Jon said:
Hi. I have a friend with a windows XP home edition PC which was
infected with several Trojan and other viruses. So far we have run
Avast virus removal tool, Super Antispyware, Windows Live Onecare
and scanned with PC Tools Threatfire. After cleaning the system
up, we ran Hijackthis, pasted the result into an online analyser
and deleted a few entries as recommended. It appears the system is
now clear of infection. However it is running very very slowly. It
takes 10 minutes to boot up, 20 seconds to respond to commands and
about another 5 minutes to shut down. We have installed Zonealarm
free firewall, PC Tools free antivirus and Threatfire and
uninstalled all other firewall and antivirus programmes. Can
anyone offer any help please.
Uninstall ZoneAlarm.
Uninstall PC Tools.
Uninstall Threatfire.
Use the built-in Windows XP firewall, ensure you know what exceptions are
being allowed (if any.)
Use either Avira AntiVirus (free) or eSet NOD32 AntiVirus (AV only - not the
suite.)
Use either MalwareBytes (free) or MalwareBytes (cost) - depending on if you
want to pay or not and want the resident protection or not.
If you were to take the above advice - you would spend between $0 and $85
U.S. dollars for some very good and well tested protection that uses very
little resources so your system still runs at top speed.
My guess at the slowness - leftover damage and/or still not cleaned.
Whether or not you have done any of this - I suggest you do it again and in
the order given.
Start button --> RUN
(no "RUN"? Press the "Windows Key" + R on your keyboard)
--> type in:
winver
--> Click OK.
The picture at the top of the window that opens will give you the general
(Operating System name) while the line starting with the word "version" will
give you the rest of the story. Post _both_ in response to this message
verbatim. No paraphrasing - instead - ensure character-for-character
copying.
What version of Internet Explorer are you currently using? Easy to find
out. Open Internet Explorer and while that is in-focus, press and hold
the "ALT" key on your keyboard. With the "ALT" key still pressed, press
(just once, no holding) the "H" key. Now, with the "ALT" key still
pressed, press (just once, no holding) the "A" key. That will bring up
the "About Internet Explorer" window. It will give you the exact version
you are using - repeat what you see there in response to this message.
Reboot and logon as administrative user.
Fix your file/registry permissions...
Ignore the title and follow the sub-section under
"Advanced Troubleshooting" titled,
"Method 1: Reset the registry and the file permissions"
http://support.microsoft.com/kb/949377
*will take time
** Ignore the last step (6) - you should already have SP3, but if not - now
is not the time to do it. Skip step 6.
You will likely see errors pass by if you watching, even count up. No
worries *at this time*.
Reboot and logon as administrative user.
Search your registry for %fystem and replace the "f" with an "s". May be
three or four matches, may be none. You may even have to take ownership
of the keys in order to make the change.
*After* that is done, continue on to the next part where you clean off
some excess (unnecessary) files. It only removes those you definitely
do not need, if you follow the directions *as given* and do not deviate.
So reboot (for each of these steps, it is just best to reboot right
before - but I will continue to point that out) and logon as an user with
administrative priviledges.
Download/install the "Windows Installer CleanUp Utility":
http://support.microsoft.com/kb/290301
After installing, do the following:
Start button --> RUN
(no "RUN"? Press the "Windows Key" + R on your keyboard)
--> type in:
"%ProgramFiles%\Windows Installer Clean Up\msizap.exe" g!
--> Click OK.
(The quotation marks and percentage signs and spacing should be exact.)
It will flash by *quick*, don't expect much out of this step to get
excited about. But the cleaner your machine is to start with, the
better your luck will be later (not really luck - more like preparedness,
but that's not as fun to think about, eh?)
Yeah - you will get tired of rebooting - but let's soldier on and reboot
again and logon as an user with administrative priviledges.
This time (and this is one of the more time-consuming steps) you will be
running (one at a time with reboots in-between each) three different
anti-spyware/anti-malware applications to ensure you come up clean.
Download, install, run, update and perform a full scan with the following
(freeware version):
SuperAntiSpyware
http://www.superantispyware.com/
Reboot and logon as administrative user.
Download, install, run, update and perform a full scan with the following
(freeware version):
MalwareBytes
http://www.malwarebytes.com/
Reboot and logon as administrative user.
Download and run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx
You may find nothing, you may find only cookies, you may think it is a
waste of time - but if you do all this and report back here with what you
do/don't find as you are doing all of it - you are adding more pieces to
the puzzle and the entire picture just may become clearer and your
problem resolved.
Reboot and logon as administrative user.
Download/Install the latest Windows Installer (for your OS):
( Windows XP 32-bit : WindowsXP-KB942288-v3-x86.exe )
http://www.microsoft.com/downloadS/...6F-60B6-4412-95B9-54D056D6F9F4&displaylang=en
Reboot and logon as administrative user.
Download the latest version of the Windows Update agent from here (x86):
http://go.microsoft.com/fwlink/?LinkID=91237
.... and save it to the root of your C:\ drive. After saving it to the
root of the C:\ drive, do the following:
Close all Internet Explorer windows and other applications.
Start button --> RUN and type in:
%SystemDrive%\windowsupdateagent30-x86.exe /WUFORCE
--> Click OK.
(If asked, select "Run.) --> Click on NEXT --> Select "I agree" and click on
NEXT --> When it finishes installing, click on "Finish"...
Reboot and logon as administrative user.
Visit this web page:
How do I reset Windows Update components?
http://support.microsoft.com/kb/971058
.... and click on the "Microsoft Fix it" icon. When asked, select "RUN",
both times. Check the "I agree" box and click on "Next". Check the box
for "Run aggressive options (not recommended)" and click "Next". Let
it finish up and follow the prompts until it is done. Close/exit and
reboot when it is.
You should now perform a full CHKDSK on your system drive (C
...
How to scan your disks for errors
http://support.microsoft.com/kb/315265
* will take time and a reboot
You should now perform a full Defragment on your system drive (C
...
How to Defragment your hard drives
http://support.microsoft.com/kb/314848
* will take time
Reboot.
Log on as an user with administrative rights and open Internet Explorer
and visit
http://windowsupdate.microsoft.com/ and select to do a
CUSTOM scan...
Every time you are about to click on something while at these web pages -
first press and hold down the CTRL key while you click on it. You can
release the CTRL key after clicking each time.
Once the scan is done, select just _ONE_ of the high priority updates
(deselect any others) and install it.
Reboot again.
If it did work - try the web page again - selecting no more than 3-5 at a
time. Rebooting as needed.
The Optional Software updates are generally safe - although I recommend
against the "Windows Search" one and any of the "Office Live" ones or
"Windows Live" ones for now. I would completely avoid the
Optional Hardware updates. Also - I do not see any urgent need to
install Internet Explorer 8 at this time.
Seriously - do all that. This is like antibiotics - don't skip a single
step, don't quit because you think things will be okay now - go through
until the end, until you have done everything given in the order given. If
you have a problem with a step come ask and let someone here get you
through that step. If you don't understand how to do a step, come back
and ask here about that step and let someone walk you through it.
Then - when done - let everyone here know if it worked for you - or if
you have more issues.