Solved

Advice for getting a machine running better after removing malware

Posted on 2014-11-10
9
268 Views
Last Modified: 2016-11-23
Yes, I realize that the best solution to malware is nuke and pave.

But my perception when there isn't a bare metal image such as ShadowProtect, the process can take several labor hours and is very tedious. Certainly, pop in the dell OS DVD and run that is straightforward. But a long standing gripe of mine is that even when you enter the service tag for a dell computer, their download page lists drivers for all the possible NICs, video cards, et al. My thoughts would be that with the service tag, their site would show just the specific drivers for that exact machine. Am I mistaken? And then install Office, any other apps, Flash, Shockwave and many others, then install updates and restore the data.  But things still  aren't back the way the machine was before

So for cleaning the machine, we through many apps at the machine such as superantivirus, malwarebytes, ADWCleaner, hitmanpro,! hijackthis, eset online and Trend online scanners, autoruns and others.

In the end the machine winds up clean. But may not be running as well as it could. My thinking is that the malware inserts itself in the flow of the data in the machine and removing them still might leave some hooks to the malware and that slows things down? Like LSP entries in older versions of windows?

Would anyone have advice on what you would run to help refresh things after the malware was removed?
0
Comment
9 Comments
 
LVL 90

Accepted Solution

by:
John Hurst earned 84 total points
Comment Utility
My thinking is that the malware inserts itself in the flow of the data in the machine and removing them still might leave some hooks to the malware and that slows things down? Like LSP entries in older versions of windows?

Yes, this can happen. If it does, backup, delete all partitions (do this), format and install Windows is the only way to rid yourself of this stuff.

A mild virus properly cleaning will normally result in the machine running properly. That is not the case here.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
Comment Utility
no.  they are saying things are slower now.  I used process explorer and don't see something unusual / no high processor / RAM usage.

Just all things running slow. No rootkits are on the system.
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
It could need defragmenting  but that is a long shot. Since hardware seems to be normal, I would say rebuilding (steps I noted) are in order. You could otherwise spend your time in a black hole.
0
 
LVL 13

Assisted Solution

by:akb
akb earned 84 total points
Comment Utility
It may be worth running System Mechanic http://www.iolo.com/downloads/download-system-mechanic/
It will clean up the registry and sort out numerous other issues.
I have found this will improve the performance of any PC whether it has been affected by a virus or not.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 9

Assisted Solution

by:MHMAdmins
MHMAdmins earned 83 total points
Comment Utility
You can remove the offending malware but it will not always remove all of the Hooks and registry entries that it modified. I would suggest nuke and rebuild and then take a snapshot or image in case you need it for disaster recovery if it happens again. Or you could lock down the machine with Faronics DeepFreeze or some other program to that effect so all you have to do is reboot and it will go back to original machine state.
0
 
LVL 1

Assisted Solution

by:Bradley Vonderheide
Bradley Vonderheide earned 83 total points
Comment Utility
Have you checked your host file? These viruses have a tendency of hi-jacking your host file, which can poison your DNS results. Check that.. Do an Ipconfig /flushdns afterwards..

You can also clear virtual memory;
Start/Run
or Windows key + R
type in Gpedit.msc
Go to: Computer configuration/Windows settings/Security settings/Local policies/Security options
Scroll to the bottom, look for "shutdown: clear virtual memory pagefile"
Enable it
Reboot (It will take a few, be patient)

Next:
You will need to clean up the system restore file, as that will have been infected to, and honestly while i think it is a waste of performance, if you want to keep it, you should keep it clean, otherwise what's the point.

Start:
Computer (right click)
Choose properties
Click advance system settings
Click System protection
Click Configure
Click Delete
Click apply
System will rebuild it with newly cleaned data

Next:
Defrag c: -b
Use the -b to clean up the boot sector which will likely have gotten gunked up due to the virus.
Run a chkdsk c: /R /F
this should clean up any disk issues

Reboot:

On startup go to start run
Windows key +R
make sure there is nothing funky in the startup
AV and Cleaners have tendency of installing stuff you didn't know about..
This will allow you to stop them from startup.
(General rule, other then AV if you aren't to lazy to double click it when you need it, uncheck it)


Software suggestions:
Run CCLeaner
Use that program under each profile to clean out all the temp files on each profile

Use O&O defrag free to run a full system defrag by block.. it works a lot better then the one in windows vista-8.1

Hope this helps..
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 83 total points
Comment Utility
As you will soon discover, the time that you spend discussing this, telling people you have already tried x,y, and z, trying several suggestions to "Fix" the issue, losing face with a frustrated user who begins to wonder if you know what you're doing.......

You could by now have done that clean build, updates, software installs and given the user a nice machine that behaves correctly.

Virus clean up is really for getting to the point you can safely copy data off ready to rebuild/reimage.  Unless it is a very simple infection then you will very rarely be back with a good system by "Cleaning" it.
0
 
LVL 91

Assisted Solution

by:nobus
nobus earned 83 total points
Comment Utility
i also agree a fresh install is the best way if the system is not running ok after trying a couple of scans
but - the slowness can also come from overheating; did you check that?
install speedfan to monitor the cpu and other temps : http://www.almico.com/speedfan.php
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
@BeGentleWithMe-INeedHelp  - Thank you and I was happy to help.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Detailed instructions on how to install an Access add-in in recent versions of Office and Windows (with screen shots)
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now