Clean WIN XP SP2 very slow

[PFJ]

Hi All,

a colleague asked me to have a look at the family (multiple users) PC (Dell DIM2350 128MB/30GB) because of pop-ups etc. After following the tried and trusted steps outlined in this forum I found several Trojans, using Lavasoft:950 infections most critical; AVG 523 and some diallers. One of the kids was into gaming on line! and no virus, spyware, malware etc protection whatsoever.

I think that it is totally clean but opening files, folders and programs is painfully slow. The CPU dos not appear to be over burdened at 8% max.

Is it just a crappy 128MB PC?

Any ideas friend? Should I post a HJT log?

Regards

PFJ

 

[raybay]

The 2350 is a decent budget machine. But the fix is boosting the memory to 512 MB or more. HJT is not going to help much until you increase the memory. The Dell 2350 was designed for Windows XP 2002. When Service Pack 2 and the continual updates came out, 128 MB was no longer minimally adequate. Your slowness problem is almost certainly a memory issue. 512MB is a minimum. That machine will take up to 1 GB in two 512 MB, but two 256 MB are fairly inexpensive.

 

[howard_hopkinso]

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

HJT is not going to help much until you increase the memory.

Regardless of whether the computer needs more memory, it`s important to get rid of any malware, therefore HJT is an important tool in achieving this and should be run as per the instructions. Provided, PFJ wishes to clean, rather than format the hard drive.

Regards Howard

This thread is for the use of PFJ only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[PFJ]

Thank you both for your replies and advise.

I really dont want to go down the road of reformatting and I see the logic is extending the memory.

After posting yesterday I did a scan on a user account and found more nasties using AVG anti-spyware and Lavasofts' adware. It seems that even though I scanned thouroughly in the safe mode with restore turned off using the user admin account it was not enough. It appears that I have to go through all the user accounts and clean them individually.

I have a vague recollection that is why I choose not to have individual user accounts on my own family PC.

I've never added memory before; is it just a case of sticking the memory in a vacant slot and if so will any memory do from an old defunct PC?

Regards

PFJ

 

[Rik]

You have to use the correct memory for the motherboard or you will have major problems. Go here - www.crucial.com to find out what it needs.

It really looks like a re-install is your best bet to me.


This thread is for the use of PFJ only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[PFJ]

Thanks Rik,

still running scans on other user accounts;just find 88 with Lavasoft. If it were my PC I would have no qualms about formating or re-installing.
I have two anti-virus programs running; perhpas when I feel that the PC is clean it will run facter when I uninstall one of them?

Keep all posted.

Regards

PFJ

 

[mailpup]

Clear the System Restore files too. Copies of some nasties could be stored there as well. You can do that by turning off System Restore. You can turn it back on afterward. Defragmenting the hard drive should help to speed loading files.

 

[PFJ]

Thanks Mailpup,

I have this PC almost a week now; luckily I'm in a job where I can afford a little time to attend to the scans. I did initially disable 'System Restore' while running in safe mode and bombarded the nasties while following the instructions on the TS thread. But I did not scan using the Administrator, I used an account that had admin privileges. Now in normal mode going through each account I'm finding 79-88 nasties using Lavasoft and Adware.180Solutions using AVG anti-spyware among others.

The PC is sooooo slooww going from one task to another that it is taking ages to get through the user accounts.

Thank again for your post. I'll reboot to safe mode and use the Administrator account the next time rather than the user-privileged account.

Regards

PFJ

 

[PFJ]

Hi Fellow TS,

hopeing to conclude this thread with the story so far. The primary reason the PC was sooo slooowww was because I had a Symantec anti-virus loaded as well as AVG. Removing Norton (using the thread by da_head and the tool provided by Norton) the PC speedy up.

I then followed the thread by howard_hopkinso re: removal of nasties etc..

The trendmicro on line scan showed several nasties that were not caught by the reliables.

Howevr, I just completed another scan of one of the user accounts in normal mode and Adware showed 101 infections.

The attached Analyze/HJT log was done following yesterdays full bombardment.

In the safe mode there is only one user account with admin privileges. Should I make them all admins and scan each account in safe mode?

Regards

PFJ

 

[tomrca]

have hijack this fix these. O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

as you are not using norton you can get rid of this too
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\

 

[PFJ]

Thanks Tomrca,

what I done now is to give all accounts temporary admin priveliges. Turn off 'Resote' and boot into safe mode. Going through each account individually and following the methos outline in a TS thread.

The online scan from TrendMicro really threw up some nasties that were not found by NAV and other AVs vendors. Among them were:
ADWARE_APROPOS
TSPY_DROPPER.7
ADWARE_IBIS.WEBSEARCH
ADWARE_MEDIAMOTOR
ADWARE_WHENU
TSPY_LDPINCH
ADWARE_MEMWATCHER
ADWARE_BHO_SEP
TSPY_JOINER.AV
and on one of the accounts all of the above plus ADWARE_BHO_ESYNDICATE.


Regards

PFJ

 

[tomrca]

would you like to post a fresh hjt, or are you happy with what you have now?

 

[PFJ]

Hi Tomrca,

I'm going to run through the 5 accounts again using Trendmicro etc. If any of the nasties that I've mentioned in my last post are unresolved I will post a new HJT log. Thank you for asking.

It curious that this PC was only connected for short intervals on a dial-up line and became so badly infected. The owner had originally install NAV but the license has expired and no AV was used. For instance, I had a problem last night with my router trying to connect to broadband so when I resolved the problem I carried out several scans. I've a license for AVG but I said that I would do an on-line scan using the housecall from Trendmicro. It was totally clean! even though my kids go on dubious sites for games and music.

Just goes to show the necessity of AVs, a good firewall and anti-spyware programs and being diligent enough to run the on a regular basis.

Regards

PFJ

 

[Rik]

Just goes to show the necessity of AVs, a good firewall and anti-spyware programs and being diligent enough to run the on a regular basis.

Well said, if only everyone thought that way malware wouldn't be the big problem it is at the moment.

 

[PFJ]

Thanks Rik,

still having problems; on the first account I'd clean this morning I still have many of the nasties listed on an earlier post while using trendmicro on-line scan.

So I've posted another HJTlog.

Regards

PFJ

 

[Rik]

I can't see any problems with that HJT log.
Can you please list all symptoms and may be perhaps post up and AVG anti-spyware log.


This thread is for the use of PFJ only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[tomrca]

Hi Tomrca,

Just goes to show the necessity of AVs, a good firewall and anti-spyware programs and being diligent enough to run the on a regular basis.

your not wrong on that account...
so called FREE games are notorious for installing spy-ware, and if the game is downloaded from a P2P, it's more likely to be a transient for a Trojan.
have a look around for an AV programme that will prevent access to sites or warn of a dodgy site before it loads.

 

[Rik]

I personally use and like Mcaffee site advisor!!

 

[PFJ]

Hi All,

I'm wondering is Trendmicro throwing up false positives; I think thats what they are called! It's when it detects items of software from normally good vendors (like Microsoft[though that's debatable]). For instance, the SKVP.sys file that TM detected is part of an anti-cracking file placed by MS (from what I can derive from googleing).

However, I see from the AVG anti-spyware log that 'no action' was taken on most of the adware it detected. I have done several scans with AVG_A_S so I don't know why it ignored them. I have done more but nothing was found.

I have attached this as Rik suggested. Also the lastest HJT log from the original admin user account in safe mode with 'system restore' off.

Regards

PFJ

 

[PFJ]

Hi,

things are going well now. After giving each account full admin rights I went through each account but the same results appeared with the trendmicro on line scan each time I selected 'clean'.

The in each account I where I had previously selected to 'show hidden folders & files' I also unticked 'hide extensions for known file types' and ' hide protected operating systems files (rec)'.

Now trendmicro is cleaning up the accounts. I think that it must clean each account separately because I see that when I log onto a user account only some of the nasties are gone until I clean that particular account.

So I conclude that it must be necessary to give all account users admin rights until the cleaning process is successful.

When I have removed these nasties then I can determine if I need to remove WINXP SP2 due to lack of RAM as previously stated by Raybay.

Regards

PFJ

 

[howard_hopkinso]

According to your AVG Antispyware log your system is riddled with malware.

Do the following.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how HERE.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Aprps

Close control panel.

Locate and delete the following bold files and/or directories(if there).

C:\program friles\Aprps<Delete the entire folder.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Go HERE and follow the instructions for the use of AVG Antispyware.

Post a fresh AVG Antispyware log as well as a fresh HJT log. Please post them as attachments and not as .pdf documents.

Regards Howard

This thread is for the use of PFJ only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.