[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 145
  • Last Modified:

Virus or otherwise

I'm a computer guy and have come across a second occurrence of this problem.

The computer is very sluggish in responding.

The %temp% folders fills with hundreds of 3 and 4 character folders... takes hours and hours to delete them all.  The computer also starts creating fla*.tmp files as well.   If you remove the computer from the network the folder creation stops.  If you then reboot into safe mode with networking and join a network you can browse without issue.  If you simply reboot the computer, without removing it from a network, the process WILL continue in safe mode.

This is a Windows 7 computer.

Process Explorer doesn't really help a lot since things are bouncing around so much.  DVDUPGRD.EXE seems pretty active.  Searching for DVDUPGRD.EXE on the computer yields 3 files with a creation year of 2009.

The first occurrence of this, back in early Nov of 2014, resulted in wiping the drive and starting over.

Any thoughts?
0
classnet
Asked:
classnet
  • 6
  • 3
  • 2
  • +1
1 Solution
 
pjamCommented:
I believe dvdupgrd.exe is not a concern as it is a Microsoft file.
I would start by opening a elevated CMD window, and running SFC /scannow
0
 
rindiCommented:
Scan the system with malwarebytes (don't use safe mode for this) and allow it to remove whatever nasties it finds.
0
 
Fred MarshallCommented:
Scan with:
tdsskiller
Malwarebytes
HitManPro
RogueKiller
ESET Online Scanner
Remove everything they find if given a choice.
0
Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

 
classnetAuthor Commented:
I had already tried tdskiller, MWB, HitMan...

I will remove the drive, attach to a computer with NOD32 and try that next.
0
 
Fred MarshallCommented:
The other possibility I suppose, although I've never seen what you describe, is some hardware problem.
I have found that very slow systems can get that way with a failing hard drive that checks out fine - well, except for the data transfer rate.  So you have to use a transfer rate test program to see that.

70kbps is more or less normal and 2kbps is NOT.  
I had one system that took 45 minutes to boot!  Replacing the hard drive fixed it.  It took a weekend to clone it!

Just a thought.
0
 
classnetAuthor Commented:
NOD32 came up empty.
0
 
rindiCommented:
Have you used msconfig to disable autostart stuff that does something on the LAN which you don't really need?
0
 
classnetAuthor Commented:
Yes... only running MS services.
0
 
Fred MarshallCommented:
This sounds a lot like an old bug in Symantec End Point Security.  You didn't say which security programs are running.
0
 
classnetAuthor Commented:
Eset's NOD32 is the installed AV.
0
 
classnetAuthor Commented:
Figured it out... it was the PowerLik virus.
I used this to get rid of it.
0
 
classnetAuthor Commented:
Figured out myself.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

  • 6
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now