Windows Security Checklist - Part 18: Windows Emergency Procedures

by Larry Stevenson, aka Prince_Serendip, CastleCops Staff Writer
March 27, 2005

No one application nor technique can protect you at 100%, but you can still get pretty close to that. When these guidelines are followed by Windows users, it can bring their chances of being infected by malwares almost to zero. Now we begin our next installment of the Windows Security Checklist - Part 18: Windows Emergency Procedures.

It is not as complicated as it may first appear, although there is a lot of information to absorb. The Security Experts, 1st Responders, Special Response Team members, Site Moderators, Administrators and Host consultants at CastleCops can help you, if you have questions about any of these techniques or featured applications.

Always Have a Plan

Windows emergencies can happen at any time online, without warning. Some of the most dangerous websites are not always where or what you expect them to be. It's especially important, as with any other emergency, to know what to do, how to do it and to keep your cool. A famous line from "Hitch-Hiker's Guide to the Galaxy" says, "Don't Panic!" Very important advice for any emergency or traveller.

It happened to me at a website in Asia a few years back. I was searching for an obscure, out-of-date application that was no longer available in North America. I had a firewall and an antivirus at the time. They didn't help. I clicked on a link to a heading that was supposed to take me to a page where I could download this program. Instead, my browser went totally bonkers. It was downloading something. My CPU was doing full over-clock as my browser froze. I could not shut it off. Ctrl+Alt+Delete did not work. Thank goodness I have always connected using a router. I turned it off. That cut the connection but it was already too late. My PC was still moving at warpspeed. A few more seconds passed before it black-screened and crashed.

When I turned it back on, I had to boot from my Registry Checker, a very bad sign, into Safemode. It's the only time I have ever had to do it that way on that PC. TrojanHunter helped me find the trojans and delete them. Sure didn't take long to get them. Usually, trojans are loaded silently, with no fireworks. I also did a full antivirus scan, ran System File Checker, Spybot Search & Destroy and Ad-Aware. Afterwards, I was rather shy of any website in Asia.

You also may need to do an emergency shutdown during nasty weather. Power outages are often preceded by smaller brown outs, lights flickering off and on. Some people have a battery backup for these times, others don't. Power surges can also occur in storms. I recommend you use two power surge bars instead of one. If there is a power surge, it will fry the first bar and merely shut off the second.

Keyboard Shortcuts

These can help you in an emergency, especially if the mouse no longer functions. Ctrl+Alt+Delete (Windows Task Manager) and Alt+F4 (close current window) are ones I have used at need but there are many more. Please see the link below.

Microsoft: Keyboard Assistance (all platforms)

Shutdown and Restart Shortcuts for Win 98/ME

You can shutdown or restart Windows with desktop shortcuts, using a single click. You can put them anywhere you wish, on the desktop or in your Taskbar or Start Menu.

Right-click on an empty part of the desktop or inside a folder to make a new shortcut. Select "New," then "Shortcut." A wizard will come up to guide you through the rest of the process. You will need to provide a command line, and then a name of your choice.

The command line should be as follows:

C:WINDOWSRUNDLL32 SHELL32.DLL,SHExitWindowsEx n

Using one of the following values:

n=0 LOGOFF: Shuts down all running processes, logs the user off, then restarts the Windows shell.
n=1 SHUTDOWN: Shuts down the system to a point at which it is safe to turn off the power. All file buffers have been flushed to disk, and all running processes have stopped.

n=2 REBOOT: Shuts down the system, then restarts it.

n=4 FORCE: Forces all processes to terminate — in effect, shuts down all running programs. When this flag is set, Windows does not query running applications to inform them that Windows is shutting down. This can cause the applications to lose data, therefore, you should only use this flag in an emergency.
n=8 POWEROFF: Exits Windows, then turns off the computer’s power (provided the computer supports the power-off feature).

n=-1 RESTART EXPLORER: Quickly closes Windows Explorer, then lets it restore itself.

You can do more than one value simultaneously but this may or may not work depending on your platform.

For Windows XP/2000

Windows 2000 with the Resource Kit installed and Windows XP have a shutdown command that can be launched from a command prompt or from a shortcut. To see all available options for this command, click Start, Run, and type:

SHUTDOWN /?

This command starts a 30-second countdown for a shutdown or restart, which allows you to abort it with a shutdown "-a" command. It you want the command to execute, use the "-t" (without quotes) flag, which lets you set the time lapse in seconds. The examples below use a 10-second delay.

RESTART Windows XP Shortcut:

SHUTDOWN -r -t 10

SHUT DOWN Windows XP Shortcut:

SHUTDOWN -s -t 10

These commands will not power down your computer. They only close or restart Windows.

Remote Shutdown Tool for Windows NT/2000

Display this message (same as -?) = No args
Display GUI interface, must be the first option = -i
Log off (cannot be used with -m option) = -l (lowercase "L")
Shutdown the computer = -s
Shutdown and restart the computer = -r
Abort a system shutdown = -a
Remote computer to shutdown/restart/abort = -m computername
Set timeout for shutdown to xx seconds = -t xx
Shutdown comment (maximum of 127 characters) = -c "comment"
Forces running applications to close without warning = -f

Create desktop shortcuts:

shutdown -s -t 00
This says to shutdown immediately.

shutdown -r -t 00
This says to shutdown and restart immediately.

shutdown -l -t 00
This says to logoff immediately.

For more information read Microsoft: KB317371


Emergency Boot Disks

Please refer to this free resource site for information, instructions and downloads of the disks you need for all MicrosoftWindows editions: AllBootDisks.com They have ISO Image Disks too.

The worst thing you can do is to turn the computer off without shutting down Windows, but it could happen. I call that a "hard crash." Be sure to have a backup on hand of your essential and important files in case your hard drive fails. Please refer to Windows Security Checklist - Part 15: Are You Saved? for more information on making backups.

Article Resources


Best regards and always take care of your security.