Go Premium for a chance to win a PS4. Enter to Win


Advice for getting a machine running better after removing malware

Posted on 2014-11-10
Medium Priority
Last Modified: 2016-11-23
Yes, I realize that the best solution to malware is nuke and pave.

But my perception when there isn't a bare metal image such as ShadowProtect, the process can take several labor hours and is very tedious. Certainly, pop in the dell OS DVD and run that is straightforward. But a long standing gripe of mine is that even when you enter the service tag for a dell computer, their download page lists drivers for all the possible NICs, video cards, et al. My thoughts would be that with the service tag, their site would show just the specific drivers for that exact machine. Am I mistaken? And then install Office, any other apps, Flash, Shockwave and many others, then install updates and restore the data.  But things still  aren't back the way the machine was before

So for cleaning the machine, we through many apps at the machine such as superantivirus, malwarebytes, ADWCleaner, hitmanpro,! hijackthis, eset online and Trend online scanners, autoruns and others.

In the end the machine winds up clean. But may not be running as well as it could. My thinking is that the malware inserts itself in the flow of the data in the machine and removing them still might leave some hooks to the malware and that slows things down? Like LSP entries in older versions of windows?

Would anyone have advice on what you would run to help refresh things after the malware was removed?
LVL 99

Accepted Solution

John Hurst earned 336 total points
ID: 40433588
My thinking is that the malware inserts itself in the flow of the data in the machine and removing them still might leave some hooks to the malware and that slows things down? Like LSP entries in older versions of windows?

Yes, this can happen. If it does, backup, delete all partitions (do this), format and install Windows is the only way to rid yourself of this stuff.

A mild virus properly cleaning will normally result in the machine running properly. That is not the case here.

Author Comment

ID: 40433598
no.  they are saying things are slower now.  I used process explorer and don't see something unusual / no high processor / RAM usage.

Just all things running slow. No rootkits are on the system.
LVL 99

Expert Comment

by:John Hurst
ID: 40433602
It could need defragmenting  but that is a long shot. Since hardware seems to be normal, I would say rebuilding (steps I noted) are in order. You could otherwise spend your time in a black hole.
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

LVL 13

Assisted Solution

akb earned 336 total points
ID: 40433633
It may be worth running System Mechanic http://www.iolo.com/downloads/download-system-mechanic/
It will clean up the registry and sort out numerous other issues.
I have found this will improve the performance of any PC whether it has been affected by a virus or not.

Assisted Solution

MHMAdmins earned 332 total points
ID: 40433640
You can remove the offending malware but it will not always remove all of the Hooks and registry entries that it modified. I would suggest nuke and rebuild and then take a snapshot or image in case you need it for disaster recovery if it happens again. Or you could lock down the machine with Faronics DeepFreeze or some other program to that effect so all you have to do is reboot and it will go back to original machine state.

Assisted Solution

by:Bradley Vonderheide
Bradley Vonderheide earned 332 total points
ID: 40433652
Have you checked your host file? These viruses have a tendency of hi-jacking your host file, which can poison your DNS results. Check that.. Do an Ipconfig /flushdns afterwards..

You can also clear virtual memory;
or Windows key + R
type in Gpedit.msc
Go to: Computer configuration/Windows settings/Security settings/Local policies/Security options
Scroll to the bottom, look for "shutdown: clear virtual memory pagefile"
Enable it
Reboot (It will take a few, be patient)

You will need to clean up the system restore file, as that will have been infected to, and honestly while i think it is a waste of performance, if you want to keep it, you should keep it clean, otherwise what's the point.

Computer (right click)
Choose properties
Click advance system settings
Click System protection
Click Configure
Click Delete
Click apply
System will rebuild it with newly cleaned data

Defrag c: -b
Use the -b to clean up the boot sector which will likely have gotten gunked up due to the virus.
Run a chkdsk c: /R /F
this should clean up any disk issues


On startup go to start run
Windows key +R
make sure there is nothing funky in the startup
AV and Cleaners have tendency of installing stuff you didn't know about..
This will allow you to stop them from startup.
(General rule, other then AV if you aren't to lazy to double click it when you need it, uncheck it)

Software suggestions:
Run CCLeaner
Use that program under each profile to clean out all the temp files on each profile

Use O&O defrag free to run a full system defrag by block.. it works a lot better then the one in windows vista-8.1

Hope this helps..
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 332 total points
ID: 40433738
As you will soon discover, the time that you spend discussing this, telling people you have already tried x,y, and z, trying several suggestions to "Fix" the issue, losing face with a frustrated user who begins to wonder if you know what you're doing.......

You could by now have done that clean build, updates, software installs and given the user a nice machine that behaves correctly.

Virus clean up is really for getting to the point you can safely copy data off ready to rebuild/reimage.  Unless it is a very simple infection then you will very rarely be back with a good system by "Cleaning" it.
LVL 93

Assisted Solution

nobus earned 332 total points
ID: 40434417
i also agree a fresh install is the best way if the system is not running ok after trying a couple of scans
but - the slowness can also come from overheating; did you check that?
install speedfan to monitor the cpu and other temps : http://www.almico.com/speedfan.php
LVL 99

Expert Comment

by:John Hurst
ID: 40439681
@BeGentleWithMe-INeedHelp  - Thank you and I was happy to help.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever visit a website where you spotted a really cool looking Font, yet couldn't figure out which font family it belonged to, or how to get a copy of it for your own use? This article explains the process of doing exactly that, as well as showing how…
By default Outlook 2016 displays only one time zone in the Calendar. The following article explains how to display two time zones in one calendar view.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question