Using the virus work disks

NOTE: This step ask you to create 10 copies of the virus checking software. Even though the disks are exclusively for your use, and you will use only one disk at a time, this kind of "multiple duplication" may violate the license agreement for your antivirus software. Be sure your license allows multiple copies of the software before proceeding.

Using the virus work disk. Whenever a PC comes in for service, use one of your antivirus work disk. Professionals always create antivirus diskettes in batches because the diskettes are disposable. That is, if a virus is detected and cleaned, the diskette that detected the infection should be destroyed, and you should boot the system with a new work disk to locate any other instances of the same virus, or any different viruses. This may seem radical, but it is cheap insurance against cross-contamination of the diskette. Once a system is booted with a work disk and checks clean, you can put that work disk away, and boot the system again with a diagnostic or boot disk as required. it is also advisable to check the PC for viruses again once the repair is complete.

Problem with antivirus tools. The protocol outlined above should help to protect you (and your customer) from virus attacks. Still there are two situations where trouble can occur:

• Virus checkers get obsolete fast. Viruses are prolifierating with the aid of powerful new programming languages and vast avenues of distribution such as the Internet. You will need to update your virus work disks regularly with the very latest antivirus software. Too often, technicians buy an antivirus package and continue to use it for years. The software certainly remain adept at detecting the viruses it was designed for, but it does not take into account the many new strains that crop up regularly. As a result, older virus checkers may allow newer viruses to pass undectected.
• Technicians get cheap with their floppy disks. If a work disk detects and eliminates a virus, It should be considered contaminated, and you should throw it away. Start again with a fresh work diskette. Continue checking and eradicting viruses until the system checks clean. The 40 cents or so that the diskette costs is not worth the risk of contracting the virus.

Virus disks

Computer viruses are a serious concern for any PC troubleshooter.
You will almost always employ some type of diagnostic software during the course of your troubleshooting. Often, the same diagnostic disk is reused on system after system, and even take along when making service calls in the field. Unfortunately, if a PC with a computer virus manages to infect your diagnostic disk, you will wind up spreading the virus to any subsequent system. As you might imageine, the consequences for your customer's data can be immeasurable.
Before you employ a boot disk or any form of diagnostic to troubleshoot the system, you should "sterlize" your shop by checking the system for viruses first.

What is Antivirus?

Antivirus (or anti-virus) software is used to prevent, detect, and remove malware, including computer viruses, worms, and torjan horses. Such programs may also prevent and remove adware, spyware, and other forms of malware.

Anti-virus software now scans for rootkits; a rootkit is a type of malware that is designed to gain administrative-level control over a computer system without being detected. Rootkits can change how to operating system functions and in some cases, rootkits can tamper with the anti-virus program and render it ineffective. Rootkits are also very difficult to remove, in some cases requiring a complete re-installation of the operating system.

There are a huge number of security companies offering antivirus programs these days and some are better than others.

Here are my eleven favourates:

• Kaspersky Antivirus                         
• BitDefender Antivirus
• ESET NOD32 Antivirus
• AVG Antivirus
• Avast! Antivirus
• McAfee Antivirus Plus
• Norton Antivirus Software
• Panda Antivirus
• Trend Micro Antivirus
• F-Secure Antivirus
• Avira Antivirus

What is Virus?

Viruse - A virus is a small peace of software that piggybacks on real programs. For example, a virus might attach itself to program such as a spreedsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to the programs of wreak havoc.

E-mail viruses - An e-mail virus travels as an attachment to e-mail messages, as usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book. Some e-mail viruses don't even require a double click -- they lunch when you view the infected message in the preview pane of your e-mail software.

Torjan horse - A Torjan horse is simply a computer program. The program claims to do one thing (it may claim to be a game) but instead does damage when you run it (it may erase your (hard disk). Torjan horse have no way to replicate automatically.

Worms - A worms is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worms scan the network for another machine that has specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well.

CPU symptoms

Symptom : The system boots with no problem, but crashes or freezes when certain applications are run. It may appear that the application is corrupt.

• Test the CPU. Try a diagnostic such as TouchStone Software's checkIt. Run repeatitive tests on the CPU. While the CPU may work in real mode, diagnostics can detect errors running protected-mode instructions and perform through register checking.
• Replace the CPU. When an error code suggesting a CPU fault is returned, try a known-good CPU.
• Expand the diagnostic. If a CPU fault is not detected, expand the diagnostic to test other portions of the motherboard. If the entire system checks properly, you may indeed have a corrupt file in your application. 

A keyboard error

Symptom : A keyboard error is reported, but a new keyboard has no effect. If a known-good keyboard refuses to work, there are several items you can check.

• Check the keyboard connection. Make sure that the new keyboard is installed correctly. If there is a cable connecting the keyboard panel connector to the motherboard, make sure that that wiring is attached properly.
• Check the pico fuse. The keyboard fuse on the motherboard may have failed. Many motherboard designs incorporate a small fuse (called a picofuse) in the +5-volt dc line that drives the keyboard. If this fuse fails, the keyboard will appear dead. Replace the fuse.
• Replace the motherboard. If problems persist, or if you cannot replace the keyboard fuse, replace the motherboard outright.

Motherboard symptoms

Symptom 1: A motherboard failure is reported, but it goes away when the PC's out cover is removed. There is probably an intermittent connection or short circuit between the motherboard and chassis. This often happens during an upgrade or new assembly.

• Check for short circuits. Examine any metal standoffs securing the motherboard, and see if any are touching metal traces on the motherboard. You may be able to eliminate such shorts by inserting a thin spacer made from a manila folder.
• Try reinforcing the chassis. If the chassis is warping a bit, make sure that the entire chassis assembly is tight.
• Try a new motherboard. If the chassis is not warping, there may simply be a fault somewhere in the motherboard itself. If the motherboard erboard is under warranty, replace it outright.

CPU Issues

The CPU is the single most complex and expensive IC on the motherboard. It is responsible for processing every instruction and virtually all the data in memory at one time or another. While CPU failures are somewhat rare, there are some possible symtoms that you should be familiar with. When you suspect a CPU problem, make the following checks before proceeding:

• Check the socket. Make sure that the CPU is inserted completely into its socke. For a ZIF socket, make sure that the lever is closed completely and latched.
• Check the motherboard jumpers. When you are upgrading a CPU, make sure that the motherboard is configured properly for the specific CPU type and clock setting.
• Check for heat. Make sure that the CPU's heat sink (or heatsink/fan assembly) is attached securely to the CPU. If there is a fan on the heat sink, make sure that the fan is running. You may need to reattach the heat sink using thermal grease. Thermal grease (also called thermal gel, thermal compound, thermal paste, heat paste, heat sink paste, heat transfer compound, or heat sink compound) is a fluid substance, originally with properties akin to grease, which increases the thermal conductivity of a thermal interface by compensating for the irregular surfaces of the components. In electronics, it is often used to aid a component's thermal dissipation via a heat sink.

Motherboard Troubleshooting

The motherboard is the heart of any personal computer. It is the motherboard that handles system resources (IRQ lines, DMA channels, I/O locations) as well as "core" components such as the CPU, math coprocessor, and all system memory, including DRAM, BIOS ROM, cache, and CMOS RAM. Indeed, most of a PC's capabilities are defined by motherhboard components. This chapter shows you how to recognize symptoms and translate error information into motherboard repair. You will typically find the following elements on your motherboard:

• CPU (central processing unit). The CPU is a programmable logic device that performs all of the instruction, logic, and mathematical processing in the PC. This is the single most important IC in the computer CPU failure can disable the entire PC.
• MPC (math coprocessor). The MPC is a programmable logic device (closely related to CPU) which is tailored for handling floatingpoint math operations. Math-intensive application software which is written to take advantage for the MCP can realize substantial improvements in performance. All contemporary CPIs now integrate math coprocessor functions without the need for a seperate MCP.
• BIOS (basic input /output system). This is the code used to control the motherboard's hardware and perform low-level motherboard operations. Traditionally, BIOS has been stored on DIP ICs which can be easily removed and replaced as needed. Such ICs starts with a "27" prefix, them have two or three digits indicating the number fo kilobits (divide by 8 for kilobytes). For example, the 2764 is a ROM providing 8 kbytes of storage. If flash BIOS is used, you will find the BIOS ROM in a PLCC holder.  
• CMOS / RTC. This is a dual-function IC which maintains system setup variables in up to 128 bytes of low-power CMOS RAM. It also supplies a real-time clock which keeps track of the date, day and time. Traditional PCs used the Motorola MC146818, but many other variations have come into use. You can often locate the CMOS/RTC IC by its large, rectangular shape. IT will also locate the COMS/RTC IC by its large, rectangular shape. It will also be located near the system backup battery.
• Clocks. Proper synchronization and signaling of the motherboard requires the use of precision oscillating ICs. There are typically two clock ICs, one for the 14.318-MHz OSC signal on the ISA bus, and one driving the CPU clock (and other processing ICs). The CPU clock IC accepts the Power Good signal from the powersupply and generates the system Reset signal. The OSC clock IC also produces a 1.19-MHz signal for the PIT.
•  PIT (programmable interval timer). The interval timer provides three channels for the PC, Channel 0 is set to produce an interrupt every 54.94 ms (the RTC time base). Channel 1 is programmed to produce an interrupt every 15.12 us to signal the start of a memory refresh cycle, which must be performed at least once every few milliseconds. Channel 2 is a noncritical timer which serves to support speaker signals.
• DMAC (direct memory access controllers). DMA is critical to operation of an XT or AT system Normally, the CPU must handle each bytes of data transferred in the system-a slow process when large volimes of data must be transferred. DMA allows data transfer without the intervention or the CPU. A single DMA controller provides four channels (an AT uses two DMACs to provide eight channels).
• DMA page registers. These are relatively simple buffers that point to the 64-kbyte area (page) that DMA transfers will take place from (or to). Early PCs used one page register, but i386 and later systems often use two. Remember that is a common for newer systems to indicate a fault in the second page register because the page registers are usually integrated into chipsets.
• PIC (programmable interrupt controller). The PIC recognizes and prioritizes hardware interrupts, then passes the interrupt signal to the CPU along with a vector which points to the location of the interrupt handler routine. The XT used one PIC which supplied eight channels, but ATs use two PICs for sixteen channels (IRQ o-15).
• KBC (keyboard controller). The KBC is a very specialized single-chip microcontroller (including its own small amount of BIOS) designed as an interface between the system and the AT serial keyboard. On system initialization, the POST will cause a KBC self-test. If the self-test passes, the system can proceed to test the keyboard. Another vital part of the keyboard controller is that it handles the A20 gate. The A20 gate handles access to extended/ expanded memory (protected-mode addressing). If the KBC fails, the system will be unable to work in the protected mode.
• Gate A20. This is the simple gate that controls address line A20, and thus controls protected-mode operation by accessing memory over 1 Mbyte. The A20 gate is operated from the KBC.
• BUS controller. This device accepts control and timing signals from the system and generates the I/O and memory read and write signals needed to transfer data among system components also manages the translation of 16-bit words into 8-bit words for single-byte data transfers, and then the translation back again.
• UART (universal asynchronous receiver/transmitter). UTARTs are the key components in seral communications ports. They translate parallel data into framed serial data for transmission, and reverse the process to convert framed serial data back into parallel data during reception. Current systems use 16550A UTRATs. When a serialport error is reported, the UART has probably failed. UARTs incorporated in the motherboard are typically provided with jumpers that will set the port I/O address and IRQ line, and allow you to disable the UART in favour of expansion board communication devices.
•  DRAM. General storage and main system memory is priovided by dynamic RAM. Modern DRAM ICs can hold a great deal of data, but it must be refreshed every few milliseconds-otherwise, the data will be lost. A key purpose of the DMAC and PIC is to manage refresh. Some DRAM is fabricated on the motherboard, but much more DRAM can be added in the form of SIMMs.
•  Cache. Cache has become an important element of PC performance improvement. If data and instructions are loaded into fast static RAM in advance of the CPU's need, memory wait states can be eliminated. Many systems are equipped with 128 to 256 kbytes of externated. Many systems are equipped with 128 to 256 kbytes of external cache, but some systems can have up to 512 kbytes of cache. To boost performance every further, newer CPUs are designed with a small amount of internal cache. If external chane fails, you may be able to circumvent teh error by disabling the cache through the CMOS setup. If internal cache fails, the CPU will have to be replaced.

Conflict troubleshooting

The PC provides only a limited number of interrupts (IRQs), DMA channels, and I/O addresses for devices to use. No two devices can use the same resources-if the same resource is assigned to two devices, they will compete for control. Conflicts can result in problems ranging for erratic device behaviour to system lockups and crashes. The procedure below offers a reliable method for locating and eliminating device conflict:

• Power the computer down and remove the new expansion device.
• Start the machine to the DOS mode and run the MSD.EXE program that is in your \WINDOWS directory (you can also try any number of shareware or commercial diagnostics that detect resource assignments).
• The program will let you look at which interrupts, DMA channels, and I/O addresses are currently in use on your system. Record those on a sheet of paper (or print the report to a printer) and exit the program.
• Examine the new device and check its resource assignments against the resource already in use. Chances are that the new device will be using an IRQ, DMA, or I/O assignment already shown in your MSD report.
• Change the conflicting resource. For example, if you find and IRQ conflict, change the IRQ on your new device to an IRQ that is not in use. If the device's resources are set through software, simply proceed to the next step.
• Turn the system off again and place the device back in your computer.
• Run any setup software for the new device. It should be recognized properly.
• If you cannot find any available resources, you will have to disable at least one other device in order to free up the resources for your new device.
• If the new device works under Windows, be sure to run any Windows installation software. If the device is running under Windows 95, run the Add New Hardware wizard.