How Do I ID This Malware and Kill It?

[Tuckerfan]

I’m running XP Home, fully patched and updated and recently it’s just started running like crap. When I first boot the machine up, it runs fairly normally, but after a few hours of use, it bogs down almost to the point of unusability. Running Task Manager and killing everything I can (except for things like the firewall) gives only the barest of improvements. I’ve scanned the machine with AdAware (fully updated), Spybot S&D (also fully updated), my anti-virus software (fully updated), defragged the drive, and the registry, but still, it’s a slug.

Obviously, there’s something going wrong, but what? Even when the machine should just be sitting there “idle” the drive light will come on, like it’s scanning the harddrive or running a program. I know that there’s a type of malware that can infect a machine and is almost impossible to detect, so I’m thinking that I’ve gotten infected with that (it’s some type of “hook”), but I don’t know how to find it and kill it, if that’s what it is. If that’s not it, I need some idea of what it might be. Any suggestions?

[Myglaren]

When the machine ‘should be’ idle, XP will index the drives for faster searching - you can turn this function off in system properties.

How much drivespace is free? Have you a second hard drive? How much physical memory?

It is possible that the primary drive is cluttered. Remove all temp files, temp internet files etc.
Defrag and set the virtual memory manually - put it on the slave drive if you have one. Set it at about twice your physical memory.
Reboot.

If you are using Firefox you can set it to clear temp. internet files on exit, along with a pile of other stuff that is generally good to get rid of periodically.

What anti-malware programs have you installed? Have you had a look in the sticky 'Computer Questions thread? There are tons of tips and users experiences there that would no doubt go a long way to helping with your perceived problem.

[Tuckerfan]

Myglaren:

When the machine ‘should be’ idle, XP will index the drives for faster searching - you can turn this function off in system properties.

It is off.

How much drivespace is free?

30+ gigs.

Have you a second hard drive?

Yes, that’s well over 200 gigs, that’s where I store my MP3’s, etc.

How much physical memory?

512 MB. Yes, I know it’s low for XP, but it’s how much was installed before the slowdown started.

It is possible that the primary drive is cluttered.

Nope.

Remove all temp files, temp internet files etc.

Did that, didn’t help.

Defrag

As I stated in the OP, I did that, and it didn’t help.

and set the virtual memory manually

It’s on “auto” and it’s one thing I don’t like piddling with as XP says you shouldn’t do that unless you really know what you’re doing.

• put it on the slave drive if you have one.

That’s connected via USB 2.0, so that would really degrade the machines performance if I did.

Set it at about twice your physical memory.
Reboot.

If you are using Firefox you can set it to clear temp. internet files on exit, along with a pile of other stuff that is generally good to get rid of periodically.

I only use Firefox when a page won’t load via Opera as Firefox is bad about memory leaks and it’s set to clear everything on exit.

What anti-malware programs have you installed?

As I listed in the OP: AdAware and Spybot S&D.

Have you had a look in the sticky 'Computer Questions thread?

And I’ve contributed to it in the past.

[Cap_n_Obvious]

What AV programs are you using?

Norton and McAfee are bad about being bloated and bogging a system down like that. If you’re using either, I’d suggest switching to AVG.

Also, have you cleaned the dust from the CPU’s heatsink and fan lately? If those get to dusty, it can slow the system down as well.

[Tuckerfan]

Cap'n Obvious:

What AV programs are you using?

Avast!

Norton and McAfee are bad about being bloated and bogging a system down like that. If you’re using either, I’d suggest switching to AVG.

I know, that’s why I don’t have any of their stuff on my machine.

Also, have you cleaned the dust from the CPU’s heatsink and fan lately? If those get to dusty, it can slow the system down as well.

That, I haven’t done, but in checking, the CPU temp’s normal and not high.

[RealityChuck]

You really need Hijackthis to analyze a spyware infection; spyware doesn’t show up in the task manager.

Download hijackthis and save the log. I wouldn’t recommend interpreting it yourself, but you can take a look. Upload the log to the boards at http://www.spywareinfo.com and get their advice.

[Myglaren]

Well, that gets the basics out of the way.
Despite the dire warning about handling the swap file settings yourself, there is really no problem to it and you can always revert if you experience a degradation in performance (unlikely)

Most of my machines have been set manually or killed completely and allowed to run in physical memory only. Never a problem with it.

The reason for the defrag following the cleanout was in order to get the swapfile all in one block on the hard drive to stop it interfering with your other material there. If it is all in one contiguous block it is more efficient.

It is even better on an internal slave drive but as you don’t have that you say you don’t have that option and certainly putting it on an external drive would hardly seem to be a wise move.

Have you tried the Spybot Search & Destroy advanced mode tools?
The Secure Shredder will find and dump stuff that XP doesn’t know about.
The Startup list will find stuff that msconfig isn’t aware of. It will in most cases give a description and advice on whether it is an essential function or superfluous.

The Hosts file is similar to the Immunize function in blocking known bad sites.
System internals will fix any tangled up mess in the registry.

Despite the warnings I have run all those functions and all the remaining ones - mainly to see how much havoc they could wreak, and never had the slightest problem.
You don’t list a specific AV program.
If you don’t have it, may I recommend Avast.
It will after installation ask to run a boot-time scan and if permitted will scan and fix/archive anything it finds with Windows inactive. Less chance of the slippery little buggers evading it!

A note of caution though. You MUST stay with the machine during the boot scan and keep shoving the mouse around. If the machine goes into power saving or hibernation the effects are dire - I had to reinstall Vista - found out the hard way.
I’ve used it on several machines since and not had any problems once that is observed.

You will be aware of the ‘Hijack This’ option. and have presumably considered this.

Have you used CWSShredder?
Although SS&D will find and remove some of them, this is worth running now and then. Click the ‘stand alone version’ link or they will ask for cash.

Coolwebsearch doesn’t JUST redirect your browser pages, there are other little bits of nastiness associated with it.

A lot of people have cited the Firefox memory leak as a problem and as you say you don’t use it by default. I have never encountered a problem with it but it would not appear to be the reason for the slow down.

Have you installed anything recently that could be taking up resources? Any updates? There were some updates from Microsoft a few weeks ago that were reported as giving a slew of random problems including slowing systems down.

[Myglaren]

OK - I see you have Avast - you can still run the boot scan though, if you think it may discover something.

[Fear_Itself]

Open the Task Manager (ctrl-alt-del), click on the Processes tab, and click on the CPU column label to order the processes by CPU usage. What is using up all your CPU resources?

If CPU usage is not maxed out, you could try scanning with a rootkit scanner to see if you have any hidden processes. Grisoft recently released this free one: AVG Anti-Rootkit Free

[Tuckerfan]

Well, I found a couple of BHO that didn’t have a file associated with them and deleted them, and that seems to have helped. Presently, I’ve got a rootkit scan going on, so I’ll have to see what that turns up.