[UPDATED] Slow System, Lag, Crashes, Virus, Spyware? Probable Fix

[Tsurani]

Finally updated!! there are some coding issues but I'll play with them when i have more free time

What you might be experiencing is what we like to call Malware / Spyware / Trojans / bad things, here is a little "How To" to fix those issues. And after you are done scanning your system please Defrag your system; you would be surprised as to how much speed you will pick up.

This "How To" is simply to help folks that might otherwise not be familiar with some of these applications and processes. And none of these programs except the anti-virus run in your background nor do they take up any recourses other than when you run them.

==========================

Make sure you don't have any viruses. Make sure you have an up-to-date virus checker on your system, and *gasp* actually use it once in a while.

If you don't have a virus checker and can't afford to buy one, go to Trend Micro's Free online virus Scanner, House Call: http://housecall.trendmicro.com

Although everyone should have an Antivirus (AV) Scanner and they should update it Daily, if you don't set it up to update automatically you will have to click the Update button.

If you're looking for an excellent AV light on resources NOD32 is for you. You can at least give it a try: http://www.eset.com/home/home.htm

Another Good and FREE scanner is AVG: http://free.grisoft.com/doc/1

Another thing to always do is to keep your system up to date from Microsoft (If it is a "special" copy of XP, uninstall KB892130 from the add/remove section [thanks monsterous2008]) http://update.microsoft.com/microsoftupdate/v6/ .

==========================

Please print out a copy of this overview and use it to check off each step as it is completed.

Throughout this guide you will see it says "post this HijackThis log to xxx" go HERE to get a list of forums that specialize in reading HijackThis logs.

Save this 'checklist' of removal programs you have run, because they will be asking you to provide them with that information when it comes time to post a HijackThis log. Good Luck!


==========================


before running any automatic cleaning programs or scanners, we request that you perform a Reference HijackThis scan and save the results tohijackthisref.log for later posting. This Reference HijackThis log will indicate what infections were present on your system and visible to HijackThis, prior to running any preliminary anti-malware tools. This log serves as an important baseline indicator to the person analyzing your HijackThis log, so be sure to save it properly.

To download and properly install HijackThis:

* Download the HijackThis Installer from Trendmicro by clicking HERE
* Save the HJT Installer to to folder of your choice, then navigate to that folder and double-click HJTInstall.exe to start the installation.
* When the Trend Micro HJT install box appears, click Install.
* HijackThis (HJT) will be installed in the C:\Program Files\Trend Micro\HijackThis folder by default and a desktop shortcut will be created.

To obtain your Reference HijackThis Log:

* Select the Do a system scan and save a logfile option
* HijackThis will analyze your system, and automatically open a notepad textfile containing the HijackThis log when the scan is finished.

To save the Reference HijackThis log:

* You must change the default log filename from hijackthis.log to hijackthisref.log
* The file hijackthisref.log will be saved in the C:\Program Files\Trend Micro\HijackThis folder.
* Make sure you are able to access hijackthisref.log for later posting, before moving on to the next step.

PLEASE DO NOT ATTEMPT TO FIX ANYTHING WITH HIJACKTHIS. MOST OF THE HJT LOG ENTRIES ARE CRITICAL TO THE PROPER FUNCTIONING OF YOUR COMPUTER. REMOVING ESSENTIAL ENTRIES CAN POTENTIALLY CAUSE SERIOUS DAMAGE TO YOUR COMPUTER

==========================

The Control Panel - Add/Remove Programs


The first place to look when attempting to remove spyware/adware threats is in the "Add/Remove Programs" utility in the Control Panel . Many questionable programs are installed into their own program folder, using the customary method provided by WIndows and bear recognizable names. You may find adware/spyware Toolbars (Not the trustworthy ones like Google, MSN, Yahoo or AOL), bogus search aids such as WinTools, or NavHelper (NavExcel), and a variety of other suspect programs.


After a program is uninstalled via "Add/Remove Programs", except in the most difficult cases, any remaining remnants will ordinarily be removed by the scanning programs we recommend. If you are unsure about whether or not to uninstall a specific program, you may find the answer in the

Bleeping Computer Uninstall Database. Another very useful resource is Uninstall Malware via Add/Remove Programs by chaslang.

Some additional spyware databases that may provide you with information about particular threats are The CounterSpy Threat Library and the Computer Associates Spyware Information Center If you cannot arrive at a definitive answer after consulting these resources, then leave the program intact and mention it when you post a reply.

==========================


Please temporarily disable any real time monitoring programs.

Some security programs with active monitoring processes are known to interfere with automatic scanners and can actually prevent HJT fixes from taking effect.

Please turn off or disable any of the following programs you may have, before running your preliminary scans and for the duration of your HJT cleanup (should you post a log). To do disable these programs, please follow the instructions provided in the respective sections. Some of these programs will automatically restart upon reboot, so you will have to repeat these disabling steps as required. After Malware Removal is complete, you should reactivate these protective programs if you do not intend to post a HijackThis log.

Spybot S&D (Teatimer)

• Run Spybot-S&D in Advanced Mode.
  
• If it is not already set to do this Go to the Mode menu select "Advanced Mode"
  
• On the left hand side, Click on Tools
  
• Then click on the Resident Icon in the List
  
• Uncheck "Resident TeaTimer" and OK any prompts.
  
• Restart your computer.

Ad-Aware Ad-Watch

• Right click on the Ad-Watch icon in the system tray.
  
• At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
  Active: This will turn Ad-Watch On\Off without closing it
  Automatic: Suspicious activity will be blocked automatically
  
• Uncheck both of those boxes.

Spywareguard
Right click the running icon of Spywareguard in the system tray to open the program. Then go to Menu, File, and choose Exit. It will automatically restart at next boot.


Windows Defender

• Click on "Tools"
  
• Click on "General Settings"
  
• Scroll down to "Real-time protection options"
  
• Uncheck "Turn on Real-time protection (recommended)"
  
• Click "Save"

TrojanHunter Guard

• Disable TrojanHunter Guard by right clicking on the icon in your System Tray.
  
• Make sure that the program, TrojanHunter itself, is also closed/not running.

Disable SpySweeper

If you have Spy Sweeper version 4:

• Open it, Click Options over on the left, then Program options
  
• Uncheck load at windows startup.
  
• Over to the left, Click shields and Uncheck all there.
  
• Uncheck home page shield.
  
• Uncheck automatically restore default without notification.
  
• Reboot your machine for the changes to take effect before running HJT.

--------------

If you have SpySweeper version 5:


To disable SpySweeper Shields

• Open SpySweeper.
  
• Click Shield Settings on the right

(or Shields on the left, depending what screen you're on).

• Click Internet Explorer and uncheck all items.
  
• Click Windows System and uncheck all items.
  
• Click Hosts File and uncheck all items.
  
• Click Startup Programs and uncheck all items.
  
• Close SpySweeper.

Reboot you computer, and ensure Spy Sweeper is disabled.


WinPatrol
Right-click the running icon of Winpatrol in the system tray and choose exit. It will automatically restart at next boot.


CounterSpy

• Right-click the running icon of CounterSpy in the system tray.
  
• With your mouse, hover over Active Protection Status (This should be enabled).
  
• A menu will slide out and then you need to right click on "Disable Active Protection".

AVG Anti-Spyware (formerly ewido)

• Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an 'S' in the system tray.
  
• In the 'Resident Shield' section, toggle the AVG Anti-Spyware active protection 'off' by clicking 'Change state' which will then change the protection status to 'inactive'.
  
• If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to "Restart the Resident Shield".
  
• Reply 'no' and set it to 'inactive' for the duration of your cleanup.

Spyware Doctor

• From within Spyware Doctor, click the "OnGuard" button on the left side.
  
• Uncheck "Activate OnGuard".

Prevx

• Right click on the Prevx icon in your system tray at the bottom-right corner of your screen and choose Show Management Console..
  
• On the Management Console click the Protection Level drop-down menu. You will see three levels:
  

  Maximum Off User Defined

• To disable all protection set the level to Off. You will receive a prompt asking "You are about to change your security settings. Do you wish to continue?" Click Yes.
  
• Click the X on the upper right hand corner to exit the Management console.

ProcessGuard

• Right-click the blue lock ProcessGuard icon located in the system tray.
  
• Uncheck 'protection enabled'
  
• Click yes.

ZoneAlarm's OS Firewall

• Go to the Program tab, then click "Main".
  
• Press the first "Custom" button from the top.
  
• Uncheck "Enable OS Firewall".
  
• Click OK.

==========================