Since yesterday, my 6+ year old T400 running Windows 7 has become ultra slow, to the point that it's essentially unusable. I'm fairly savvy with computers and tech and am not sure what's going on - I've never experienced anything like this before. I haven't downloaded anything weird, and did a malware bytes scan and Panada antivirus scan, and neither found anything. My CPU usage is constantly at 100% on both cores.

Even when restarting the machine and trying to open an explorer window, there is an approx 60 second lag. Even closing the window is super laggy. Trying to open the start menu or anything on the system tray also takes forever.

Does anyone know where I might start to try and fix this? It's really weird, I haven't downloaded or installed anything weird in recent days. The only thing that's changed is that I've put a new cable modem (was refurbished) and wireless router on my network.

Your hard drive is probably at the shit the bed mode. Usually what causes most lag. I swapped out from a HDD to a SSD on my 6 year old tower. You can't beat a 20 second start up from off to functioning

The CPU usage doesn't normally indicate a hard drive failing.

Check Task Manager for the process that's using all of the CPU.

TIP: Click on CPU in Task Manager to toggle the process usage.

Also...

See how it runs in Safe Mode, and run Hitman Pro and Combofix in Safe Mode.

Note: Uncheck Tracking Cookie detection in Hitman Pro.

Originally posted by HomespunLobster
Your hard drive is probably at the shit the bed mode. Usually what causes most lag. I swapped out from a HDD to a SSD on my 6 year old tower. You can't beat a 20 second start up from off to functioning

Thanks for the advice, but I don't think that's the problem as it's 2 year old Samsung SSD.

Originally posted by Seth1968
The CPU usage doesn't normally indicate a hard drive failing.

Check Task Manager for the process that's using all of the CPU.

TIP: Click on CPU in Task Manager to toggle the process usage.

Yea, when I did that, I saw PSANHost.exe was using like 50%. That's the Panda antivirus process. When I disable Panda, the system runs better. But why would Panada all of a sudden kill my computer?

Originally posted by Seth1968
Also...

See how it runs in Safe Mode, and run Hitman Pro and Combofix in Safe Mode.

Note: Uncheck Tracking Cookie detection in Hitman Pro.

Thanks, I'm currently in safe mode doing another Panda and malware bytes scan, will also run the programs you suggested.

Originally posted by FixedGear


Yea, when I did that, I saw PSANHost.exe was using like 50%. That's the Panda antivirus process. When I disable Panda, the system runs better. But why would Panada all of a sudden kill my computer?

An update to Panda most likely.

Anyway, antivirus programs are basically useless, and often cause more harm than good. Even Symantec admits it:

https://www.theguardian.com/technology/2014/may/06/antivirus-software-fails-catch-attacks-security-expert-symantec

An infection may be causing Panda to go haywire, but it's most likely Panda itself.

Like I see with numerous clients (literally 100s).... the only virus/bug cleaning programs worth keeping on your PC are:

ESET or Malwarebytes

All others:

a) fail to detect bugs,
b) use up far too much system resources
c) intrude far too much on regular use (popups, etc.)

In your case, boot into safe mode with networking, turn on the Windows install process, and download/run a FULL scan of the system with the above two programs.

Link to safe mode install

http://www.thewindowsclub.com/make-windows-installer-work-in-safe-mode

Originally posted by Seth1968

Anyway, antivirus programs are basically useless, and often cause more harm than good. Even Symantec admits it:



Of course Symantec would say this because Norton is a giant piece of money wasting shit. Ive seen dozens of PCs where, once Norton was removed, start acting normally (eg. WSUS was not working,
thx to Norton).

Eset and MalwareBytes used to be my main tools. That is until I started using Hitman.

And no, I'm not talking about benign remnants or cookies.

Originally posted by revelations


Of course Symantec would say this because Norton is a giant piece of money wasting shit. Ive seen dozens of PCs where, once Norton was removed, start acting normally (eg. WSUS was not working,
thx to Norton).

That can be said for almost all antivirus programs.

Bottom line is that antivirus programs have little to do with whether or not a computer gets infected. There are many reasons why this is so, but the most of which is knowing what's safe or not safe to click on.

Most estimates among my security peers place antivirus software around 35% effectiveness, but we all still use it. No single mitigating control is 100% effective and good security is all about layers of controls. Even with a distaste for antivirus, it's irresponsible not to include antivirus software as part of endpoint hardening and a component of your security infrastructure, even in a home environment.

Originally posted by carson blocks
good security is all about layers of controls.

More BS.

That's only a small part of security.

Any hacker worth their wait can get buy any "security".

Originally posted by Seth1968


More BS.

That's only a small part of security.

Any hacker worth their wait can get buy any "security".

How is it BS? Security is absolutely all about layers of controls, and precisely for the reason you state. Of course any control can be defeated, that's exactly why we have layers of controls.

P.S. You're not talking to an amateur hobbyist here..

I'm going to continue running an AV, what is a good free one (besides Panda)?

Originally posted by Seth1968


More BS.

That's only a small part of security.

Any hacker worth their wait can get buy any "security".
no it isn't BS. Every heard of the swiss cheese analogy? look at 1 slice of swiss cheese and you will clearly see it has holes in it. now stack a few layers on top of each other and you will see how all the holes are plugged.

that's how computer security works.

Originally posted by FixedGear
I'm going to continue running an AV, what is a good free one (besides Panda)?

It's a tough question as many AV products shine in one area and fall behind in another. Opinions are like assholes and most 'computer guys' shout loudly that their favourite product is the only answer. In reality, it depends on what features are most important to you, and what your threat vectors are. An untrained, non-internet savvy home user may need more protection from malicious URL filtering, phishing protection etc. A 'power user' may be willing to give up those protections for a little more speed. Some software packages simply don't work well with certain AV packages.

Since any opinions I'd give would be biased, here's a fairly decent and recent chart I found comparing the free options.

http://www.pcmag.com/article2/0,2817,2388652,00.asp

I personally use the MS provided Windows Defender, which is absolutely not the best product out there, and is a choice that so called experts like Seth will undoubtedly shit on, but my primary concern is speed and lack of intrusiveness. As it doesn't even make the list, I hesitate to recommend others do the same, but it works for me. In my corporate environments, the choice is often either Symantec or McAfee, again not because they're the best products (they're absolutely not), but because they're common enough that vendors of specialty industrial control software will certify their products as compatible with one or both of those major AV packages. There really is no 'best', it's all about trade-offs and being fit-for-purpose for your particular needs.

More important than what software you use, is that you use something from a reputable vendor, keep it updated, keep your OS patched, and pay attention to what you're doing while using the PC.

Originally posted by Seth1968


More BS.

That's only a small part of security.

Any hacker worth their wait can get buy any "security".

I invite you to try to do a pen test on a network if you like.

Yes, the ones with government-level support (router backdoor) and those who are determined enough will, eventually, break into a system but a good, tiered, setup will protect you from the vast majority of issues.

Assumed 35% measured A/V effectiveness is still better that 0%.

^thanks for the advice. I was actually using a mess up until someone told me how bad it sucks, and convince me to switch to Panda. This was about a year or two ago.

Didn't read entire thread, but open up your event viewer and look for disk errors. If you see any, it's the drive...

well weird, after running malwarebytes, panda, hitmanpro and combofix in safe mode (with nothing found from any of those), and rebooting, the system is running fine. :rofl: and I did reboot several times this morning, so not sure what is going on.

I had forgotten about this thread until Hero referred to it his new "FFS!" thread lol.

So of course, I feel obliged to continue.


Originally posted by carson blocks
Most estimates among my security peers place antivirus software around 35% effectiveness, but we all still use it. No single mitigating control is 100% effective and good security is all about layers of controls.

So let's go...

1) Antivirus programs rely on definition comparisons. Unfortunately, the bad guys are privy to this:rofl:, so they just quickly change the definition and they're in. Security companies can't keep up with these variants.

2) Security companies then try to go after the bad guys via heuristics. Which of course leads to false positives which brick the computer.

3) Most infections are now PUPs, to which security programs can't legally remove. In other words, your antivirus can't remove them lest they be sued. Examples, Registry cleaner, Optimizer Pro, Driver Update, etc.

4) Whatever antivirus program you use, and even worse, the whole update everything is useless and often detrimental.

You don't fix what isn't broke, and education is BY FAR the key to security. The whole layered approach is old school.

I'll start with fake Java and Flash updates, as those are the top contenders to which computers are infected. Of those fakes, security software is clueless.

Originally posted by Seth1968
I had forgotten about this thread until Hero referred to it his new "FFS!" thread lol.

So of course, I feel obliged to continue.



So let's go...

1) Antivirus programs rely on definition comparisons. Unfortunately, the bad guys are privy to this:rofl:, so they just quickly change the definition and they're in. Security companies can't keep up with these variants.

2) Security companies then try to go after the bad guys via heuristics. Which of course leads to false positives which brick the computer.

3) Most infections are now PUPs, to which security programs can't legally remove. In other words, your antivirus can't remove them lest they be sued. Examples, Registry cleaner, Optimizer Pro, Driver Update, etc.

4) Whatever antivirus program you use, and even worse, the whole update everything is useless and often detrimental.

You don't fix what isn't broke, and education is BY FAR the key to security. The whole layered approach is old school.

I'll start with fake Java and Flash updates, as those are the top contenders to which computers are infected. Of those fakes, security software is clueless.

Have you ever worked on systems in a large corporate environment? You will never be able to educate typical workers to be savvy with PCs when most of them hate to use the thing.

Again, as mentioned above, tiered approach to security.

I can just imagine the manager/CIOs face if I went to them after a serious infection spread around their network and told them that "we dont need A/V because a PC magazine said they are only 30% effective".

As an aside, ESET found, on average 68% of zero day attacks. So there are some good AVs out there that can think AHEAD.

i didn't read any of the other replies, but any time this happens at work, it's 99% because someone mashed in one of the USB ports and one of the pins is grounded on the shielding.

Check disk space. Also check your Windows/Logs/CBS folder.

I had a strange similar situation once, turned out to be the power supply, odd.

Originally posted by Seth1968
I had forgotten about this thread until Hero referred to it his new "FFS!" thread lol.

So of course, I feel obliged to continue.



So let's go...

1) Antivirus programs rely on definition comparisons. Unfortunately, the bad guys are privy to this:rofl:, so they just quickly change the definition and they're in. Security companies can't keep up with these variants.


Sure, no one EVER claimed they were 100% effective. Like I said, 35% at best. That said, 35% is better than zero, and did you know, most infections are actually against OLD viruses that have definitions and patches available, that people haven't bothered applying. That's why it's just ONE LAYER, not a magic bullet.


Originally posted by Seth1968

2) Security companies then try to go after the bad guys via heuristics. Which of course leads to false positives which brick the computer.

It's been many, many years since I've seen a heuristic false positive 'brick' a computer, but any decent security admin understands his data flows and how his critical programs work, and writes exceptions accordingly.


Originally posted by Seth1968
3) Most infections are now PUPs, to which security programs can't legally remove. In other words, your antivirus can't remove them lest they be sued. Examples, Registry cleaner, Optimizer Pro, Driver Update, etc.

AV programs can't wash and wax my car either. Doesn't mean they don't have their place, and aren't a small but essential part of an effective layered security model.


Originally posted by Seth1968


4) Whatever antivirus program you use, and even worse, the whole update everything is useless and often detrimental.


That's a very outdated way of looking at things. If you choose the correct AV software for your situation and configure it correctly, you can definitely increase security without compromising usability. Note I said INCREASE, not GUARANTEE.

I have been in charge of managed AV on thousands of hosts, including those running critical process control infrastructure in safety critical applications. It can be done safely and effectively, you just have to do it correctly.


Originally posted by Seth1968

You don't fix what isn't broke,
Absolute bullshit, and shows you haven' t put any time in to learning security. Staying on top of vulnerabilities and being PROACTIVE instead of being REACTIVE is how you improve security.


Originally posted by Seth1968
and education is BY FAR the key to security.

Possibly the first intelligent thing you've said in this thread. Education is absolutely the key, and one of the strongest layers in a layered approach to security. That said, even the best trained people fail, and still remain the weakest link in security, which is why we have the other controls in place.


Originally posted by Seth1968

The whole layered approach is old school.


Here is where you're either so wrong you shouldn't be allowed near computers, or you completely misunderstand what the layered approach means. I'll give you the benefit of the doubt here and assume you just misunderstand a layered security model, rather than that you're trying to convince me all the worlds top security researchers, schools, and certification organizations are completely wrong.

Layering is realizing that no single control is anywhere near 100% effective (which you must realize as you hate on AV), so we put in multiple controls to reduce the likelihood of a threat being effective. That's it. If you disagree with that, you're in serious need of an education.

Think about the typical home customer you likely work with. Their security usually includes an edge device firewall and NAT router, a endpoint software firewall (Windows FW even), an AV program (again even Defender/Essentials), etc. That's layering. None of those controls are anywhere near effective and as you've pointed out, a skilled hacker/pentester can get past any of them, but with all of them, we've INCREASED security. Let's not even get in to the layers of security in the PC and OS itself.

Security is never something you achieve entirely. It isn't a checkbox. It's constant improvement, it's doing better than you did yesterday, and looking at all levels of the system, from the user (like you mentioned) all the way up to the edge of the network (and beyond). Because none of the controls is 100% effective, do you propose we put none of them in place?

Let's simplify and look at physical security. My door lock is probably only 25% effective and it definitely does slow my access to my house. Does that mean I don't put that preventive control in place? No. I still lock my door because it INCREASES security, not because it GUARANTEES it. My cameras can be easily defeated, but I still have them as a detective control, and more importantly for me, as a deterrent control as it INCREASES security. My alarm system is far from bulletproof, but it INCREASES security. The dog can be shot or bribed with meat, but he INCREASES security. This is a simple explanation of a layered security model that doesn't make my house impossible to break in to by any means, but makes it harder, and makes it less attractive, and that's it.

I might not be explaining myself well enough for you to understand, but trust I do know what I'm talking about. Security is my business, and I hold multiple high end security certifications and have solid career experience securing some very critical assets.

It seems like you work in IT, or at least dabble in home computer repair etc and have some interest, so I would like to strongly suggest you strengthen this area of your IT knowledge. I highly recommend CBT nuggets as affordable, approachable, easily understood training. You aren't ready for CISSP or anything, but at least start with their Security+ course to get your basics up to speed.

Edit: I don't want to sound like I'm shitting on you too much. From your posts here, it looks like you've got some good knowledge about Windows hosts, and on specific tools and software packages to remove viruses and solve problems. Where I'm suggesting you need improvement is understanding the big picture of security. I think you'd find the training I suggested both personally and professionally rewarding.

In all these threads it always sounds like people are professionals and Seth is a learn at home guy.

Sidetracking:

Ran malwarebytes, it removed a few things.
Now when the computer starts up there's a runDLL error for DimplingEmbroidery.dll
Nothing comes up on google for that. Other than disabling startup programs 1 by 1 through msconfig and doing restart, is there another way to diagnose?

Originally posted by jwslam
Sidetracking:

Ran malwarebytes, it removed a few things.
Now when the computer starts up there's a runDLL error for DimplingEmbroidery.dll
Nothing comes up on google for that. Other than disabling startup programs 1 by 1 through msconfig and doing restart, is there another way to diagnose?


That one should be fairly easy to spot.

In msconfig, you will find an entry for rundll32 that is looking for that DimplingEmbroidery.dll file (which is now removed, thus causing the error you see)

So just remove that entry, and you're golden.

^ I believe ccleaner provides a more in depth way to list, disable, and delete start up items, so if you can't find it in msconfig try ccleaner (it also has other warm and fuzzy clean ups).