Solved

Advice for getting a machine running better after removing malware

Posted on 2014-11-10
9
283 Views
Last Modified: 2016-11-23
Yes, I realize that the best solution to malware is nuke and pave.

But my perception when there isn't a bare metal image such as ShadowProtect, the process can take several labor hours and is very tedious. Certainly, pop in the dell OS DVD and run that is straightforward. But a long standing gripe of mine is that even when you enter the service tag for a dell computer, their download page lists drivers for all the possible NICs, video cards, et al. My thoughts would be that with the service tag, their site would show just the specific drivers for that exact machine. Am I mistaken? And then install Office, any other apps, Flash, Shockwave and many others, then install updates and restore the data.  But things still  aren't back the way the machine was before

So for cleaning the machine, we through many apps at the machine such as superantivirus, malwarebytes, ADWCleaner, hitmanpro,! hijackthis, eset online and Trend online scanners, autoruns and others.

In the end the machine winds up clean. But may not be running as well as it could. My thinking is that the malware inserts itself in the flow of the data in the machine and removing them still might leave some hooks to the malware and that slows things down? Like LSP entries in older versions of windows?

Would anyone have advice on what you would run to help refresh things after the malware was removed?
0
Comment
9 Comments
 
LVL 94

Accepted Solution

by:
John Hurst earned 84 total points
ID: 40433588
My thinking is that the malware inserts itself in the flow of the data in the machine and removing them still might leave some hooks to the malware and that slows things down? Like LSP entries in older versions of windows?

Yes, this can happen. If it does, backup, delete all partitions (do this), format and install Windows is the only way to rid yourself of this stuff.

A mild virus properly cleaning will normally result in the machine running properly. That is not the case here.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 40433598
no.  they are saying things are slower now.  I used process explorer and don't see something unusual / no high processor / RAM usage.

Just all things running slow. No rootkits are on the system.
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 40433602
It could need defragmenting  but that is a long shot. Since hardware seems to be normal, I would say rebuilding (steps I noted) are in order. You could otherwise spend your time in a black hole.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 13

Assisted Solution

by:akb
akb earned 84 total points
ID: 40433633
It may be worth running System Mechanic http://www.iolo.com/downloads/download-system-mechanic/
It will clean up the registry and sort out numerous other issues.
I have found this will improve the performance of any PC whether it has been affected by a virus or not.
0
 
LVL 9

Assisted Solution

by:MHMAdmins
MHMAdmins earned 83 total points
ID: 40433640
You can remove the offending malware but it will not always remove all of the Hooks and registry entries that it modified. I would suggest nuke and rebuild and then take a snapshot or image in case you need it for disaster recovery if it happens again. Or you could lock down the machine with Faronics DeepFreeze or some other program to that effect so all you have to do is reboot and it will go back to original machine state.
0
 
LVL 1

Assisted Solution

by:Bradley Vonderheide
Bradley Vonderheide earned 83 total points
ID: 40433652
Have you checked your host file? These viruses have a tendency of hi-jacking your host file, which can poison your DNS results. Check that.. Do an Ipconfig /flushdns afterwards..

You can also clear virtual memory;
Start/Run
or Windows key + R
type in Gpedit.msc
Go to: Computer configuration/Windows settings/Security settings/Local policies/Security options
Scroll to the bottom, look for "shutdown: clear virtual memory pagefile"
Enable it
Reboot (It will take a few, be patient)

Next:
You will need to clean up the system restore file, as that will have been infected to, and honestly while i think it is a waste of performance, if you want to keep it, you should keep it clean, otherwise what's the point.

Start:
Computer (right click)
Choose properties
Click advance system settings
Click System protection
Click Configure
Click Delete
Click apply
System will rebuild it with newly cleaned data

Next:
Defrag c: -b
Use the -b to clean up the boot sector which will likely have gotten gunked up due to the virus.
Run a chkdsk c: /R /F
this should clean up any disk issues

Reboot:

On startup go to start run
Windows key +R
make sure there is nothing funky in the startup
AV and Cleaners have tendency of installing stuff you didn't know about..
This will allow you to stop them from startup.
(General rule, other then AV if you aren't to lazy to double click it when you need it, uncheck it)


Software suggestions:
Run CCLeaner
Use that program under each profile to clean out all the temp files on each profile

Use O&O defrag free to run a full system defrag by block.. it works a lot better then the one in windows vista-8.1

Hope this helps..
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 83 total points
ID: 40433738
As you will soon discover, the time that you spend discussing this, telling people you have already tried x,y, and z, trying several suggestions to "Fix" the issue, losing face with a frustrated user who begins to wonder if you know what you're doing.......

You could by now have done that clean build, updates, software installs and given the user a nice machine that behaves correctly.

Virus clean up is really for getting to the point you can safely copy data off ready to rebuild/reimage.  Unless it is a very simple infection then you will very rarely be back with a good system by "Cleaning" it.
0
 
LVL 92

Assisted Solution

by:nobus
nobus earned 83 total points
ID: 40434417
i also agree a fresh install is the best way if the system is not running ok after trying a couple of scans
but - the slowness can also come from overheating; did you check that?
install speedfan to monitor the cpu and other temps : http://www.almico.com/speedfan.php
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 40439681
@BeGentleWithMe-INeedHelp  - Thank you and I was happy to help.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question