Approach to the Suspect PC
Generally, the user's data is the only irreplaceable part of the system (and thus possibly the most valuable to the user) even if it is the part for which the supplier has the least responsibility (data is always excluded from warranty).
When approaching a known-dubious PC, you should work in layers, limiting your activities to what is known to be safe in order to determine what is safe:
Is this PC safe to open the case?
Look for tell-tales (seals
that invalidate warranty if broken)
Clarify system warranty status and vendor's policy
Determine whether client is authorized to permit your
intervention
Is this PC safe to power up?
Correct power supply
voltage
Correct mains wiring to power supply; wall, cable, power switch
wiring
Correct DC power connection polarity, especially HD and
motherboard
No loose metal objects, metal powder or moisture in case or power
supply
No metal-to-PC-board shorts
No dangling power connectors or exposed wire
Correct IDE cable polarity
Correct RAM insertion
Exclude processor overvoltage settings
Is this hard drive safe to use?
Perform hardware
diagnostics on hard drive
Remove HD and evacuate data first if any errors are present
Is this system infectious?
Determine keystrokes and
passwords required for CMOS access
Perform formal virus check; do not permit temp writes or cleans
If malware present, research before cleaning
If malware present, particularly protect diskettes and other
systems
Is the file system of this hard drive safe to use?
Sanity-check
partitioning vs. stated capacity to exclude 500M/2G/8G BIOS
limits
Sanity-check CMOS HD definition vs. boot sector geometry
Exclude disk compression, alert if found
Exclude non-DOS/non-FATxx Windows partitions or volumes,
alert if found
Check logical file system structure, but do not allow changes
Hardware diagnostics RAM
Exclude overclocked PCI, AGP, motherboard chipset, RAM
If non-DOS/non-FATxx, avoid writes to those volumes, ?decline
job
If all volumes are FAT16 or FAT32 and file system insane, proceed
to data recovery
If hardware is known-dubious, remove HD and evacuate data first
Is it safe to run Windows on this system?
Ensure HD is not dropped
in from a different system
Exclude malware infestation and corrupted system files
Hardware diagnostics RAM, if not already done so
Check power supply and processor fans
Check for loose internal power or data cables
Peruse DOS-visible parts of the startup axis for undetected malware
Ensure C: volume has free space; worry if under 50M and clear
temp files etc.
Consider backing up registry files and Vmm32.vxd first
If the PC is already running
All of the above assumes a PC that is not in use when you arrive. If the PC is in use when you arrive, then you have to verify it is safe to power it off before doing so:
Not midway through some
critical process
Not required for unattended role e.g. receiving calls, serving a
printer, backup
Not in use over the LAN
User knows any passwords required to restart system; CMOS,
Windows etc.
The black-screen boot
If PC is stone cold when powered up (no fans etc.), power off immediately
- disconnect all except mobo, CPU, RAM, SVGA, keyboard, speaker and retry
- add components one by one
- do not under any circumstances allow Windows to load
- as safeguard to above, back up registry first if file system is write-safe
If PC appears to run but no picture
- note any speaker beeps, or absence of any speaker sound
- check CapsLock etc. cause keyboard LEDs to work appropriately
- check for non-cyclical HD seek activity, which suggests software is loading
- check monitor LED is on and SVGA cable is plugged in at both ends
- blind-key your way out of Windows
- power off when sure you are out of Windows, or that system has locked up
- if no-display beeps, re-seat SVGA card, press SVGA BIOS into its socket
- if no speaker sound at all, as above
- if normal speaker beeps, swap-test for bad monitor
- else proceed as per "stone cold boot" scenario
(C) Chris Quirke, all rights reserved