posted
My computer has gotten much more sluggish lately. I have Norton AV software, so I don't think it's a virus, but it might be some malware/spyware.
What steps should I take to find out if I have any mal/spyware on my system and then remove it?
Posts: 16551 | Registered: Feb 2003
| IP: Logged |
posted
I usually use a combination of ADAdware, Spybot, and Ewido. If I suspect that my machine is infected I'll run a scan with each one, reboot and run a second scan with each of them, reboot, and rescan. If the third set of scans picks up anything I'll google it and take the necessary steps to remove whatever it is.
(ADAdware and Spybot are both shareware, and Ewido has an X number of days free trial, just FYI)
Posts: 16059 | Registered: Aug 2000
| IP: Logged |
posted
I have seriously found that when it comes to malware/spyware there are 2 REALLY important things. 1: Get the programs you need to deal with it (I agree with Noemon, I personally use Norton, ADAware, and Microsofts's new Anti Spyware.)
2: Even more importantly you need to watch what websites you are browsing. Websites where you download porn, boot leg movies, roms, etc are NOTORIOUS for putting that crap on your computer. Its always best to find sites that MANY people go to and are happy with. Don't download files like torrents unless you have read some of the responses people post on the files. If there are none, you download at your own risk.
Oh lastly, if you are running Windows you really do NEED to defrag it (its in the control panel under administrative options). You should be defragging once a month, but once every few months is fine, just remember the longer you put it off the longer it will take to do it. Just start defraging and go to bed, by the time you wake up it should be done and you will notice better performance.
Posts: 14316 | Registered: Jul 2005
| IP: Logged |
posted
I think that defragmentation might be my problem, as I see the biggest performance hits when I've got heavy disc usage.
Posts: 16551 | Registered: Feb 2003
| IP: Logged |
That is your first mistake. I don't know how many computers I have seen become MUCH faster once Norton is removed. I like F-Prot. It uses very few system resources and gets the job done.
Here is my list of how to speed up your computer--if you suspect Adware. First off Download CCleaner, Spybot, Adaware, and Hijack This. ** if you end up using Hijack This, be sure to read this tutorial. It is a very powerful and dangerous (but effective) program.
Install all of them AND update them. Both Spybot and Adaware have definition files/includes you can manually download if the update is prevented because of malware.
1: Boot into safe mode (usually F8 during start up).
2: Make sure you can view hidden folders (My Computer - Folder Options - View - Sho Hidden Files (these are the steps for my 2000pro. XP may be slightly different; I can't remember).
2.** I forgot to mention a critical step that belongs here for Windows XP. Turn off "System Restore" at this stage. System restore stores save points (including any malware or virus). When you turn it off, it deletes all of the old save points. You turn it off by alt-clicking My Computer and choosing the "System Restore" tab. Just check the box for turning off system restore.
3: Run CCleaner. CCleaner checks for all of your temp folders and cleans them out. It also scrubs your Internet history, cache, index, blah blah blah. It takes out ALOT of blah. If you are not cleaning house, you can easily have 600MB+ of junk that is fragging your drive or taking up space. I once saw CCleaner clear 1.6G of junk!! A lot of malware tends to reside in temp folders.
4: Run Spybot, Adaware, and your Antivirus. It is important to run CCleaner first---otherwise it will take forever to check each file because it has to go through your temp folders. That is why I put CCleaner in it’s own step.
5: Go to Add/Remove programs and uninstall any programs you don't recognize and are sure should NOT be there. Usually anything with "Bug," "Tool," "Bar," "Shopping," "Save," "Search," or "Weather" is a bad sign.
6: Go into your program folder and delete any program folders that are bad...like "MYwebSearch" et cetera.
7: Empty Recycle Bin and Run Open CCleaner again. Instead of clicking "Run Cleaner," go to "Issues" and scan for issues. This searches your registry for keys that don't belong there. Altho I have never seen CCleaner take out a Critical Key, it is good form to save a backup when prompted.
8: If you know a little bit about ‘hijack this,’ now is the time to run it. It will scan for all your start up programs and hidden programs. Most of it is necessary--if you fix something your computer needs...well....ya better make sure it is backed up and you have all the tools to reformat and reinstall everything. BE VERY CAREFUL!!! Or just don't use it. But you can check for problems and fix stuff that is hidden from startup, msconfig, add/remove programs, et cetera.
9: Go to Start-Run and type in "msconfig". If you are using 2000, then you need to download it from here (the link also has instructions where to save it). In msconfig, go to the startup tab. These are all the programs running in the background when you start windows. You can actually uncheck them all and windows will automatically restart the critical ones.
Programs like adobe, word, and anything media like to run in the background. They take up resources and bog your system. Some adaware hides in here. I keep stuff like my antivirus program on, but any other program I turn off.
10: Now that you are clean, it is a good time to defrag your drive. I like the free O&O Defrag. It works with XP.
11: Restart your machine. When you first log on it will warn you that you changed system information…or something like that. Just click the box that says, “Don't show this message again” and click ok. The warning comes up anytime you turn anything off with msconfig.
Be sure to turn back on System Restore if you have Windows XP.
You are done and your computer should run smooth. I don't like Microsofts Defender. I sometimes use it, but once I do the scan I uninstall it. However a lot of people love it. If you choose to use this or any other spyware cleaner that is trustworthy (like webroot), then run it during step 4.
I hope this helps someone.
EDIT: Fixed Link. EDIT: Added step about System Restore.
posted
It is important to clean your computer in Safe Mode because most programs won't delete a file in use. Since Malware is probably running in the background, your programs will either ignore it or not be able to remove it.
It is also important to view hidden folders so that programs like CCleaner can see what needs to be cleaned.
If you have something particularly bad, there could be a tool designed specifically to remove it. There are tools like Kazaabegone, whenuremover, cwshredder, and Kill2me.
Posts: 2445 | Registered: Oct 2004
| IP: Logged |
posted
There is a debate about which is the Devil and which is the Henchman, but there isn't much difference in the suck factor for both of those programs. You are better off using a free antivirus program.
Here is a good link to see what antivirus to use. If it doesn't skip to the antivirus section, just click the Best "Free Anti-Virus Software" link at the top of the page.
Posts: 2445 | Registered: Oct 2004
| IP: Logged |
posted
If you are non-trusting of free apps, Computer Associates' Etrust product is quite good. Doesn't impact your system much, doesn't require a ton of user interaction, and has caught anything that has attempted to affect my system. They also have a security suite with anti-spam, anti-spyware, a personal firewall and so on.
posted
I just got rid of every bit of Norton on both of my boxes, because of system performance problems. For AV I'm using Avast! and liking it. It hasn't noticably slowed my system and when it finds a hazard (I subscribe to a couple of yahoo groups), it actually talks to me and tells me what it looks at. I like it.
I also learned yesterday (as I was rebuilding my laptop because of system problems) that with XP SP2 and certain HP printer drivers, you get persistent and extremely annoying Data Protection errors. It was driving me crazy. Turns out if you turn off WIA services, the issues go away. And of course, HP hasn't fixed it yet.
Anyone have experience with Norton Ghost?
Posts: 5948 | Registered: Jun 2001
| IP: Logged |
posted
I ask because I'm tired of taking my laptop back to factory settings when my hard drive crashes. If I understand what Ghost does properly, I should be able to get my laptop installed with everything I normally use, then build a new install backup disk so if I lose my hard drive (again) I don't have to spend three days rebuilding the new one.
Hopefully I won't have to do this again, but still...since I've lost three hard drives in the past few months (different machines), I think safe is much, much MUCH better than sorry. (I bought a UPS to try to condition my power and hopefully that will keep me from killing future hard drives, but still....)
Posts: 5948 | Registered: Jun 2001
| IP: Logged |
posted
3? That is remarkable! Yes, you understand Ghost. You make an image. The nice thing about ghost is that the disc(s) that you create also acts as a boot disk for the ghost image. If your HD crashes, then all you do is put in the disc and reboot.
If it is a physical crash, then you do it with a new HD, but obviously it needs to be in a system with the same type of Hardware.
The Ghost Image might span 1-10+ cds depending on how big a data chunk it is. Most computers have DVDs, so it takes fewer discs.
My favorite, and this has saved me twice, is to partition my HD. I create 1 15G partition and use the rest of the drive (65G) for my secondary partition. I keep a ghost image on disc and on my second partition.
When I got a virus so nasty that I had to reformat my drive, I just used the ghost program within windows (not the disk) to rewrite with the image on my second partition. I now have a second drive that is REALLY big I use for backup, and that is where my ghost image lies…along with all my data.
I also only use my first partition for programs (which is why it is so small), and I keep all my data on the second partition. I save image space by not having to Ghost my backup data. This might not work so well if you are worried of a physical problem (unless you use a different disc for data).
A lawyer I used to work with uses ghost (per my recommendation) to do incremental backups to a second external hard drive of all his data. He takes the external drive home with him each night.
His Hard drive burned (fan stopped working in computer), but he had/has a current back up of all his data...plus his ghost image disk of his programs. He lost nothing and was VERY happy! I did it a week before it crashed! I have a lifelong good reference.
I have not had a virus problem since I learned to not use IE, to only surf on a limited account (both admin and limited are password protected), and to clean my temp folders regularly.
BTW, does anyone know if you can map MY DOCUMENTS to a different drive? If so, how?
EDIT: During the clean up in safe mode (step 4), it may ask you to reboot to finish deleting a file. Go ahead and reboot--back into safemode, and continue where you left off.
I right clicked my documents on my desktop, choose properties and clicked move. I browsed to my test folder and chose ok. I had previously made a test "folder" on my root drive (this comp is not partitioned).
I created a document and saved it directly to "my documents" from the drop down menue. It is in my test folder in the root directory, not "C:--documents and settings--username--my documents!"
woohoo!!!
I am on a 2000pro machine now.
Posts: 2445 | Registered: Oct 2004
| IP: Logged |
posted
I just added a step about "System Restore" if anyone plans to use my guide and is running XP. It is step 2.**.
Posts: 2445 | Registered: Oct 2004
| IP: Logged |
posted
For Anti-Virus I use common sense. For spyware, I use Mozilla Firefox with Adblock Pro.
Simple rules to follow: When a program pops up asking to run tell it no, unless you clicked on it to run.
Either stop using Internet Explorer, or turn off ActiveX. ActiveX is the devil inside that allows scripts and most of the spyware to get in. (Fortunately, Firefox doesn't have ActiveX.)
Posts: 1132 | Registered: Jul 2002
| IP: Logged |
quote:Originally posted by mr_porteiro_head: If Norton is teh suxorz, how about McAffee? I've got a copy of that somewhere around here.
In my own experience, McAffe is completely worthless. I've never even seen it catch a virus. I have, however, seen it severely affect the performance of several computers.
Posts: 3003 | Registered: Oct 2004
| IP: Logged |
posted
If you really want to get rid of the spyware on your system, certainly use the Adaware, Spybot, AVG (Good for detecting malware downloader trojans) etc. to clean out the easy stuff. Now, if you REALLY want to get rid of the stuff, download Bazooka Spyware Scanner.
Bazooka doesn't remove the spyware, but it does scan the system for infections and links you to an absolutely comprehensive list of instructions for removing the spyware manually. These lists include all of the registry entries, files, file folders and all of the locations. It, combined with HiJackThis! saved my ass the other day when I got a really, really bad infection.
Otherwise, if you're having fragmentation issued with your hard drive (which I imagine, since I know you move a lot of big files in and out frequently), there is absolutely no substitute for Diskkeeper. Its set it and forget it function runs in the background when the system is idle- cleaning up the drive and making it so that you never have to even THINK about fragmentation again.
Posts: 4753 | Registered: May 2002
| IP: Logged |
quote:Originally posted by raventh1: For Anti-Virus I use common sense. For spyware, I use Mozilla Firefox with Adblock Pro.
Simple rules to follow: When a program pops up asking to run tell it no, unless you clicked on it to run.
Either stop using Internet Explorer, or turn off ActiveX. ActiveX is the devil inside that allows scripts and most of the spyware to get in. (Fortunately, Firefox doesn't have ActiveX.)
I'd also recommend running the NoScript extension for FireFox. It allows you to whitelist sites' JavaScript capabilities.
Posts: 4753 | Registered: May 2002
| IP: Logged |
Printer-friendly view of this topic
![[Big Grin]](biggrin.gif)
I don't know how many computers I have seen become MUCH faster once Norton is removed. I like 
