My friend was given a new Toshiba: Satellite P755-S5120 Laptop just over 3 years ago. He did not receive or buy any recovery or installation disks at the time. He was planning to make a recovery disk but never has, nor has he backed up any of his personal files.
Fast forward to today, it’s a mess. Starting his computer takes several minutes, then he’s plague by numerous update requests and when he gets pass all that it runs slow and is occasionally hijack by Yahoo. Some friends of his said he probably has a rootkit virus thingy and that the laptop is hosed or at the very least the HD needs to be wiped. A quick Google showed there are rootkit scanner & removal tools available.
The Questions:
If he does have a rootkit virus thingy, can it be removed without wiping the HD?
Are his personal files infected, or can they be back up safely?
Sounds like just a bunch of background services/applications hogging up CPU time and memory.
Rootkits or other malicious software might be an issue as well, who knows, but usually, the combination of tons of unnecessary, poorly optimized background services/apps + a slow as molasses laptop drive = HUGE loading times, and poor system responsiveness.
In win7 You can go to the search box and type msconfig and click on the msconfig.exe file. Under the startup tab, you should see a list of applications that are loading in the background, under services, background services are listed. Sort by active, and see if there’s stuff in there that shouldn’t be loading up.
Turn anything that shouldn’t be running off.
Personally, I would just wipe the drive on a system that seemed that infested with crap.
For a laptop, I would also recommend spending a few bucks on an SSD. It will you give better battery life and will speed up OS responsiveness immensely over your traditionally super slow laptop drives.
Make sure you backup your personal files: images, videos, text files, etc. should all be safe to backup, and that you have a copy of the serial/keys/liscences for any programs you own.
Back up all personal data on a blank external drive (there likely is nothing wrong with the data, but better safe than sorry).
Run diagnostic on the hard-drive, for example Seagate Tools. Failing hard-drive is a common cause for slow performance.
Uninstall all crapware, including the stuff from Toshiba.
If performance does not improve, you can start scanning for malware.
If going for a clean install, you may be able to get Windows 7 ISO here. Make sure you download all necessary drivers before formatting the hard-drive.
rootkits work at the kernel level and it’s pretty difficult to be confident that they’ve been excised. Nuke it from orbit, it’s the only way to be sure.
As others say, disconnect it from the internet, launch into Safe Mode, and copy all the files that you want onto an external drive.
Then nuke the machine. If he has his Windows information, there may be some way to get an installable image. But otherwise, you might check to see if he could live with Linux. Ubuntu Linux is pretty easy to install and, if all you do is browse the internet and check your email, should be more than sufficient for anything he would want. At 3 years old, I wouldn’t suggest forking out a bunch of money for a new copy of Windows.Most likely the machine doesn’t have that much life left in it anyways, so it would be better to just buy a new computer if you need to buy Windows.
Some of the personal files may be infected. On Linux, that shouldn’t matter since security is higher and I’d seriously doubt that there’s a Windows virus that could affect Linux too. If you move to another Windows machine, or figure out how to get a new copy of Windows on the machine, I’d suggest installing a virus scanner first, before copying the files over. The scanner should check the files while they’re being copied, but just to be safe, you can run a full disk scan after copying them over.
I’ve had good luck using Windows Defender Offline.You download it, make a boot CD or USB disk with it (on an unaffected PC), and boot the laptop from it. It won’t load anything from your laptop’s hard disk so it can scan it independently. Make sure you also have an internet connection as it can also update its definitions before scanning.
It can take several hours to run, much longer actually than reinstalling Windows, but if it is successful it will preserve your files.
I don’t know about your particular model of laptop, but many laptops have an option to restore the hard drive to its factory default. The way it does this is it copies the drive image from a hidden partition on the hard drive. You don’t need system restore disks for this type of laptop, unless the drive itself fails.
If the drive fails and you replace it, or you have the type of laptop that doesn’t have the built-in hidden restore partition, then you can usually order system restore disks from the manufacturer for a small fee. I think I paid something like 10 bucks when I did it for my neighbor a few years ago.
FWIW, I also recommend the nuke it from orbit option. I wouldn’t trust any executable files that are on the machine, but data files will probably be ok. I personally would boot the machine from a linux bootable disk, use linux to copy over the files to a backup drive (that way you don’t copy the virus over to the drive at the same time), and then scan that backup disk in a windows machine with a good anti-virus checker. Only then would I pull files off of it to put on the freshly installed windows. This method requires some understanding of linux, though.
This is the one thing I don’t like about Toshibas: it’s hard to distinguish their crapware from their genuinely functional software. For example, the Service Station application is basically the system update function, and some of the hardware functions are dependent on other Toshiba preloaded stuff (for example, my microphone stopped working when I uninstalled “Toshiba sound” or something like that on my last laptop). I haven’t been able to find a good list of what’s crapware and what isnt’.
Unless you have specific reason to suspect a rootkit I’d argue that 99% of consumer machines with craptastic performance simply have lots of crapware and maybe some conventional malware installed.
A full backup off to another disk of all personal files followed by a major cleanout via add/remove programs followed by installing all the latest Windows updates & anti-malware will get the PC back to a good condition.
Nuke/pave and reinstall is easy for folks who already have done it a few times, have all the install disks, know how to make an inventory of all installed apps, don’t have too many custom settings and have an inventory of same, are comfortable chasing down drivers from the 'net, and (especiually in the case of Toshibas) can get all the factory installed software as separate install kits.
I’m supposedly one of those guys, and I killed the touchpad on my Toshiba R-705 doing a reinstall. Multiple attempts to locate and install the appropriate drivers & Toshiba-ware have come to naught.
IMO … The skill level evident in the OP’s post tells me he’s a lot more likely to end up with a brick or major lost personal data and apps by doing a “nuke it to be sure” vs. doing a diligent backup and cleanout strategy.