Stubborn performance impedance, perhaps Virus/Malware/Spyware

By 0mega · 35 replies
Jan 5, 2009
  1. Ahh the joys of computing. Currently, I work on two main machines- a laptop for "fun" stuff, and a desktop for more serious work (which is still usually only coding)

    Wonderfully, both computers have very recently become infected.. My desktop has the ever-present 'Virtumonde' trojan.. which REFUSES to release its hold, while my laptop has something different.. and unknown.

    For this topic, I will focus only on my laptop (if it would be preferable for me to post information pertaining to my desktop in this thread, as opposed to a separate one, someone more knowledgeable than I please say so)

    A couple days ago, I started to have horrible performance issues... All manors of media files (from AVI's to low-quality MP3's) have terrible lag / stuttering.. I'm getting random freeze-ups, that "cure themselves" after 3-5 seconds.. and no error messages.

    As far as diagnosing the cause.. I really don't know. No files were downloaded, nor any new programs installed. No drivers were updated either.. The only updates that I've gotten recently are NAV LiveUpdate.. updates...

    In an effort to fix the problem, I have tried restarting, defragmenting, running disk-cleanup, running CCleaner, scanning for viruses.. everything. That is what led me to this site (as none of my efforts helped) I have now followed the '8-step Viruses/Spyware/Malware removal' threads instructions.. and was disappointed to see that that alone did not fix the problem.

    Also, on a very intriguing note.. I've watched Task Manager during these times of lag (which is always now.. I can't get smooth playback of ANY media file) and my CPU usage isn't even topping 20%... I don't know if there's anything any of the experts here can do.. but it's worth a shot.

    Thanks in advance for any help!

    [Incase it is of any assistance... COMPUTER SPECS]
    Intel Core 2 Duo T7600 @ 2.33GHz
    2.00 GB of RAM
    250 GB HD / 110 GB free
    running Windows XP- Media Center SP3
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Here's the best advice
    Uninstall Symantec AntiVirus (on both computers ;) )

    Then run the Norton Removal tool


    Install the free Avira Antivirus
    Update it, and run a full scan
    At least that way, you'll be clean (and have a faster response computer ;) )
  3. 0mega

    0mega TS Rookie Topic Starter

    haha, yeah.. I do hear that a lot. There seems to be a lot of dislike for Norton :p
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    After you handle the AV:
    Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below.
    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode.

    Right click on start> Explore> Windows System32> right click> delete on feresefa.dll if found.

    Control Panel> Add/Remove Programs>
    "Strongly" suggest you uninstall: BitComet
    You will continue to get malware as long as it's running.

    UNINSTALL Viewpoint- it is foistware and you will get pop-ups from it.
    Reboot into Normal Mode

    Run ComboFix:
    Rescan with HijackThis when through and attach both logs.
  5. 0mega

    0mega TS Rookie Topic Starter

    Thank you very much for the advice. I had a few things to take care of this morning, but they're done now, and I was able to follow the instructions.

    Thanks, too, for the advice about BitComet.. Used it on the recommendation of a friend.. apparently he was ill-advised, himself.

    No hitch with the scans, although I was a little disappointed when the Windows-startup audio 'lagged' v.v;;

    Here are the logs requested.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Okay, ComboFix removed some system32 files. It also removed 2 Symantec 'orphan' files:
  7. 0mega

    0mega TS Rookie Topic Starter

    Oh, sorry. Didn't mean to just ignore the Antivirus recommendation.. I just had a hard time up-and-deleting something I paid for :S It is, however, fully updated.

    I followed the other recommendations in regards to media playback.. Overlays was enabled, as was Full Hardware Acceleration. Oh, and I didn't mean to only list a certain type of file. I have tried .mp3, .mp4, .wma, .wmv, .avi, .mkv, .mpg, .flv... I've tried a great many. (Windows Media Player for some.. VLC Player for whatever WMP can't play... which is a lot of things ^ ^;; )

    I don't believe I'm having any Codec conflicts- I only have DivX and Xvid.

    If I need other driver updates.. unfortunately, I'm not sure entirely how to pursue them. I mean, GFX card updates I understand; I have a GeForce GO 7700 from NVIDIA.. so no problems there.

    Interestingly, and also somewhat disturbingly, startup times have -increased- throughout this process; not only when caused by a cleaning program forcing the restart.. I've restarted a couple times on my own.. and start-up is legitimately slower. I believe my computer is, of course, cleaner now.. which is what has me perplexed.

    Nonetheless, thanks to everyone for all the help!
  8. adweston

    adweston Banned Posts: 242

    I think, Omega, that it's because in the earnest desire to tackle the malware (this is the malware forum, after all), the main issue failed to be addressed.

    The main issue is that you have dogged performance. It becomes increasingly evident while playing media.

    My bet is that your hard drive is getting corrupted. This is further reinforced by the fact that they're telling you to delete Norton Antivirus entries in the logs that no longer exist. That, in itself, should have sent up a red flag. Also, the deteriorating performance of your Windows startup, which on a healthy drive should be the same or faster.

    Rather than addressing the main issue and sending you deleting stuff in this particular instance (certainly unwittingly) they've done more harm than good. The reason is simple. All these read/write operations, deleting, etc are totalling your MFT. Eventually, if I'm right, your laptop won't boot up at all.

    I'm almost willing to bet you have that Intel Flash crap.. It's the number one cause of drive corruption on newer laptops. Disable it in the BIOS. I'm wondering if this is a Dell laptop? Dell loves that Intel crud, despite the fact that the Intel software support on it is hopeless at best at the moment.

    Do not do ANYTHING else... Do not follow another recommendation, until you've run a repair on that drive. Boot into a recovery console from an XP disk and type "chkdsk c: /r" at the prompt.

    After the drive has been repaired, force a defrag.
  9. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Although I do agree that Checkdisk should be run (by the way, starting it from within Windows is totally acceptable)
    I would have to state that Norton is usually the number 1 reason for slowness in users computers. I would highly suggest to start with removing that (regarding slowness issue only)

    But not to follow any other recommendation may be bit extreme :D
    I'd say Bobbye has put at minimum an hour on the thread, and certainly others may have their own helpful thoughts as well (ie me)
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Please hold on this:
    For the record, many users throw out 3 sets of logs whenever there is a problem they can't resolve. We can't ignore the logs. If given the chance, many of us will make the suggestions I have below BEFORE sending the user for malware cleaning.

    However, when they run the programs, the post the logs, they have to be handled. No one has ignore a possible hardware problem- but sometimes the user makes the first choice.

    I don't agree with running the repair. What I do recommend doing first-and this is way down to basics-

    Boot into Safe Mode:
    1. Stop all unnecessary processes from starting on boot:
    Start> Run> msconfig> enter? Selective Startup> Startup tab> UNCHECK everything except the Symantec processes and the Synaptics\SynTP\SynTPEnh.exe for the touchpad> Apply> OK

    2. Change all of the following Services to Manual:
    Reboot the system into Normal Mode>Ignore and close the nag message that comes up after checking 'don't show this message again.' Stay in Selective Startup.

    Now check the Startup time.

    Every 04 process loads when you boot. Every Service set to Automatic starts when you boot. The user has complete control over this- sometimes they just don't know it!
  11. 0mega

    0mega TS Rookie Topic Starter

    damn... Sometimes, I feel like I know things about computers.

    And then I go a little further down the rabbit hole, and get lost once again.

    It doesn't surprise me that you mention a hard drive issue- that very thing FRIED my last hard drive. We (my uncle, who built this laptop, and I) assumed it was just faulty manufacturing. Brand new HD gets put in.. and under 3 months later, its giving me signs too... *sigh*

    To answer your wondering- no it isn't a Dell~ It's a custom built ASUS Mobile. Actually a year and a half old, too.

    As far as this 'Intel Flash crap'.. that can be turned off in the BIOS... I, unfortunately, am not sure how to do that. Enter BIOS settings by hitting F8 on the startup screen? Really am lost in that case... Is this something I can Google reliably?

    In regards to repairing the drive... I don't have XP discs.. Combo-Fix downloaded the XP Recovery Console onto my system though.. Is there anything that can be done from that?

    Looks like I'm at the mercy of this forum's members again ^ ^;;


    Saw that, while I took -forever- to write my reply, Bobbye and Kimsland returned to save the day some more.. I don't know if my post will change your opinion on anything...
  12. adweston

    adweston Banned Posts: 242

    F2 should get you into that BIOS.

    From the recovery console that Combofix installed, you can run the chkdsk command. Please do that before anything else.
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Getting into the BIOS is not a big deal- doing the wrong thing while you're in there can be. If you have someone who can help you the first time, it would be to your advantage. Even a power outage while you're in can trash the system.
  14. adweston

    adweston Banned Posts: 242

    Actually, that would be very rare. You can actually pull the power when you're in the BIOS and not hurt them.. I've personally done it numerous times.. Your mileage may vary.

    However, we can deal with the Intel Flash thing afterwards. Just repair your drive for now.
  15. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    I'd say Bobbye's "mileage" would be above just about everyone here (bar possibly Blind Dragon) Actually Bobbye in my view, is presently the best Virus\Malware removalist that TechSpot has. :grinthumb
    There is certainly nothing of concern in Bobbye's knowledge, on any thread he has posted on

    Possibly the thread starter 0mega, could make comment on how the computer is presently running
  16. adweston

    adweston Banned Posts: 242

    That comment wasn't in reference to malware removal. I'd very much appreciate it if you didn't take my comments out of context and then try and formulate some type of argument based on it. Thanks.

    It's very common for malware removal to total an already damaged MFT. The key symptoms were ignored. Period. These "strategies" just totalled a guy's harddrive in another thread. A repairable problem that everyone, including yourself, is telling him it's done, wipe it out.. start over.

    While admittedly it's difficult doing tech support on a message board, experience (and lots of it, not "paper smarts") helps isolate issues without demolishing the customer's computer. A good tech will knock off issues in order of importance.. A fuctional hard drive, in my mind anyways, ranks right up there.

    Further, the comment about totalling your computer while you're in the BIOS and you lose power... Not typically true... Spoken from experience. It will total it if you try flashing it, etc, and lose power however.

    With that in mind, I'm not exactly sure that some type of endorsement at this point is all that valuable. ;)
  17. 0mega

    0mega TS Rookie Topic Starter

    Wow... I certainly hope I'm not starting a fight amongst members here x.x

    I had actually held off on doing anything, hoping you three experts would reach a consensus ^ ^;;;

    Since I am definitely not in a position to evaluate which of the purposed fixes is 'best'.. just looking at both of them, though.. they aren't really conflicting, right? I mean, changing the processes that startup isn't deleting anything, so I won't be going against what adweston said.. that way I can follow both ideas.

    As far as changing a BIOS setting.. I'm currently on my laptop, which is also plugged into the wall. So even if the power does go out, the battery -should- kick in, right? I mean, the battery is fully charged...

    Also, in regards to running check disk.. if I do run it, telling it to 'repair' won't delete any data will it? ^ ^;; I've never tried to repair a hard drive.. soo.. I'm Quite ignorant in that regard.
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    It is unfortunate when members disagree on how to handle a problem "in public". However, please understand that it doesn't mean that any of the suggestions are not valid and while some comments come across as rude, we are not "fighting."

    We are giving you the benefit of our varied experiences. Of course, each of us thinks that what we suggest is the best way to go. We will not reach a consensus in this case. That is not always the case, and the person asking the question must then decide which avenue to take.

    Personally, I do not advise any inexperienced user to go into the BIOS. That has always been my way and it will remain so. You have clearly not demonstrated a grasp on how the computer works and I would advise you to either get someone more experienced to help you and have a tech do it.
  19. 0mega

    0mega TS Rookie Topic Starter

    With such serious cautions being pressed about entering into and changing things in the BIOS, I did follow Bobbye's suggestions of forcing a more selective startup.

    The end result- a -long- bootup time... (according to the timer, 8, 10, and 5 seconds longer then before..)

    It would not surprise me if some setting was merc-ing my hard drive.. it may have been the cause for the eventual failing of the previous hard drive. Stopping that from happening would be ideal..

    This is, of course, not in any way meant to deface the valued input and TIME that Bobbye invested in cleaning my system; I am very sure that what you have done HAS helped.. I just believe that, at this point, there has to be something other than Malware / Spyware / Viruses that are causing this malfunction.

    Now, it was mentioned that I should run Check Disk on the drive.. just wondering if there were any risks involved in this. For instance, if the utility decides to fix bad sectors.. it's not going to delete data, will it?

    Thanks for all of your help on this annoyingly-long fix...
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    The HijackThis log shows an incredible number of programs and processes loading at startup.
    If you did this, there is no way it could increase your startup time.

    And if you followed with taking the Services off of Automatic and putting them on Manual, there is no way it would increase the startup time.

    So something else is going on. you began the thread with
    You have done the regular maintenance, so go ahead an run the Error Check:
    My Computer> right click on the Local Drive- usually C> Properties> Tools> Error Check> Check both boxes on the screen that comes up> Next> Close the message and reboot the system. Error Check will begin in 9 seconds. Let it run to completion. System will reboot when through.

    See how much difference-if any-this makes in the system performance. The next step I would recommend is to run the memtest on the memory chips:

    The problem is mechanical- whether we can fix it remains to be seen.
  21. adweston

    adweston Banned Posts: 242

    The best, most thorough and accurate way of fixing it is by going to the Recovery Console and typing "chkdsk c: /r" at the prompt.

    I've actually seen it where a Windows chkdsk in My Computer was run on a damaged drive and actually did MORE damage...

    Just my personal experience. Take it or leave it.
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    You are surely doing a great job of confusing this user! Maybe somewhere, sometime on some system damage was done, but that is NOT how it usually works.

    I would appreciate it greatly if you stopped finding a fault with what is suggested. We have someone with a problem who is asking for help- how about let's give it instead of disputing everything the "other" person says!
  23. adweston

    adweston Banned Posts: 242

    This isn't about "finding fault". This is about sharing an experience with someone to save them headache. We fix dozens of computers every week of all makes and models. We don't sit on a message board, looking to extend our e-peen.

    If I share something on this board, it's because I've done this for 24 years, I've run into it and if I can save someone some headache, I will.

    In this case, I had a PC come in that I was doing the chkdsk on. Unaware of what would happen, after three scans I went on a service call. When I got back, I found out that one of my techs had restarted it and run a Windows chkdsk on it. It completely demolished everything I had done to that point. Windows refused to boot after that.

    Another time previous to that, I'd run a chkdsk on a computer. I got it into Windows and figured I'd do one more through Windows. It demoed the MFT and I had to start all over again.

    You've already blown it once in this thread. Do you really want to go for a second? Or would you rather air on the side of caution?

    EDIT: I was just grabbing a pop, and I just remembered a third time that this was an issue. In this case it had come in for sluggish performance. It was infected, but it was still running like crap afterwards. Because the tech was already in Windows no problems, we ran the chkdsk from the My Computer. The computer restarted, did it's repair, then restarted again. Unfortunately when it started back up, we got the now infamous message that it couldn't find c:\windows\system32\config.. etc. It completely tanked the drive. We repaired it, but... I always approach problems as "let's make it easier for the client...not harder".
  24. Per Hansson

    Per Hansson TS Server Guru Posts: 1,957   +214

    You are threading a fine line here, accusing someone of "looking to extend our e-peen" whilst at the same time posting advice to the same thread!

    Running chkdsk inside of Windows is not possible, it will dismount the drive if repair is necessary, and since the System drive can't be dismounted for obvious reasons it is not caused by the fact that you "run chkdsk in Windows"
    C:\Documents and Settings\Administrator>chkdsk c: /f
    The type of the file system is NTFS.
    Cannot lock current drive.
    Chkdsk cannot run because the volume is in use by another
    process.  Would you like to schedule this volume to be
    checked the next time the system restarts? (Y/N) n
    The reason for this is not in the way how chkdsk was run
    Chkdsk simply found a bad sector which happened to coincide with where Windows stores it's registry (which is quite common due to the fact that the registry is read and written to very oftenly thus wearing out these sectors on the harddrive more than the others)
    The way for it to "fix" the fault was to remove this sector, thus making the file inaccessible (probably stored under c:\found.000)
    Of course the issue was still there before running chkdsk too, if that area of the registry with the bad sector needed to be read the system would either lock up or slow down as the harddrive tried to read the data

    Your last advice to only run chkdsk from the recovery CD is very very very dangerous advice!
    Pre Windows XP SP1 the OS was not 48-bit LBA aware
    So if the harddrive is over 137GB in size and WinXP SP0 is used to run chkdsk the result will be data corruption after 137GB!
  25. adweston

    adweston Banned Posts: 242

    That's why I said "that the computer rebooted, did it's check, then rebooted again after the check was complete"

    The reason I highlighted that is because the chkdsk does not work within Windows with the "automatically fix..." box checked.

    The advise is no more dangerous than if that same individual was using a Pre SP1 installation (neither of which has existed since what, 2001? 2002?) which would have the same result running it from "My Computer". Then we'll also just disregard the BIOS support stuff.. And... Size of drive when they installed their prehistoric XP, etc.

    But point taken.. I'll mention "as long as you didn't buy your Windows XP disk from Fred Flinstone's Computer Store you'll be fine".

    And finally, I know exactly why it did it in that ONE instance. Thank you for only highlighting one out of the three..

    Chkdsk /r will do the whole thing, including recovering information from bad sectors, that the one in Windows doesn't seem able to do as effectively.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...