Jump to content

Possible infection with programs acting slow


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hello, few days a go I noticed that some programs, mainly Google Chrome, are oddly slow. This noticably manifests as videos buffering for way longer than usual and websites loading slower than usual. Also my disk usage often times seems to near 100%, when with the same amount of programs open previously it didn't. Malwarebyres scan found nothing. I have posted the relevant attachments.

Malwarebytes_Logs.txt Addition.txt FRST.txt

Link to post
Share on other sites

Hello @Horse_3
Do realize that a slow browser or slow system may be due to factors other than a 'infection'. You made mention of Chrome. Let us start with some steps to help Chrome and Edge browsers.

for Chrome, while Chrome is running:
Press & hold SHIFT+CTRL+Del keys  on keyboard to get menu for clearing browsing data:

Check mark the line  "Browsing history"

Check mark the line "Download history"

Check mark the lined "Cached images and files"
and press Clear Data button  ( in blue )

[   2   ]

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

[   3   ]

Let me suggest that you get your browsers each, as applicable, to have the Malwarebytes Browser Guard.

See Support article how-to

https://support.malwarebytes.com/hc/en-us/articles/360038520374-Install-Malwarebytes-Browser-Guard

For the EDGE browser https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser

Note: If your pc also has Opera or Brave or Vivaldi browser, you can install the Chrome version of the Malwarebytes Browser Guard ( on each as appropriate).
 

Link to post
Share on other sites

Notes and observations. I am listing here 2 things that were noted from the Windows logs.
The first one is from 5 August indicated a application hang of Windows Explorer.
Application errors:
==================
Error: (08/05/2022 04:12:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Ohjelman explorer.exe versio 10.0.19041.1806 lakkasi olemasta yhteydessä Windowsiin, joten se suljettiin. Voit tarkistaa, onko ongelmasta saatavilla lisätietoja, tarkastelemalla ongelmahistoriaa ohjauspaneelin Suojaus ja ylläpito -kohdassa.

This one is a notation from Windows logs from 12 August:
Error: (08/12/2022 05:26:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT administration)
Description: Installation failed: Windows failed to install the following update and returned error 0x800f080a: 2022-08 Cumulative Update for Windows 10 Version 21H2 x64-based Systems (KB5016616).

Suggest that when you next have the time, opportunity, and when machine is idle, to do this. 

RESTART Windows, first. 
I would highly suggest to insure that this pc is all up-to-date with security updates & cumulative updates on Windows. select the Windows Start  button, and then go to Settings  > Update & Security  > Windows Update . and click Check for Updates.
Have much patience.

Edited by Maurice Naggar
Link to post
Share on other sites

I have done the steps in the first reply. My windows update settings show that I am up-to-date with updates, I did also notice that there was a driver update that I hadn't installed, however the problem does still persist. If there was nothing wrong in the logs other than windows issues I guess it must be some other problem.

Link to post
Share on other sites

  • Solution

[1]

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article
Please use thuis guide https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

[2]

I need future reports of FRST64 to be in English, my native language; and since this machine's language is non-English, I need an adjustment for just FRST tool. Go to your Downloads folder. Do a RIGHT-click with your mouse on FRST64.exe & select RENAME & then change it to

FRSTENGLISH.exe

. This will be a great help to me.

[3]

Next, a custom script to do  checks & selected  cleanups. 

We will use FRSTENGLISH.exe  on the Downloads to run a custom script.    The system will be rebooted after the script has run.

This custom script is for  horse_3  only / for this machine only.

This custom script has some specific things, plus some general aspect to help the system overall.  Hoping it will not exceed 60 minutes in execute time.

This next run will do some checks using Windows SFC & DISM. It will also do some scans with Microsoft Defender antivirus. It will clear temporary files. It will clear Chrome & Edge browser cache files.

  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.
  • If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.
  • Please save the (attached file named) FIXLIST.txt   to the   Downloads   folder

Fixlist.txt             <<< - - - - -

Then, Start the Windows Explorer and then, go  to the Downloads    folder.


RIGHT click on FRSTENGLISH.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity. 

NOTE: I would like to make clear that the Farbar FRST reports do not have indications of any infection. And I would, also, reiterate that the Malwarebytes scan reported no infection.
In any event, the hope is that the custom run will be beneficial, for example, in getting some pep back overall to the system.

Edited by Maurice Naggar
added note
Link to post
Share on other sites

Hello, I have done the steps and included the fixlog as an attachment.  Also I am sorry for the language mixup. It definitely seems that things are running as they should be. I would like to thank you for the help even though it wasn't malware related. It seems some of the text in the Fixlog is not in english even though I renamed FRST. If needed I can change the system language and run it again.

Fixlog.txt

Edited by horse_3
Link to post
Share on other sites

Hello. The run of the script is good. No, you do not need to re-run. The run accomplished what was intended. I am glad to read from you 

Quote

It definitely seems that things are running as they should be

By the way, the Microsoft Defender antivirus is in good shape. 

I would recommend getting a readout report as to update status of some key apps.

                               This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

Link to post
Share on other sites

Hello. There are 3 applications needing your follow-up to insure they have the latest updates. 

WinRAR 6.10 (64-bit) v.6.10.0   Warning! Download Update

Discord v.1.0.9003   Warning! Download Update

Spotify v.1.1.89.862.g94554d24   Warning! Download Update

Link to post
Share on other sites

We can rule out infection, altogether. We are nearing end-of-case, though I want to have your system disc checked.
When you get some quiet time where you do not need to be using the computer, I would like you to run a CHKDSK to check the integrity of the file system storage on the disc.

Click on START and type in CMD.EXE and when it shows on the menu right-click and select "Run as administrator" and type in or copy and paste the following exactly onto the command-prompt-window. Then press the Enter key and restart the computer. Let the DISK CHECK run. Do not touch any keys while booting.

ECHO Y|CHKDSK C: /F

 

Let me know if there are any errors shown from the disk check One other thing, let me know how old this machine is. Is it, say, over 8 years old ?

Link to post
Share on other sites

Thank you. That result from CHKDSK is good to know. Now, one other check, thru Windows, about disc hardware status.
We will first launch a CMD command-prompt in Elevated mode
On the Taskbar Search box, type in

cmd.exe


click the CMD line for "run as administrator"

type the following and tap Enter:

wmic

Then COPY & PASTE the following and tap Enter:

diskdrive get status

If the status of your hard disk is normal, you will see a message,

OK

.

Look close on your result & let me know what it showed.
When all done, you may Close the command-window.
 

Link to post
Share on other sites

That is good. This system is good-to-go. This here is for tools cleanup.

Please download KpRm by kernel-panik and save it to your desktop.

  • right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log may open in Notepad titled kprm-(date).txt.  I do not need it. Just close Notepad if it shows up.

Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

I am marking this case for closure.
I wish you all the best. Stay safe. 

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Sincerely.

Maurice

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.