Computer Moving Extremely Slow

I think it may be bad news.. As I said, I had it happen to me but was lucky enough to have an image backup of my boot drive on my second HD.

If the malware scrambled your drive like it did mine, there’s not much hope for a recovery of anything.

Before you give up completely, follow the instructions on the How to Geek link and if there is any hope maybe you can find it.

I know, it’s a little geeky but that’s the only solution I can come up with before you have to F11 restore..

Give it a try and let me know.
2oG

 

ok

ok, will do. I may have another "ace in the hole" if this doesn't work.

Thanks again!

 

baddassb,

You might not have figured out things have changed. The bad guys have been improving their trade by leaps and bounds while the good guys have not kept up in years. At the end of last year there was a disturbing article published in some tech mag.

He said there were valuable files on the disk. I figure that would be worth $50 (500g disk).

For the last 6 months I have been boning up on security. I wasn't wet behind the ears before but I have been researching about 5-10 hrs every week. Every Tech board I have found (20+ boards) the overwhelming opinion is after you have tried a few different AV scans and don't get satisfaction it is time to re-image or format. Granted most of the techs on some of these boards maintain hundreds or even thousands of computers and can force an image down on a computer with a few clicks. Hopefully when baddassb continues to boot the disk up he isn't destroying the disk further.

The new wave of malware is not found by any scanner. A year ago routines have been posted on hacker boards that allow the malware to change its signature for each computer. Any malware using this is invisible to scanners. Most of these malware are bot nets that infect computers turning them into zombies that work to infect other computers. Many of these new bot nets use VPN to get their orders from their masters. These are extremely sophisticated and may run for years on your computer without detection.

 

HTH,

How

Malware is not magic. What the smart ones do is install/replace a dll or exe with the 'name' of software already installed. They get executed instead of what was supposed to be executed. They usually either pick something in the start up or in the default browser. Being on D: the malware is not called.

I am truly interested to see how you think the malware is executed on D:. The only way is if you purposely click or execute it and baddassbis not that stupid. I am open to know how I am wrong. Then I will learn something new and important other wise you are just an empty barrel.

baddassb,
I would also install the best firewall you can on the new computer. If the malware was a bot-net 'they will be back...' it knows your IP address your OS and what ever it needs to reinfect you. You don't even need to be surfing to be attacked. About 6 months ago I cleaned out my home network of 4 computers. Each cleaned computer got an alert that some outsider wanted to go through the fire wall within 30 minutes of getting started up and connected to the internet. Maybe the ping was benign but I doubt it. I kept getting pinged till I figured out how to permanently block incoming.

 

To be forewarned is to be forearmed… If you know it’s coming… Be prepared!

Here’s Warning #1:
Malware can and sometimes will completely destroy your operating system and you can loose your OS, your programs and all of your precious data.

Here’s Warning #2:
The boot drive is used the most, has the most wear and is nearly always the first to go bad. When a drive crashes, you can loose everything on it.

Here’s the Armor:
Always have a second drive for Data and backups on your computer. It’s cheap insurance.

Move all your Data and Libraries to the Data drive. See here: Move Your Libraries
That way your Data will be safe when the boot drive goes down.

To protect your System and programs use an Imaging program like Acronis or Macrium Reflect (free). You can schedule an image backup to your Data disk. Mine backs up every day and when I have the third week starting I delete the oldest week. Not if but when your drive goes bad you simply replace it and copy the image to the new drive. Or if you get Malware, instead of fighting it, just go back to a time that's clean.

In order not to loose anything from my desktop, I have a shortcut on my desktop to a folder (named desktop safe) on the data drive that I can drag all the icons to and it makes a copy on my data drive so that anything on the desktop won’t be lost in a disaster.

Just a tip from an old Geek that hasn’t lost anything since he lost a years work with a crashed boot drive about 15 years ago. No Mas!

2oG

 

Actually I have NEVER seen either but then I am smart enough to set the bios to the proper disk. Even with a dunderhead who did not set the bios the infected disk will boot. So what! Is is not going to infect other disks. In this case the disk will not even load. Most AVs and the new OSs do not allow autoruns to execute. I think XP was the last OS that allowed autoruns was XP but maybe it was Vista. Who uses Vista? I will have to give you one gold star for the autorun even if the process is improbable.

I still think the process is safe. I wouldn't add the drive till I imaged the new C:.

Old Geek I couldn't agree with you more except I do not image as often as you. I imaged after formatting a disk then installing all the software I would be using but before I connected to the internet. Any software I down load and install after the imaging I keep a copy of the install package on a data drive. The next time I restore the old image I will install any new software since the last image then image again. I want to be certain I have no malware in any of my images. My C: is completely expendable as it needs to be in an age where more and more malware is undetectable.

I sandbox my browser with Sandboxie which is an education in its self. You can see just how much malware gets installed in a few hrs browsing and how it is done. The malware thinks it is installing in the Windows directory not in a sandbox. I have scanned the sandbox and have never gotten a hit. That makes sense because if the malware was known to the scanners it would never have been installed. I use Avast in compatibility mode with the Comodo suite as my primary. Avast has the better real time scanning but Comodo does much better with other types of security. I am surprised how much malware gets installed right under their noses. Because the browser is sandboxed it can and should be 'flushed' after a browsing session.

I only browse under a limited user. If worse comes to worse that user is also expendable.

 

Well, BOOYAH! (hit it out the park) @2oldGeek -- THANK YOU,THANK YOU,THANK YOU. Ubuntu did the job. I originally tried Knoppix but it doesn't seem to like Win7. So, after running Ubuntu,I was able to dig for those desktop files. I moved them to the Documents folder and then proceeded with the Recovery Manager -- further backing up all files to my external drive and restoring system to factory settings. This particular computer's been running McAfee, but before installing McAfee, there were early (ignored) indications that something drastic was imminent.

Hopefully, this will be it and no more important files will be saved to the Desktop. LOL

What are the chances that the backed up files will carry over the monster?

Again, much appreciation to all for the input/advice/suggestions. I'll probably invest in another malware pgm. I have Kaspersky, Avira, AVG, Win Defender, etc... There are so many, i'm never sure which to use.

Thanks ...

 

badassb, you say that "I'll probably invest in another malware pgm. I have Kaspersky, Avira, AVG, Win Defender, etc... There are so many, i'm never sure which to use. "

Do you have all of these running at the same time?

 

No. I have them available for use -- as well as Malwarebytes (which is running simultaneously with McAfee on another computer w/o problems). I'm just not sure which I would use on this newly restored computer. At the moment, I've only installed McAfee because it was using one of three active licenses.


Thx

 

badassb,

That's a relief - I was wondering; AVs usually don't play nice with each other... using one with malwarebytes is good, though. Others to consider are Spybot, and dedicated HOSTS file patches.

As to "What are the chances that the backed up files will carry over the monster?" it's hard to know, but scanning them with each of the tools at your disposal is a first step. There's also virustotal*, but they won't usually scan anything larger than 64Mb.

HTH, and good luck

*sorry, can't post the link, but a search will find it.

 

Great, I was worried that your drive may have been scrambled.
Don't copy any of the programs over, the data files should be OK they don't carry anything over.

I looked over the last HJT log you posted and you do need to clean up some things and change the way some programs load. shoot me a fresh HJT log when you get things back together and I'll help you straighten it up and shoot you a little advice on layered protection. I test AV and malware programs by chasing zeroday badguys in my virtual machine and installing them so I can figure the best way to defeat them.

2oG

 

Well, bad news! So much for my thinking all was well. I restored the computer back to factory settings and ran the HP File Recovery Restore Manager. You suggested to not move any program files -- only data files -- back over, but when HP backs up the files, they're stored in multiple .wim files. The Recovery Manager then combines all these files to recreate the backed up files/folders so it's hard to weed out what i want and dont want to be put back on the computer. All files are then dumped into a special recovery folder on "C". So I moved some of those folders back to their appropriate libraries and BAM! Minutes later, I noticed the exclamation mark on the start menu when it was time to shut down or restart the computer. [Side note: I was noticing this before all went downhill. The computer kept thinking it needed to do updates, which never happened successfully]. So it's happening again. I ran a full scan with McAfee, which found nothing.

Let me back up a moment. Before restoring the computer as a last resort, I tried using the Avira Rescue CD, which found multiple trojans BUT i was unable to follow up and run the antivirus because I could not access the computer to do so -- which caused me to do a total system revamp.

So now, the question is: should I run that Rescue CD again and let it find whatever it found before and then run the antivirus to get rid of whatever is there? Obviously there's a file (or files) that was backed up and restored that's causing this problem. The last time I looked at the computer, it was trying to do an update -- 1 of 125! When that's done and it shuts down, I'm just hoping that it boots up normally. Crazy, huh?

End result: back to square one again!

 

What a kick in the head! I thought you had it.
I really don’t think the Rescue CD would do any good as your recovery should take care of the MBR and there shouldn’t be anything bad in the newly installed system. It is however missing all the updates that have come out since it was put on there by the factory and these will take quite some time to install.
Try restoring again and this time, allow it to update fully then check it out before trying to transfer any data to it. When transferring data back, do it a small amount at a time and check out each transfer before moving on to another one.

2oG

 

So you mean all those detections from the Rescue CD (java script virus, TR/kazy trojan horse, html script virus, etc...) was taken care of with the restoration? ... but something is definitely in one of those backed up files.

ok, i will do as u suggest and take it slow before transferring back any files.

thanks again!

 

every thing on your old system is wiped out by the restore and a new system is placed there.

 

I just remembered that some of those HP recovery's give you a choice of trying to save data... don't use that choice use the full destructive recovery so it wipes out the bad guys that may be left around to haunt you...

 

Under the System Recovery, it gives two options: (1) backup files first or (2) recover w/o backing up files, but doesn't give any option as to what type of files should be backup. Now, I still have the backup files on my external drive from the previous backup. I won't do another backup simply because i think the files will be scatter even more the second time around because of the new directory created during file restoration. I'll just do a recover w/o backing up files and after all updates, try to select start restoring individual folders.

thx...

 

correct. the recovery w/o backup is a destructive recovery and that should do it. fingers crossed