-
Ran Ccleaner, Now It's Slow카테고리 없음 2020. 2. 14. 19:21
NOTE: I forgote to mention and was reminded while watching one of jimmyrcoms videos, that you want to make sure you uncheck 'install yahoo toolbar' or something like that, when your installing.
This is another of those questions that no one specifically asked (though it does come in frequently, in various forms). Rather, this is a scenario that I experienced myself earlier this week.
A friend who has one of my older laptops on loan came to me and told me that it had become slow and that websites like Hotmail and Facebook had stopped working. Sometimes, it wouldn't even connect to the network. My first suspicion was malware, for which I had good cause. You see a couple of weeks earlier, my friend had clicked on one of 'those' links – the ones that come to you as a result of someone else's email account having been hacked.
While it hadn't done anything immediately, it was high on the list of suspects. The machine's working again, so I want to outline the steps that I took to clean it up. They're fairly generic and can be used in many, many situations, but perhaps not all of them are obvious. Back up Regular readers will have seen this coming.
The very first thing that I did was create a backup image of the machine. Yes, this backs up the potentially infected machine.
I do this as a safety net; it establishes a 'can't get any worse than this' point in time. No matter what I do to the machine from this point forward I still have all the original files backed up should they need to be restored. By having a complete image of the system, I can also revert to this state should something I do in the process of 'fixing' it actually end up making things worse. By restoring the backup, I can start over and try again. The technique that I used was perhaps novel, but an important one. I did not boot the machine normally. In fact, I didn't boot the machine from its hard drive at all.
Instead, I booted the machine from a copy of Macrium Reflect rescue media on CD. Most backup programs allow you to create bootable rescue media of some sort, with the intent that when you need to restore a complete disk image, you can boot from that media and perform the restore.
Overlooked is the fact that in many cases (including that of Reflect), the rescue media can also be used to perform a backup. So, that's what I did. I booted from the rescue media, attached an external USB drive, and created a complete image of the laptop's hard drive on that external drive. I then saved that elsewhere, should I ever need it. Turns out I did not, but as I said – it's the ultimate safety net. Windows Defender Offline My next step was to run anti-malware tools on the machine, but ideally once again, without actually booting Windows from the hard drive. There are several bootable anti-malware tools available.
Run Ccleaner Now Windows 10
I selected Windows Defender Offline (formerly known as the Microsoft Standalone System Sweeper). Using another machine, I downloaded a copy and burned it to CD. I booted the laptop from this CD and let Defender perform a complete scan. The reason why booting from something other than the machine itself is so important is that when you boot from an infected hard disk, any malware that may be on it gets the opportunity to execute. That means that it can interfere with anti-malware scans that you perform, sometimes even preventing them. It also gives the malware an opportunity to try and hide from the scanners.
By booting from anything but the possibly infected system, that malware never gets the chance. After the Windows Defender scan came up clean, I felt that booting the machine was somewhat safe. Microsoft Security Essentials With the machine now running Windows XP (SP3, fully up to date), I then made sure that Microsoft Security Essentials was also up to date and ran a complete scan again. It's possible that this is redundant with Windows Defender Offline. They are basically the same technology and quite possibly could be running off the same malware databases. But without absolute confirmation that they would be the same, I simply elected to take the safer route and run a complete scan again. And once again, the scan came up clean.
Malwarebytes Particularly because Windows Defender Offline and Microsoft Security Essentials might have been the same scan run twice, and they were likely to at least be similar, running a scan with a different tool is always a good idea. I often recommend running the free tool. In this case, I took my own advice. I downloaded the latest copy and ran a complete scan. Once again, the scans came up clean. I'll admit part of me liked how this was looking. Rootkit Revealer What distinguishes a rootkit from other forms of malware is its ability to hide.
Load And Run Ccleaner Now
A rootkit actually infiltrates the operating system at a low level and causes the very functions that report the presence of files to 'conveniently' overlook the files that comprise the rootkit itself. The rootkit might live in C: Windows, but listing the files in that folder would simply not list the rootkit's own files by virtue of the rootkit filtering the results. Theoretically, the effects of a rootkit would have been bypassed by having booted Windows Defender Offline from CD. However, when malware is suspect, I'm a big believer in scanning too much rather than not enough.
Is a tool from the same folks at Microsoft that bring you Process Explorer. And it turned up nothing.
At this point, I made the careful assumption that malware was not at play here and moved on to more generic cleanup activities. CCleaner With the browser acting as it had been, it's tempting to just clear the browser cache. In fact, clearing the browser cache is one of our more common answers to assorted questions that come in to Ask Leo!
In this case, however, I wanted to be a little more thorough, so I elected to fire up instead. CCleaner will clear the browser cache, but it'll also clean much more.
The biggest additional offender is often Windows own temporary files folder, but CCleaner actually runs around and cleans up many additional things as well. (Note: I did not use the registry cleaner, only the file cleaner.) I ran CCleaner for two reasons: to hopefully stabilize the browser, of course, but also to prepare for the next step. Defraggler Normally, I'd be tempted to run Windows own disk defragmenting program – and indeed that would probably be sufficient. But I wanted to see just how bad things were, so I chose to run, another free tool from the same people that make CCleaner. Besides having a more informative display (to us geeky types at least ), my sense is that it's slightly more thorough in its defragmenting work. Given that this machine hadn't been defragmented in years, I wanted it to be aggressive, if perhaps time consuming. (If you defrag regularly, then Windows' own defragmenting tool is quite sufficient.) The drive was most definitely severely fragmented when I started.
In addition, the 17 gigabytes still in use on the 60 gigabyte drive was spread out across almost the entire disk surface resulting in lots of disk head movement even for unfragmented files. After defragging, not only were the files contiguous, but they were also clustered together near the beginning of the disk. The result The machine's once again working fine, albeit still a tad pokier than we might want. More on that in a moment. It's booting properly, the browser's working as expected, and Hotmail and Facebook are once again working as well.
We appear to have dodged a bullet with respect to actual malware. The link that had been clicked on was most likely already rendered inoperative by prior victims. It's true that we can never know that the machine isn't still infected, but I feel that the steps taken give us a very high level of confidence that we're clean.
As I mentioned, the machine's still a tad slower than we might like, and I believe I understand why. In cleaning up, I installed additional security software – specifically Malwarebytes – which had not been running before, and is now present constantly. It's very likely that I'll turn that off, leaving day-to-day security in the hands of Microsoft Security Essentials and WinPatrol. The machine is an older Dell Latitude 131L with 2GB of RAM and a 70GB hard drive. The processor is running at 1.6Ghz.
As I said, it's running Windows XP SP3. My belief is that with current versions of OS and security software assuming today's slightly more powerful machines, the addition of one more security program might just be taking it to the boundaries of acceptable performance.
Article - June 28, 2012. I have recommendations for specific products in various places on the site. Here's a short single page summary. The Microsoft Standalone System Sweeper is a standalone, bootable tool from Microsoft that allows you to scan for and remove malware in difficult situations.
CCleaner is a popular and highly regarded tool for cleaning files, history, cookies, and much more from your computer. Macrium Reflect is a full-featured backup program that supports everything that I consider critical to keeping your important data safely backed up. Lord Rayne June 29, 2012 9:00 AM Thank you Leo, you have confirmed that my cleaning exercise is pretty well as you describe but I have one extra step and that is: After running CCleaner, I then open 'EasyClean', click on 'Unnecessary Files' and then 'Find'. EasyClean finds other files that CCleaner seems to bypass and when these have been 'Deleted' I run CCleaner again which effectively empties the Recycle Bin.
EasyCleaner can find up to a further 14Mb to get rid of. Mind you - I still have a couple of sites I cannot get to but that is another work in progress. Was wondering if someone would ask that.
It boils down to a judgement call. In an absolute sense, as I've said before, once infected a machine can't really be trusted even after you think you've removed the malware. In a more practical sense the fix for that is rather extreme (reformat/reinstall). Had I found malware my next steps would have been dictated by the malware found and its visible impact on the system, and the results of my attempts to remove it.
Low impact, quick removal and I would probably have moved forward. Had the removal been problematic, or had the machine still seemed unstable after a removal I probably would have reformatted and reinstalled.
That's why, by the way, I started with a full backup - so that I could reformat/reinstall if I needed to, knowing that everything previously on the machine was saved somewhere. Mark Magill June 29, 2012 3:56 PM @Gwyn: Just an FYI - Yes, a hot computer can slow down significantly. My Dell machine's CPU cooling fan failed recently, and one of my first clues something was seriously wrong (since the computer is on all the time) was very slow performance. After reboot, the system announced the CPU Fan Failure. One of the things that Dells do (and no doubt, others) is start slowing down the processor when the chip's core temperature gets critical to reduce the load and as a result, the temperature.
If your system reports no error on reboot, it would not hurt to open the case and make sure all fans are running. John Ellis June 29, 2012 8:43 PM How in the world, as a somewhat responsible and serious IT-Professional, could you EVER recommend using a P-o-S program such as 'Windows Defender'??? It is an absolutely WORTHLESS P-o-S Program! And on the same line, your recommendation for MS Security Essentials is definately NOT what I would call THE hit! This program has a lot of short-comings! I myself am an IT-Professional, with my own company (the rest is irrelevant), which is why I question some of your 'calls', especially when you 'promote' certain programs; ie: for making a back-up?
Where is the/your neutrality? In my opinion Windows Defender Offline and Microsoft Security Essentials are valid and useful tools.
I know that I'm also not alone in this opinion. I'm not sure what you're referring to with respect to backup programs. I'm most decidedly NOT neutral: I recommend in favor of programs that I believe are good and useful, and don't mention (or occasionally recommend against) programs that I think are bad or harmful - regardless of who makes them or where they come from in either case.
I have opinions and I share them here - you're quite welcome to disregard them (and me) if you feel that they're inappropriate or incorrect. Kevin June 30, 2012 7:38 AM Hi Would like to disagree with Vinod in particular Do know his point but he misses out totally on the basics.
In this particular article Leo is trying to deal with people who have gotten their comp. Into a terrible mess over a year or two. Ergo they are not in the least computer literate. Ergo his approach in my opinion has to be simple and explicit. While not that good at comp's myself I am pretty good at speeding them up, and am sometimes asked to do so. Usually I am quite successful in doing this. My own laptop is 4 1/3 years old and despite using Vista is a lot faster than the day I got it.
While I do have certain modifications from Leo's article, I do in general do more or less the same. I certainly am not going to nitpick at this time. Some people should wise up a bit and stop being so selfish and self knowledgeable. Alphonse July 1, 2012 12:46 PM I have Microsoft Security Essentials on a machine that encountered a problem in June. Microsoft Security Essentials was not on. I couldn’t turn it on.
Windows said it had a serious error and needed to restart after counting down 60 seconds. This happened continuously. I downloaded Windows Defender on another machine and put it on a USB key. I booted up the problem machine from the USB key.
Windows Defender wanted to be updated, which is impossible as it doesn’t include drivers for network access. I called Microsoft PC Safety Dept. They told me if you use Microsoft Security Essentials, you can’t use Windows Defender.
But it will work if you turn off Microsoft Security Essentials 1st. I booted up normally and managed to turn off Microsoft Security Essentials before I got the message saying Windows needed to shut down. I tried again to boot off the USB key and run Windows Defender but was asked again to update it. I called Microsoft back and was told that Windows Defender is outdated anyway, and that I should use Safety Scanner instead. So I am surprised that some people seem to be able to run Windows Defender offline when they have MSE installed on their machine. My experience, confirmed by Microsoft, or at least by an agent of theirs, is that you have to choose one or the other.
Incidentally, I managed to fix this problem by doing a System Restore as a Boot Option. Alphonse July 2, 2012 10:06 AM Thanks. I am using, or trying to use, Windows Defender Offline: downloading it and setting it up on a USK key from a clean machine, booting from it on the problem machine. I’ve just found out that the WDO’s request to be updated and the inability to do so seems to be a known issue: I’m just surprised that others who have commented here don’t seem to have encountered this problem. MoreOff September 25, 2012 12:22 PM Leo, Thanks for the Hint about booting from Macrium Reflect rescue media, I will start doing that with the Recovery CD I made for my old Acronis True Image 10.0 I purchased back in 2007.
Can't be too careful, You know?. Comments on this entry are closed. If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo! If you don't find your answer, head out to to ask your question.
It is a tedious process, no pun intended. You need to let the system settle down into a quiescent state. Then you look at each and every process.
You use google to research each one of those processes. You make note of the ones consuming high amounts of CPU resources. Also look at overall memory usage. If you have 2GB ram, for example, there should be generally no more than 10-20% ram in use right after the system settles down. Just look at the graph. My system has 34 processes, each one accounted for.
And 256mb when the system goes idle. Each computer is different. So these are guidelines. Report back with any anomalies.
Also look at overall memory usage. If you have 2GB ram, for example, there should be generally no more than 10-20% ram in use right after the system settles down. The only thing though is Windows Task Manager can't be relied upon with any confidence to determine how much RAM is actually being used, I often think/know Windows Task Manager is lying.
A freeware memory manager (without using it's RAM flushing) is a quick way to figure out how much RAM is being used and how much is available, and how much of the pagefile is in use and available.