<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Applications worthy of being in a Windows Techie Toolkit.

Published on
24,419 Points
8,319 Views
46 Endorsements
Last Modified:
Awarded
Community Pick
Introduction

This article mainly focuses on Windows XP but the utilities we are going to discuss here will also work on Windows Vista, Windows 7 and maybe on future versions of Windows. They are guaranteed to work on all Windows NT platforms but may not work on Windows 9x (Windows 98, 95 or earlier versions). All the applications mentioned below require the user to have a fair knowledge of how Windows works on the inside (more than copying and moving around documents) i.e. just a little more than the basic user knows of. But I believe it's always interesting to keep learning and - ultimately - today's expert was once an average user.


Motto

The objective of this article is to highlight the power of the applications that are available for free (most of them from Microsoft) but we rarely hear of them or just shy away owing to the complexity of their usage. Each application which I will be discussing is something complete in itself and has its set of command line switches which may be used in an advanced manner if required. Most of the applications discussed here will prove to be helpful in identifying and removing malware. Malware is collectively referred to the various forms of Viruses, Trojans, Spyware, Adware, Rootkits and other forms of malicious set of applications responsible for interfering with the normal working of the Windows Operating System. Malware  may ultimately lead to loss of Data and/or privacy and cause unexplained behavior in Windows operations. Though the below applications will help to deal with malware to a great extent, proper removal can only be guaranteed after scanning with multiple Anti-malware tools.

The prime focus will be troubleshooting common problems and geared towards fine tuning the Windows Operating System. Extensive help is available in the Help File that comes with the Application, so I will not post it here. Just by pressing the F1 key, Help will be displayed when the Application is running.

Here we begin-

1. Process Explorer

Download it from http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Rightly said in the introduction of the application by Microsoft "Process Explorer is an advanced process management utility that picks up where Task Manager leaves off. It will show you detailed information about a process including its icon, command-line, full image path, memory statistics, user account, security attributes, and more."

The major advantages of using it are:

It displays the Path of the Image / Process running in Windows in Real-time. When a process initiated by malware is identified by the user, it can be killed with Process Explorer. Since you already know the path to the file initiating the process, it is easy to find the offending file and permanently delete it.
For a particular process, this application also displays valuable details such as the name of the company & the description of the work done by it. Thus it becomes easier to highlight suspicious processes that have been opened by malware, owing to the fact that processes initiated by Malware are the ones carrying illegitimate file names that have not been Signed and these processes fail to display the name of the Company and Description of the work done by them; as is the case of legitimate processes.
When you decide to "End" a process with the default Windows Task Manager the process is allowed a default wait time of ten to fifteen seconds giving it a chance to shut down properly. With this utility, it is easier to kill the process immediately without waiting for another couple of seconds.
It happens that we identify a threat and want to delete a particular file but when we actually initiate the action to delete it, Windows comes up with the infamous Error Message stating "File is in use". This can be easily overcome with Process Explorer. With Process Explorer running, pressing Ctrl +F will open the Find Dialog Box where you can enter the name of file which is in use. Process Explorer will find the process that has been using the file which you were not able to delete and you can kill that process immediately, which is a real nightmare with the Windows Task Manager. After you kill that process, the file can be easily deleted without any error messages from Windows. Though there is another utility called "Unlocker", I will be discussing below which does the same thing in a much decent manner.
Sure, everything looks prettier and well organized in Process Explorer.


2. Autoruns

Download it from http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Once again Microsoft describes it the best "This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include those in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP......You'll probably be surprised at how many executables are launched automatically!" (I was indeed surprised.)

The major advantages of using it are:

Of course as the name states- it highlights those startup applications which you were never aware of. Another nifty tool in nailing down malware.
You have a more granular control of the Startup Items with this utility which can be used to enable or disable a process from starting up when Windows boots.
Export a detailed database of Autoruns to a file which you can upload for the experts at Experts Exchange to analyze. This is the kind of information that will enhance their ability to help you.


3. TCPview

Download it from http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

Another quote from Microsoft "TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, and XP, TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows." Sure it is a much more advanced view of netstat... really very advanced. You may find TCPview a little less helpful if you are not familiar with Networking. Simply stated like a process initiates a connection to the CPU and Process Explorer displays it, it can be said (although very crudely) that TCPview displays those connections initiated by a process to the Internet.

The major advantages of using it are:

Back to malware tracing, it shows ports opened by malware, just in case you may want to notice.
You can easily kill a process in TCPview with a right click...Just highlight the Process, select End Process & that's it.
Suppose you are configuring a Webserver on Windows XP to listen to incoming connections, TCPview will be a great help to troubleshoot such services. You can view here whether you webserver is running and whether it is listening on the correct Port.


4. TweakUI

Download it from http://www.microsoft.com/windowsxp/Downloads/powertoys/Xppowertoys.mspx

Once again (Oh no! But hey why not?) Microsoft is really good at describing it: "PowerToys add fun and functionality to the Windows experience. What are they? PowerToys are additional programs that developers work on after a product has been released. We take great care to ensure that PowerToys work as they should, but they are not part of Windows and are not supported by Microsoft. For this reason, Microsoft Technical Support is unable to answer questions about PowerToys. PowerToys are for Windows XP only and will not work with Windows Vista."

Ok this has not much to do with malware but yes, you can fine tune many of those nifty settings in Windows with this application.

The major advantages of using it are:

Disable autorun on Drives without hacking into the Windows Registry or using Group Policy Editors. (A must for XP Home Editions as they don't feature Group Policy Editing)
Tune your Clear Type Text.
Manage those Arrows on the Shortcuts.
All the rest is pretty much documented in it, so I won't post it here.


5. Event Viewer

I posted it here as I thought it was of relevance but it is not one of those applications you need to download. It is there very much in Windows itself. Windows + R key will bring up the Run dialog Box. Enter eventvwr and hit ok. If you prefer the long way, My Computer >> Control Panel >> Administrative Tools >> Event Viewer is the default path on a Windows XP installation.

With Event Viewer, users can monitor events recorded in the Application, Security, and System logs and export them to a file for Experts to analyze.

The major advantages of using it are:

Red Crossed Circles showing Errors are the common areas of concern that are helpful when diagnosing a certain problem.
Like many other applications in Windows, you can export a file containing all the details displayed in Event Viewer that can be sent to the experts to analyze. With an export log of Event Viewer in hand, problems can be diagnosed in minutes which otherwise would take more than the needed efforts to troubleshoot.
Windows provides a brief description of how it is possible to recover from the error.
Malware may try to initiate remote connections using your credentials for authentication. Well patched and regularly updated Windows Systems do not allow that easily. As such, if you see too many red-crosses showing multiple failed logins when they are not done on your part, it indicates probable malware infection.


6. Jdisk Report Tool

Download it from http://www.jgoodies.com/freeware/jdiskreport/

Exactly from their Website "JDiskReport enables you to understand how much space the files and directories consume on your disk drives, and it helps you find obsolete files and folders. The tool analyses your disk drives and collects several statistics which you can view as overview charts and details tables. This is ad-free uncrippled no-charge binary multi-platform software that never expires" One thing is that it requires Sun Java to be installed on your machine. You can download Sun Java from http://java.com/en/ Make sure you have it there first or the program will not Run.

Major breakpoints I would like to point out here are:

If you are running short of Disk Space, then this application is what you need the most.
It presents output in the form of a colorful Pie-Chart which adds to the pleasure of finding those files which take up the most space. Click on the Chart to browse deeper into the details. There is also a convenient list displaying the files taking the most space in that area in descending order.
Malware comes in various forms. A category of them aims to fill up your Hard disk with junk files. This is done by taking multiple screenshots of your Screen (that are saved as Big sized Bitmap files) at regular intervals which are notoriously saved in the Recycle bin or System Folders. So this tool helps a bit here. You can identify such files taking up space with the JDisk Report Tool.


7. Unlocker

Download it from http://www.filehippo.com/download_unlocker/

Last but not the least, this one is also part of my favorites. It is described as below:

"If you've ever been unable to delete a file in Windows, and can't figure out what program's using it, Unlocker is the solution. Have you ever seen these Windows error messages?

    * Cannot delete folder: It is being used by another person or program
    * Cannot delete file: Access is denied
    * There has been a sharing violation.
    * The source or destination file may be in use.
    * The file is in use by another program or user.
    * Make sure the disk is not full or write-protected and that the file is not currently in use.

Unlocker can help! Simply right-click the folder or file and select Unlocker. If the folder or file is locked, a window listing of lockers will appear. Simply click Unlock All and you are done!"

The above lists all the advantages of using it but here are a few more:

Kill pesky malware hiding /running in your Recycler Folders.
Very lightweight on system resources. It hardly uses any.
It starts automatically with Windows, but sure you can disable it.


Final Words for the moment

That's all for now. I was thinking of adding a few more to the more Article but I guess the above should get one started. Let us leave something for another Article. Just in case I manage to write another one, I'll link it up here.

Now like all other writers, may I request that you the reader kindly click the Small Blue "Yes" button to the End of this Article, where it states "Was this article helpful?", if you really did find it helpful. A "No" is also welcome, so that at least I will know that you got though the stuff I wrote.

Please post comments, so that I may improve on it further. Your input will help me to improve and benefit all future readers.

Ravi.
46
Comment
17 Comments
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Nice , Vote yes
0
LVL 18

Author Comment

by:Ravi Agrawal
@Sulimanw

Yes Vote gratefully accepted. I thank you very much for taking the time to read the stuff I wrote.

Ravi.
0
LVL 48

Expert Comment

by:aikimark
@Ravi

Thanks.  I'll take a look at Fast Stone.
0
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

Expert Comment

by:normajm400
Thanks, couple here new to me.
0
LVL 18

Author Comment

by:Ravi Agrawal
@normajm400

Thanks, try those, you will be impressed.

Ravi.
0
LVL 1

Expert Comment

by:VCyrus
Yes all the way ... nice job
0
LVL 11

Expert Comment

by:xtreminator
nice AIO article....will also helpful to learners.... will go with yes vote. !
0
LVL 18

Author Comment

by:Ravi Agrawal
@xtreminator

Thanks for the yes Vote.

Replace Process Explorer with Process Hacker from http://processhacker.sourceforge.net/

Just for your knowledge.

Ravi.
0

Expert Comment

by:nstarhelpdesk
Yeah, this was a good read. The basic things, but a bit more cool :)

Thanks,
0
LVL 2

Expert Comment

by:DanAgaDK
Nice list - almost agree.. :-)

Jdisk, though, gets beaten on getting the overview of where your disk space got used by http://www.jam-software.com/treesize_free/ any time - although I don't think it will find duplicates.

grtraders: Not sure I agree with you - give Procexp a chance: http://live.sysinternals.com/tools/procexp.exe - ant time you need it :-)
0
LVL 2

Expert Comment

by:DanAgaDK
Sorry got confused there that grtraders countered own article... ;-)
0
LVL 18

Author Comment

by:Ravi Agrawal
:-)

I wrote this article almost a year ago. I agree with treesize &  wasn't aware of it when I wrote it. I guess treesize is more popular on EE, but Jdisk does its job well too.

Anyways, thank you for commenting & the Yes vote.

Ravi.
0
LVL 4

Expert Comment

by:lordrt
Another tool which should have been included by microsoft is cdburnerxp, this burning tool is more lightweight than nero, and provides almost same options
0
LVL 18

Author Comment

by:Ravi Agrawal
@lordrt
I have already written about what you say in another article of mine.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/A_2277-Dumping-Windows-Default-Applications-for-Better-Ones-Part-One.html See Section 4. It refers to CD Burner XP. But this application was not written by microsoft.

Ravi.
0

Expert Comment

by:cyberheal179
I think you should have explained and described something about CCleaner too.
It is a great software for maintaining the speed of your computer.
A must have I should say.
0
LVL 18

Author Comment

by:Ravi Agrawal
Sure, that was on my list as well but this article go too lengthy as per my closing comment --

That's all for now. I was thinking of adding a few more to the more Article but I guess the above should get one started. Let us leave something for another Article.

Ravi.
0

Expert Comment

by:crmmax
Great tips.  I was trying to determine what the issue was with several pdf files that could not be opened and were missing the security tab.  I tried re-setting the file attributes with no luck and in my search for another answer to the atribute issue I downloaded the Unlocker app.  It worked great and allowed me to see that the Trend Micro AV process was holding the file hostage as I had just upgraded to the 2011 version.  I shut down the Trend Micro and re-started and it released the file.  Unfortunately, the file dissapeared but it was not a major issue as backups were in place.
0

Featured Post

OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Join & Write a Comment

Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
A query can call a function, and a function can call Excel, even though we are in Access. This is Part 2, and steps you through the VBA that "wraps" Excel functionality so we can use its worksheet functions in Access. The declaration statement de…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month