Solved

Advice for getting a machine running better after removing malware

Posted on 2014-11-10
9
291 Views
Last Modified: 2016-11-23
Yes, I realize that the best solution to malware is nuke and pave.

But my perception when there isn't a bare metal image such as ShadowProtect, the process can take several labor hours and is very tedious. Certainly, pop in the dell OS DVD and run that is straightforward. But a long standing gripe of mine is that even when you enter the service tag for a dell computer, their download page lists drivers for all the possible NICs, video cards, et al. My thoughts would be that with the service tag, their site would show just the specific drivers for that exact machine. Am I mistaken? And then install Office, any other apps, Flash, Shockwave and many others, then install updates and restore the data.  But things still  aren't back the way the machine was before

So for cleaning the machine, we through many apps at the machine such as superantivirus, malwarebytes, ADWCleaner, hitmanpro,! hijackthis, eset online and Trend online scanners, autoruns and others.

In the end the machine winds up clean. But may not be running as well as it could. My thinking is that the malware inserts itself in the flow of the data in the machine and removing them still might leave some hooks to the malware and that slows things down? Like LSP entries in older versions of windows?

Would anyone have advice on what you would run to help refresh things after the malware was removed?
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 96

Accepted Solution

by:
Experienced Member earned 84 total points
ID: 40433588
My thinking is that the malware inserts itself in the flow of the data in the machine and removing them still might leave some hooks to the malware and that slows things down? Like LSP entries in older versions of windows?

Yes, this can happen. If it does, backup, delete all partitions (do this), format and install Windows is the only way to rid yourself of this stuff.

A mild virus properly cleaning will normally result in the machine running properly. That is not the case here.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 40433598
no.  they are saying things are slower now.  I used process explorer and don't see something unusual / no high processor / RAM usage.

Just all things running slow. No rootkits are on the system.
0
 
LVL 96

Expert Comment

by:Experienced Member
ID: 40433602
It could need defragmenting  but that is a long shot. Since hardware seems to be normal, I would say rebuilding (steps I noted) are in order. You could otherwise spend your time in a black hole.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 13

Assisted Solution

by:akb
akb earned 84 total points
ID: 40433633
It may be worth running System Mechanic http://www.iolo.com/downloads/download-system-mechanic/
It will clean up the registry and sort out numerous other issues.
I have found this will improve the performance of any PC whether it has been affected by a virus or not.
0
 
LVL 9

Assisted Solution

by:MHMAdmins
MHMAdmins earned 83 total points
ID: 40433640
You can remove the offending malware but it will not always remove all of the Hooks and registry entries that it modified. I would suggest nuke and rebuild and then take a snapshot or image in case you need it for disaster recovery if it happens again. Or you could lock down the machine with Faronics DeepFreeze or some other program to that effect so all you have to do is reboot and it will go back to original machine state.
0
 
LVL 1

Assisted Solution

by:Bradley Vonderheide
Bradley Vonderheide earned 83 total points
ID: 40433652
Have you checked your host file? These viruses have a tendency of hi-jacking your host file, which can poison your DNS results. Check that.. Do an Ipconfig /flushdns afterwards..

You can also clear virtual memory;
Start/Run
or Windows key + R
type in Gpedit.msc
Go to: Computer configuration/Windows settings/Security settings/Local policies/Security options
Scroll to the bottom, look for "shutdown: clear virtual memory pagefile"
Enable it
Reboot (It will take a few, be patient)

Next:
You will need to clean up the system restore file, as that will have been infected to, and honestly while i think it is a waste of performance, if you want to keep it, you should keep it clean, otherwise what's the point.

Start:
Computer (right click)
Choose properties
Click advance system settings
Click System protection
Click Configure
Click Delete
Click apply
System will rebuild it with newly cleaned data

Next:
Defrag c: -b
Use the -b to clean up the boot sector which will likely have gotten gunked up due to the virus.
Run a chkdsk c: /R /F
this should clean up any disk issues

Reboot:

On startup go to start run
Windows key +R
make sure there is nothing funky in the startup
AV and Cleaners have tendency of installing stuff you didn't know about..
This will allow you to stop them from startup.
(General rule, other then AV if you aren't to lazy to double click it when you need it, uncheck it)


Software suggestions:
Run CCLeaner
Use that program under each profile to clean out all the temp files on each profile

Use O&O defrag free to run a full system defrag by block.. it works a lot better then the one in windows vista-8.1

Hope this helps..
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 83 total points
ID: 40433738
As you will soon discover, the time that you spend discussing this, telling people you have already tried x,y, and z, trying several suggestions to "Fix" the issue, losing face with a frustrated user who begins to wonder if you know what you're doing.......

You could by now have done that clean build, updates, software installs and given the user a nice machine that behaves correctly.

Virus clean up is really for getting to the point you can safely copy data off ready to rebuild/reimage.  Unless it is a very simple infection then you will very rarely be back with a good system by "Cleaning" it.
0
 
LVL 92

Assisted Solution

by:nobus
nobus earned 83 total points
ID: 40434417
i also agree a fresh install is the best way if the system is not running ok after trying a couple of scans
but - the slowness can also come from overheating; did you check that?
install speedfan to monitor the cpu and other temps : http://www.almico.com/speedfan.php
0
 
LVL 96

Expert Comment

by:Experienced Member
ID: 40439681
@BeGentleWithMe-INeedHelp  - Thank you and I was happy to help.
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever visit a website where you spotted a really cool looking Font, yet couldn't figure out which font family it belonged to, or how to get a copy of it for your own use? This article explains the process of doing exactly that, as well as showing how…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question