Jump to content

Questions about SW and HW settings, configurations, etc. affecting the 'speed' of a PC and/or it's resistance to a (virus, trojan) or other malware.


Recommended Posts

Hello -

I recently was helped in ridding our computer of a 'malicious trojan' and in the "recovery period", I've discovered that I have a bunch of questions and nowhere to go for answers - so, I thought, why not here?

So, before I get too hot and bothered about this or that - is this the correct forum?

til later ....

Link to post
Share on other sites

Welcome Charlies Aunt -

If they are general PC questions then you are here -

If it is specific malware/Malwarebytes related then General Malwarebytes' Anti-Malware Forum , this area is most likely better -

Either is a good area to begin with your questions - We are happy to assist as you think best -

Do you think your computer is still infected or just general questions ??

Thank You -

Link to post
Share on other sites

noknojon -

I don't think I'm still infected, but the laptop is exhibiting some behaviors it hasn't before - possibly because of the 'extraction' techniques - or not....

Also, due to the extra scruitiny I've been giving the activity of the laptop, lately, I've noticed things I never have before, so I'd like to check some of them out.

Last, but certainly not least, I need to come up with an "infection defense". That is, an program of action using a specific collection of software to effect the non-simple goal of keeping the laptop clear of the multitude of infections out there trying to get in. The plan will probably not be difficult to design. The hard part, I think, will be choosing software that is actually useful, does what it purports to do - not just 'sort of'. The user interface, while really important for some, is much less important than whether the job is completed, but similarly important is the support by the manufacturer.

Enough of the over-view.

During the cleaning process, I was instructed to download, install, execute and allow ComboFix to download the Microsoft recovery console to my laptop, install it, run it, & then uninstall itself. By the name, I can infer 'kinda, sorta' what the recovery console does, or did. However, I am at a loss as to why it wasn't already installed. Just what does it recover, anyway - and why did it need recovering - and is it going to need recovering again? If so, when? Do I need to keep it around? Is it 'unintended' bloat-ware? Etc., etc., etc..

Also during the cleaning process, I was instructed to download and use Defogger to disable the CD emulation software, and later to remove Defogger. What I would like know, is whether the emulstion software was re-enabled some other way, whether it needs to be enabled and how to tell if it is enabled. If it is not, do I need to use Defogger to re-enable the emulation software? What should I do if Defogger has an error before finishing?

During the 'extraction', there was a question about whether our wireless system had had it's DNS table hijacked. I tried to get access to find out, but couldn't, even after using the 'defaut' ID & password. Since the default didn't work, I suppose all was OK, but I would really like to gain access to insure all is configured correctly.

In addition, I want to add a switch to my local network so that I can seperate the address of the wired network from the address of the wireless network. Currently, I am using WEP type of security, but I am told that WPA-PSK is better. Is it easy to configure the switch and wireless router as described and what about WEP & WPA-PSK? One possible wrinkle, is that, I need to connect my iPhone to my LAN, plus, from time to time, our daughter & son come over and want to connect. Giving them the WEP code has been a simple way for them to connect, but I don't know about the security issues involved. Can they introduce 'something' to my LAN, and then to my laptop?

These should be good for a start. Can you help me?

Charlie's Aunt

Link to post
Share on other sites

Hi Again -

The first section is the quickest and easiest so I will hit that first -

You need a 'decent' active Antivirus (free or paid) and preferably an active Anti Malware such as Malwarebytes provides -

I have settled on Malwarebytes as an Anti Malware program at less than US$25 for a Lifetime Subscription it is well worth it and fully supported -

As an Antivirus I use the free Microsoft Security Essentials program that updates and scans every day -

With these 2 programs running you should not have any problems with infections in the future -

You can also install an extra Firewall , but I have personally not found this a requirement for me -

M/soft Security Essentials basically includes the company Firewall as a part of the program -

Next -

If this cleaning was through Bleeping Comps or Geeks2Go etc. they should have removed ComboFix, and the other items you mention , at the end -

The Recovery console is a normal part of running Combo Fix and it will not hurt either way if you leave it - I still have it after using Combo Fix-

Defogger is just a tool to make it easier to create the Logs that you would have submitted for your expert to check then it is removed -

Now -

Look at all the programs you have installed and decide if you do need them - If not then remove them - We can help with some uninstallers -

You also need to actively remove items like Temp files (that are not needed) ATF Cleaner is a good tool for this and Defraggler is a good 3rd party defragmenter for helping your system run smoother -

You can use the built in Microsoft Defragmenter and Disk Cleanup items to do similar things - HostsMan is also good for blocking bad advertising etc. -

All the items I have mentioned are listed in my "Live signature" below (and all free) and you access the download areas by clicking on them -

Others may have their own preferred programs to use , and may list them here later , but I have given you a basic download of items and some regular cleanup procedures that are basic to most (all) computers -

Thank You -

Link to post
Share on other sites

noknojon -

Thanks for your opinions.

I think I will follow your recomendations for Malwarebytes & Microsoft Security Essentials. As for the recovery console, just what does it do, or what can I do with it?

I reread my instructions for Defogger and it looks like there is a tab or button on it's home page that will re-enable my emulators, so I will try that. What are the emulators, and what do they do? Why did they have to be disabled?

I've made a shortcut to this page. Everytime I d-click on it, it comes up. However, before it does, a dialogue comes up wanting to know if I want to upgrade to version 8. I'm running version 8.0.6001.18702 (128 bits). How do I get IE to stop?

I've (mostly) gone through my installed software and removed that which I will never use or which doesn't work, or I don't like. Of the remaining software, there are three basic groups:

Group 1 is software I want, but must call explicitly, usually by clicking on an icon (or naming it on a command line);

Group 2 is also software I want, but it either has a part that starts at boot-time - like a print spooler, or it's entire existance is 'invisible' and starts at boot-time.

Group 3 is similar to Group2. The difference is that the 'invisible' portion is undesireable or unnecessary and the CPU cycles are therefore stolen. Usually, the functionality of the program is either marginal or undesired. Usually, these programs are 'snuck in', but can be hard to identify or even be aware they are 'there'.

I know I have Group 3 programs. Except for those that comprise 'infections', I havn't bothered about those in this group. Time for that later. Some of the Group 2 programs could be made into Group 1s. More information about each program is needed, as well as identifying 'problem' processes.

Finding the processes and then linking them to actual applications is the trick. Using Task Manager, I can (sort of) see the heavy users. Using msconfig, I can determine (most of) the software that executes at boot-time. I cannot, however, even connect a process in Task Manager to an application it shows running, let alone processes named in msconfig. The only way I know of identifying CPU hogs is, at best, a trial-and-error process that needs a lot of re-booting for verification.

Also, there are other 'invisible' processes running, but are not seen in msconfig. Where do they come from? Which ones are part of the OS and which are necessary parts of programs and which are not? How do I figure this out in a timely fashion?

One of the reason's I'm here is in the hope that you can help me to learn how to figure all this out.

I try to defrag regularly, but not often. Usually, I get a "you're not fragmented enough - continue anyway?" type of message and exit.

In the past, I've steared clear of 'cleaners'. The ones I've tried, deleted way too many files that were later determined to be required, or turned out to be irreplacable data files (yes, I know about backups..., however, ....). They seem to assume way too much and not give the user as much involement as I would like.

The issues with my network are because I want to make my home LAN more secure, more flexible and, perhaps, even more faster - or at least to understand why.

I'm hoping to reorganize my LAN, using a wired switch and a wireless router, so I can put more security in one place, less in another, and seperate the faster Nics from the slower Nics so they don't slow down the faster ones, plus iron out the WEP WPA-PSK wrinkles, so connecting other computers once in a while is neither difficult nor a security risk, assuming all of that is possible.

Charlie's Aunt

Link to post
Share on other sites

noknojon -

To refer me to an expert is fine with me. It will probably save some time in the long run. :)

2 New issues, which, to my way of thinking, trump those I've previously brought up - for obvious reasons - Ha!

1) Message at bootup: "Pri Master Hard Disk: S.M.A.R.T. Status BAD. Backup & Replace"

2) After downloading and running MS Security Essentials, it found a 'Trojandownloader: win32/Renos.BAO. I'm uploading a .jpg of the screen. I haven't taken any action yet - not a lot of explanation or I ran it too soon. :)

3) Another question: where is the swap file located and what is it's name?

WRT #1) HP computer. How to change HD without XP complaining? Best way to back up (Copy partition to new drive using supplied SW?)? 20G of 120G used, so a 40G drive would work till a larger one can be purchased?

WRT #2) I just finished a clean-up and was w/o AV SW, so refrained from doing 'anything' on line as much as possible, except for downloading MSSE. Malwarbytes (which I ran just before MSSE) didn't find anything, so I ran MSSE. I was surprised that anything was found.

Comments?

Thanks, Charlie's Aunt

post-47434-1280251740_thumb.jpg

Link to post
Share on other sites

To add

1) Message at bootup: "Pri Master Hard Disk: S.M.A.R.T. Status BAD. Backup & Replace"

This is your most important issue at this time.

I am assuming that you made or have recovery/install disks for that computer.

Get a new drive and install windows. Save any important files now before its too late.

Link to post
Share on other sites

Hi there, Guys -

Hope you don't translate my response time as "not very interested" because it takes me a while to reswpond, sometimes.

I figured that the drive 'had some problems'. :) However, I mentioned the situation to you because I was curious about the warning messages that S.M.A.R.T. produces. I can't quote it, but I've seen a less serious warning, so I wondered if there were more. That is, do I have only a few hours, days, or what, of 'steady' running before it screeches to a halt?

I'm asking that (very hard to predict, I know) question because of what I have learned in the last hours.

Somewhere, I learned that changing hard drives under Windows XP and up is a convoluted and frustrating process - and that is when it goes well !!

A new HD is not in the budget, now, but I have some old HDs that would service for while: a 30G Seagate, a 40G Maxtor, and a 80G Western Digital (but I'd rather not use that one - it's almost full). The bad drive is a 120G Western Digital, but only 11G has been used.

In the past (Win98 times), I have been able to backup partitions from one drive to another drive as long as the receiving drive's partition was larger than the source drive's used portion and the source drive had been defragged (which is why I was asking about the remaining life time of the drive).

I understand, that if the partition copy is successful, and I try to boot with that drive, that XP is going to hiccup and tell me I need to reactivate it. I think that process may be handeled over the phone. That is about as much as I have gotten clear. My research gets really murkey from there on in.

The computer is a HP from 2003, twice removed. I obtained it a year ago. It came with all sorts of 'cool' SW, including Office and a CAD program. I had premonitions about this situation, so I called HP and bought the 7-CD set of restore software. However, as I understand it, to use them will bring the computer (with 'new' HD) back to 2003, requiring me to update whatever software (bloatware) that comes on the CD.

Therein lies my consternation. The simple, straightforward path to nirvana results in a near naked pilgrim, while the totally acceptable, well situated, pilgrim arrives in nirvana after a lot of zig-zags, dead-ends, and detours - if he arrives at all. :)

So, what say ye, oh masters of the universe???!!!!

Charlie's really scratching his head..... :)

Charlie's Aunt

Link to post
Share on other sites

Hi Again -

The purpose of S.M.A.R.T. is to warn a user or a system administrator of impending drive failure while there is still time to take action,

Please read This Article . from Wiki about the SMART predictions and the forecasts you can make from the error messages -

I know it seems this is a brief reply, but the Wiki article covers several pages and sub pages - It is better to read the full details there rather than post details -

You can run this CheckDisk scan if you wish (I think you have XP) - Copy and paste the code into Run Box , close all programs including this one -

Click the OK and let it run - This will then reboot and take (on average) 30-60 mins so just leave it to run -

CMD /C ECHO Y|CHKDSK C: /R | SHUTDOWN /R /T 30

Thank You -

Link to post
Share on other sites

noknojon -

Thanks for the link. I checked out the Wiki site and was educated. Basicly, whatever the message is, other than "OK" or "BAD" or some synonym for those, it's meaningless because the message set changes with the manufacturer and/or the Bios - with very little overlap.

Assume the worst, back up the data, at the very least, if not the rest of the drive - that's what I took away.

I ran the CHKDSK code snippet. The computer rebooted and then ran CHKDSK. I watched it for a while, then left to get a snak. When I left, it had completed stage 4 (with no indication of errors found) and was at 90% of stage 5. Upon my return, the computer had rebooted, & still had the S.M.A.R.T. 'BAD' message. I pressed F2 to continue the boot. On the Task Bar was a balloon telling me that there was something waiting to be written to CD - A folder, named "New Folder". I looked in it, but it looked empty.

Other than that, I saw no evidence that the program had run & having not been there when it finished, I don't know what the results were. Are they going to be written to CD?

Now, some details I didn't tell you before. I had been seeing the 'BAD' message for a while, but thought I had a little mote time when, one day, I woke up and the computer wouldn't boot. The message said something about not being able to find some file and told me to use another boot device. I have had errors like that before, but since the "BAD" message had been appearing, I was concerned that the drive had been corrupted or something. I moved it over to Windows 2000 machine I had, as a secondary drive, thinking that if it came up, I would back up the data. It did come up, but first Win2K discovered a problem with it's file system and spen the next 20 minutes 'fixing' it, and forced a reboot. Well, I took it back over to the original computer and booted. It came up! There were 2 error message that 2 calls from my wireless program couldn't find it's .dll file (probably in the bad sector(s) that were found) and a process was running trying to update HP, other than that, I don't see any eratic behavior, other than the "BAD" message.

IT boots, now I can back it up. I'm not sure it I can do a repair - it's been eons since I made a 'back-up Point', I think they are called.

...#1 DO A BACKUP - How? What kind? And once that is done, what then? You advised reinstalling the OS and other software onto another HD. That is really not a problem - I have the HP recovery disks.

I want to avoid that if possible and keep the existing installation of all the software for which there have been no disks for over 10 years - but it's still 'good' stuff and I use it often.

Is there a way to do this? I know I'll have to go through Microsoft at some point, but Rats, all I want to do is change the hard drive!!!

Thanks for your time,

. Charlie's Aunt

Link to post
Share on other sites

Now, some details I didn't tell you before.

On the Task Bar was a balloon telling me that there was something waiting to be written to CD

It is almost time to make a final decision as to your course of action now and only use this unit as required -

Item 1 Thanks :) We may have been concerned your drive was faulty earlier -

Item 2 This may have been left over from an item you wanted to copy earlier and decided not to ?? - From > Right click > Send to CD/DVD ??

Item 3 The Check Disc function would have left a message during the first 4 items usually - No result (sign) is a good result -

Although you want a backup , my ideas would be to save as much installed items to CD or External drive -

A backup on this unit could be done with ERUNT - Details below - Other people may have other ideas

Backup the Registry:

  • Please download ERUNT from here
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say NO to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
  • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

it depends on what type of a restore you do. If you're using the ERUNT method then it will restore the hive and any additions made since the last backup will be lost and it will put it back exactly as it was at the time of the backup.
Link to post
Share on other sites

noknojon

OK, let me run this by you to make sure I understand....

1. I download this ERUNT program.

2. With it, I backup my registry.

3. Then using whatever technique, I copy the entire contents of the bad disk onto a good disk

4. On the good drive, with the ERUNT program, I restore the registry.

5. I remove the bad disk from the computer and attach the good drive as the new boot disk.

6. Rebooting, is no BAD message and the computer is, as it had been before.

7. No more problem with the hard disk.

Does this about cover it? No major steps forgotten or glossed over?

Charlie's Aunt

Link to post
Share on other sites

Hi -

One word - Hopefully - :)

Each unit is a bit different but the basics are the same - We can not do it , just give the basic directions , and I hope that I have done that right -

No one else has jumped over me yet , and it is looked at by many (so far over 350 views) , so I must have the basics OK -

Again if others have more ideas they usually do jump in to help - That is the idea of a full forum -

Link to post
Share on other sites

noknojon

Hi!

Although I didn't mention it (I was hoping you would), I am very concerned about Microsoft's Activation process. Since you didn't mention it maybe I am being overly excited.

I have done some Googling about this issue and the results have been monumental, but my re3ading has not ... :) However, most of what I've seen involves XP determining that the new drive is not the same one which was there the last time it ran. When that happens, some sort of interactive process starts which involves a phone call to Microsoft.

Do you know anything about this?

Charlie's Aunt

Link to post
Share on other sites

The new install is given (from memory) 7-10 days without re registering with M/soft -

On the side of your case should be a sticker for genuine M/soft , with a string of numbers and letters (5 blocks of 5 strings) -

You ring M/soft (usually a free call number is listed on screen for your country) or contact on line , and you quote these strings to the operator -

They then give you a re activation code that you type in and away you go - That is the basics -

I last re installed this a few years back , but it should be the same now -

Link to post
Share on other sites

noknojon -

"On the side of your case should be a sticker for genuine M/soft , with a string of numbers and letters (5 blocks of 5 strings) -"

A-h-hhh!! The all-important case!

OK, and I hope you pardon my repetiveness, but just for grins:

1. I copy the boot partition of the bad drive to the boot partition of the good drive, insuring it is large enough.

2. I get the 'magic 5/5 alpha-numeric string from the M/soft sticker on the case.

3. I attempt to boot.

4 Somewhere between starting to boot and the boot process completing, I will be prompted for some kind of code, with the prompt including a phone number to call.

5. I call the number and when asked, I will give the code of of the sticker on my case.

6. I then will receive a different code.

7. This different code I am to type into the computer in answer to the prompt of before.

8. Upon pressing [ENTER], all will be forgiven and I will be allowed to enter computer-land, never to be bothered again ....

Does this covrer it - or have missed/glossed something over? :rolleyes:

Thanks so much! I'm finally feeling like Dorothy when she could see the big doors of OZ!

Thanks again,

. Charlie's Aunt

P.S. Why, in posts past was the absolute date given, but now all I see is 'yesterday' and 'today'??????

CA

Link to post
Share on other sites

Opps !!!

In my haste to reply, I overlooked something. Rather than explain, I'll just restate the goof-ed up content the way it should have been written :lol:

OK, and I hope you pardon my repetiveness, but just for grins:

01. I download ERUNT and install it Using the default install settings, but NOT to the Start-Up folder.

02. I Start ERUNT (to backup the registry AS IT CURRENTLY EXISTS)

a) I choose a location for the backup, accepting the default location is C:\Windows\ERDNT

:rolleyes: I make sure that at least the first two check boxes are selected.

c) I click on OK

d) I then click on YES to create the folder and ERUNT continues until it completes normally.

03. I copy the boot partition of the bad drive to the boot partition of the good drive, insuring it is large enough.

04. I get the 'magic 5/5 alpha-numeric string from the M/soft sticker on the case.

05. I attempt to boot.

06 Somewhere between starting to boot and the boot process completing, I will be prompted for some kind of code, with the prompt including a phone number to call.

07. I call the number and when asked, I will give the code of of the sticker on my case.

08. I then will receive a different code.

09. This different code I am to type into the computer in answer to the prompt of before.

10. Upon pressing [ENTER], all will be forgiven and I will be allowed to enter computer-land, never to be bothered again ....

Now, here things get a little 'fuzzy' ... and I'm not sure how to proceed....

A) If 'All' is well and good, and I don't perceive any problems, even after having executed several of my 'more important' programs

. 1 Do I really need to restore the registry I backed up, above?

. 2 If I do, will doing so overwrite anything/everything done above to re-activate XP - requiring a second re-activation phone call?

. 3 If I don't, then I'm all done, right?

:lol: If there are problems then I shall write another post rather than engage in a bunch of 'what-ifs'

C) Does this covrer it - or have missed/glossed something over?

Now, I think I've covered all the bases. :lol:

tata, Charlie's Aunt

Link to post
Share on other sites

Greetings :rolleyes:

I had a brief read over your initial post and I have a few comments. First off, it's a good thing you have your HP CD's, you'll need them if you're going to reinstall Windows, but here's an additional "hiccup": the recovery discs most likely will not work on a hard drive that did not come from HP. That's because they use a special OEM only disc that marks the drive as belonging to your system. To get that onto a new drive will require either taking it to a PC shop that is an official repair shop for HP/Compaq computers (such as Best Buy, Fry's etc in the US) or sending the PC to HP directly, the second option will cost a lot and they won't attempt to save any of your data and they will not let you keep your original hard drive. The PC shop is your best bet.

As for when the drive will fail, there's no telling, it could be in the next 10 minutes or 2 years from now. Drives are tricky like that, that's why it's always advisable to backup your data.

You may be able to use a tool such as Macrium Reflect to create an image of your hard drive to put the image on another drive as illustrated in this guide, but again, no guarantees that it will work, but if it does, your activation of Windows should go fine as long as the hard drive is the only thing you've changed.

With regards to WEP vs WPA, WPA is always recommended because it's far more secure, particularly WPA2 if your router supports it. The reason being, there exist hack tools that can crack any form of standard WEP encryption in a matter of seconds and WPA in a matter of minutes, but I've not yet seen any capable of cracking WPA2.

With regards to infections spreading to your laptop from other PC's on your network, there are ways to guard against it, the best of which is installing a good software firewall on your computer, which brings me to the issue of protection software, something you also asked about.

Since you specifically said you prefer effectiveness vs ease of use (the same preference that I have), I recommend Kaspersky Internet Security. It offers an antivirus and firewall and is very effective. It combined with a license for the paid version of Malwarebytes' Anti-Malware should keep most if not all threats off of your PC. It's user interface does take some getting used to but it is incredibly effective. The official support forum for this product can be found here

If Macrium Reflect doesn't work and you do end up having to reinstall Windows using your recovery discs, you will indeed have to remove all the preinstalled software that you don't want installed unfortunately and then update everything and reinstall the software you do want to have installed that didn't come with the computer.

I hope that answers it all for you.

Link to post
Share on other sites

Just for Info: I have the registered version of Macrium Reflect and along with the Linux and BartPE bootable CD/USB -creating file you also get a WinPE one.

Currently they supply version 2.1 and is perfectly adequate for XP and Vista restores but isn't included with the free edition).

"...just my two cents' worth..."

Link to post
Share on other sites

FWIW: I have the registered version of Macrium Reflect and, amongst other things, along with the Linux and BartPE CD/USB key-creating facility you also get a WinPE disc-creating file (currently they supply version 2.1 and is perfectly adequate for XP and Vista restores but not available with the free edition).

I've used it to do a complete C:\ restore on two occasions and it worked without fail for me.

"...just my two cents' worth..."

The free version lets you create a bootable Linux disc, which you can then use to restore your backed up partition. It's what I use to manage/restore my partitions on my multi-boot setup on my laptop.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.