from the large range of networks that make up the World Wide Web. This has a low chance of working if the hacker already has access to your system, so you may require resetting the ports on your router or denying unused ports permission to access VNC services and use a 3rd-party firewall instead of the default Windows firewall. (Which has had more than 2 decades for hackers to find backdoors and bugs to exploit (Windows NT version firewall is the exact same across 2000, XP, Vista, 7, and 8 (pretty scary huh?))
Step 4: Mannerisms, Policies, and Corporate Procedures for Managing Foreign Systems.
I hate having to make this section.
As a system diagnostic specialist you should know more than I do in terms of the policies used by most major companies, but as a commercial user, you should know to keep backups of your system and files and not to download everything you come across over the internet. This isn't something that you couldn't figure out if I haven't taken the time to write this instructable.
The main issue with managing clients in networking is having to keep up with the outgoing traffic and the incoming traffic each user produces. With the advent of faster data transmission speeds available to a lot of users in medium-sized cities can produce an issue where the servers can't sort through all of that data efficiently. Remember when you downloaded that movie or album from a torrent host? Remember the times you weren't caught? The possibility of you not being caught could coincide with the fact that your ISP doesn't implement a server for sorting through data to find malicious codes, illegal file transmission, or secretive data incoming to an unauthorized client.
That's bad news, and the biggest issue with security is that the ISP you are using to view this instructable is most likely the 2nd location that your packets traverse to before reaching any sites you visit. This means that if someone can force access through your ISP servers because the incoming data wasn't filtered to recognize unauthorized connections. (IP spoofing techniques work if you're adventurous and are not afraid of your state's prison system)
This means that malicious data can be directly sent to your system and other systems connected to your network without even having your system running a web browser or utilizing an outgoing packet connection. (This means that a hacker can easily penetrate your ISPs security with a spoofed IP address and then proceed to request authentication from your VNC without having you aware of this happening)
If you are working at a Internet Service Provider and you have access to the funding department and/or the database center that stores information and caches transmitted packets. The reason why I put a lot of pressure on funding and database management is to ensure that nobody can spoof your network without having to match and OTP Token based security with commercial-grade encryption which is very expensive sets of programs and some servers will come bundled with these features if you order such a machine. (I might not recommend this option because pre-configured servers could pose heavy security threats, especially for large corporations)
Your data is important to you, you wouldn't want to lose all of that precious work that you put minutes/hours to months/years. The use of system backups will provide a huge benefit for system restoration in the off chance you can come across huge security breaches. (Storage isn't hard to come by and isn't expensive to get large amounts of storage)
Step 5: The Conclusion Thus Far...
Here are the links:
External Storage Device (Backups): https://www.google.com/shopping/product/178555778...
3rd Party Firewall by Comodo: http://www.comodo.com/home/internet-security/fire...
Antivirus by Avast/AVG/Microsoft Security Essentials/Avira/Comodo:
Viewing Hard Drive Specs: WIN+R -> 'compmgmt.msc' -> Device Manager -> Disk Drives -> Google Search -> Manufacturer's Website
Using an example from my system:
My system has a Seagate ST1000DM 003-1CH162 1.0 TB SATA 3 hard drive inside of it which allows 7200RPM speeds and SATA 3 transmission speeds. This is quite useful whenever I boot and shut down my system at fast speeds without many problems outside of software issues or forced BSODs. (Avoid disconnecting VMWare Workstation 10.0 mapped VDMKs in Windows 8.0 x64 because it causes a BAD_POOL_HEADER BSOD (Just thought I would let you know for future reference))