View Single Post
  #3  
Old 30.12.2009, 13:38
drbits's Avatar
drbits drbits is offline
JD English Support (inactive)
 
Join Date: Sep 2009
Location: Physically in Los Angeles, CA, USA
Posts: 4,437
Default Advanced System Cleaning and security software

If you are having trouble with your computer it is as likely to be your security software (or uninstalled software) as it is a virus. This is especially true when things seem fine, except in JDownloader.

Click here for a simpler, but sometimes less effective approach.

This is not for the faint hearted or inexperienced computer user. If you are inexperienced, have somebody reinstall your OS and software, but leave out any security software that did not come with your OS. See below for an Antivirus recommendation.
---------------------------------------------------------------------
Note: This is for Windows. Linux systems work completely differently and programs do not tend to leave pieces around as much. Except in /var, /tmp, /usr/var, /usr/tmp
---------------------------------------------------------------------
Before making any dangerous changes to your computer, set a Restore Point.
Either you can use the "Help and Support" menu (or equivalent for your system) or you can execute the following from the command line:
%SystemRoot%\system32\restore\rstrui.exe
(this probably won't work on 64bit systems and might not work on all versions of Windows).

Note: All system cleaning is dangerous. Set a restore point first. I have been using and programming Windows for over 15 years and am considered something of an expert in programming Windows -- I still set restore points. Backing up your system partition is even better.

If some of the cleaning makes your computer unusable, boot into Safe Mode and use your restore point to back out the change (some versions have a separate boot for restore points).
---------------------------------------------------------------------
The first thing to clean out is any security software that did not come with your operating system. Set a restore point. uninstall the software, reboot, and set another restore point. You can reinstall security software after reading my advice in the next message.

There is a program I suggest you download and install, called ERUNT. It will create a backup of your registry (most of the cleanup changes are just to the registry). It is a good idea to backup your registry now.

Those of us who download a lot tend to install too much. After setting that second restore point is a good time to uninstall anything on your computer you do not need anymore (then reboot and set a restore point).

A lot of software, especially security software leaves device drivers behind. To find these, get properties on "My Computer" and start the "Device Manager". This shows you the physical devices. Now, in the "View" menu, check "Show Hidden Devices". This will show you what is really on your computer. Look for the section called "Non-Plug and Play Devices".

This contains the drivers installed to support software (along with others). There will be a lot of them. Check each to make sure it does not look like part of a program you have uninstalled. You can check the properties to see what company is responsible for it (often left blank). If you ever installed software from Atwil (Avast!), Norton (Symantec), or McAfee, you are likely to see their wreckage.

Disable any that look like they are part of software you have uninstalled. If your ISP does not directly support IPv6 (the newer Internet Protocol), you should also disable TCPIP6.sys (this has a lot of security holes).

If you do not have a server on your local network, you can disable netbt.sys (and disable netbios over TCP in your network devices and your services). This will remove many of the ways that hackers and viruses attack your computer.

If there are no other computers on your local network, go to Network devices and disable "File and printer sharing". Removing NetBT and File and Printer Sharing will block most of Microsoft's security holes.

Then, reboot, check that your browser still works, and set a restore point. You may have to use that earlier restore point if you disabled the wrong thing.

You might notice a significant increase in system speed (up to 50%).

The network part of the operating system puts some of the drivers with the device drivers and some of them are in the "Winsock stack". Use Google to find LSPfix.exe and download the program. This will show you the LSPs (plugins for Windows Sockets). These are used by firewall and and antivirus software to monitor your TCP/IP network traffic. You need the LSPs for TCP/IP, but since you have uninstalled your firewall and antivirus, you can delete the LSPs for them. You should end up with between 4 and 6 LSPs.

Again, reboot and either back-up the registry or set a restore point. Check that your browser still works.

If you have used software from Symantec, go the the Symantec support web site and download the removal tool. This is supposed to remove the files and registry entries for all Symantec products going back several years. Check the support web sites for other antivirus software for removal tools and use them.

After using such tools, reboot, check if your browser still works, and set a restore point. Also backup your registry.

Now that you have cleaned your devices, you need to clean your registry. I use two different tools (both reasonably safe). First, I run the registry cleaner in Comodo System Cleaner (free from comodo.com), then I run the registry cleaner that comes with the free version of Glary Utilities. If you have CCleaner, run that registry cleaner as well. Then reboot, check that your browser still works and make another registry backup.

---------------------------------------------------------------------

You have now succeeded in removing most of the trash left behind by uninstalled programs.

Now, it is time to make sure the operating system files are the correct version. To do this we use the SFC (System File Checker) program. -- Please let me know if it is called something else in your version of Windows.

To run SFC, open a command line (or window) and enter
SFC /SCANONCE
then reboot. You will probably be asked for your system install disk (if your system came with one). This is to load any missing files onto your hard drive. SFC uses a catalog of file names and security hashes to check all of the operating system files and make sure they are not changed. This is very effective at restoring any damage done by various programs and undoing damage from most viruses.

When the system reboots. Set a restore point and backup your registry.

You now have as close to a clean system as you can without reinstalling the OS from scratch.

Last edited by drbits; 30.05.2010 at 05:30. Reason: Comodo changed their product
Reply With Quote