Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 297
  • Last Modified:

Advice for getting a machine running better after removing malware

Yes, I realize that the best solution to malware is nuke and pave.

But my perception when there isn't a bare metal image such as ShadowProtect, the process can take several labor hours and is very tedious. Certainly, pop in the dell OS DVD and run that is straightforward. But a long standing gripe of mine is that even when you enter the service tag for a dell computer, their download page lists drivers for all the possible NICs, video cards, et al. My thoughts would be that with the service tag, their site would show just the specific drivers for that exact machine. Am I mistaken? And then install Office, any other apps, Flash, Shockwave and many others, then install updates and restore the data.  But things still  aren't back the way the machine was before

So for cleaning the machine, we through many apps at the machine such as superantivirus, malwarebytes, ADWCleaner, hitmanpro,! hijackthis, eset online and Trend online scanners, autoruns and others.

In the end the machine winds up clean. But may not be running as well as it could. My thinking is that the malware inserts itself in the flow of the data in the machine and removing them still might leave some hooks to the malware and that slows things down? Like LSP entries in older versions of windows?

Would anyone have advice on what you would run to help refresh things after the malware was removed?
0
BeGentleWithMe-INeedHelp
Asked:
BeGentleWithMe-INeedHelp
6 Solutions
 
John HurstBusiness Consultant (Owner)Commented:
My thinking is that the malware inserts itself in the flow of the data in the machine and removing them still might leave some hooks to the malware and that slows things down? Like LSP entries in older versions of windows?

Yes, this can happen. If it does, backup, delete all partitions (do this), format and install Windows is the only way to rid yourself of this stuff.

A mild virus properly cleaning will normally result in the machine running properly. That is not the case here.
0
 
BeGentleWithMe-INeedHelpAuthor Commented:
no.  they are saying things are slower now.  I used process explorer and don't see something unusual / no high processor / RAM usage.

Just all things running slow. No rootkits are on the system.
0
 
John HurstBusiness Consultant (Owner)Commented:
It could need defragmenting  but that is a long shot. Since hardware seems to be normal, I would say rebuilding (steps I noted) are in order. You could otherwise spend your time in a black hole.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
akbCommented:
It may be worth running System Mechanic http://www.iolo.com/downloads/download-system-mechanic/
It will clean up the registry and sort out numerous other issues.
I have found this will improve the performance of any PC whether it has been affected by a virus or not.
0
 
MHMAdminsCommented:
You can remove the offending malware but it will not always remove all of the Hooks and registry entries that it modified. I would suggest nuke and rebuild and then take a snapshot or image in case you need it for disaster recovery if it happens again. Or you could lock down the machine with Faronics DeepFreeze or some other program to that effect so all you have to do is reboot and it will go back to original machine state.
0
 
Bradley VonderheideCommented:
Have you checked your host file? These viruses have a tendency of hi-jacking your host file, which can poison your DNS results. Check that.. Do an Ipconfig /flushdns afterwards..

You can also clear virtual memory;
Start/Run
or Windows key + R
type in Gpedit.msc
Go to: Computer configuration/Windows settings/Security settings/Local policies/Security options
Scroll to the bottom, look for "shutdown: clear virtual memory pagefile"
Enable it
Reboot (It will take a few, be patient)

Next:
You will need to clean up the system restore file, as that will have been infected to, and honestly while i think it is a waste of performance, if you want to keep it, you should keep it clean, otherwise what's the point.

Start:
Computer (right click)
Choose properties
Click advance system settings
Click System protection
Click Configure
Click Delete
Click apply
System will rebuild it with newly cleaned data

Next:
Defrag c: -b
Use the -b to clean up the boot sector which will likely have gotten gunked up due to the virus.
Run a chkdsk c: /R /F
this should clean up any disk issues

Reboot:

On startup go to start run
Windows key +R
make sure there is nothing funky in the startup
AV and Cleaners have tendency of installing stuff you didn't know about..
This will allow you to stop them from startup.
(General rule, other then AV if you aren't to lazy to double click it when you need it, uncheck it)


Software suggestions:
Run CCLeaner
Use that program under each profile to clean out all the temp files on each profile

Use O&O defrag free to run a full system defrag by block.. it works a lot better then the one in windows vista-8.1

Hope this helps..
0
 
Neil RussellTechnical Development LeadCommented:
As you will soon discover, the time that you spend discussing this, telling people you have already tried x,y, and z, trying several suggestions to "Fix" the issue, losing face with a frustrated user who begins to wonder if you know what you're doing.......

You could by now have done that clean build, updates, software installs and given the user a nice machine that behaves correctly.

Virus clean up is really for getting to the point you can safely copy data off ready to rebuild/reimage.  Unless it is a very simple infection then you will very rarely be back with a good system by "Cleaning" it.
0
 
nobusCommented:
i also agree a fresh install is the best way if the system is not running ok after trying a couple of scans
but - the slowness can also come from overheating; did you check that?
install speedfan to monitor the cpu and other temps : http://www.almico.com/speedfan.php
0
 
John HurstBusiness Consultant (Owner)Commented:
@BeGentleWithMe-INeedHelp  - Thank you and I was happy to help.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now