I'm having a problem with my wife's computer.
When it is running, all computers on the WIFI/DSL Lite network run slow (0.04Mbps). Turning her computer off or turning the WiFi network off on her computer solves the problem on the other computers, we're back to normal DSL Lite speed (±1.3 M depending on time of day). IMO This definitely isolates the problem to her computer.
Her computer also runs dreadfully slow on non-Internet apps, but when I turn off the WiFi so that it is not accessing the Internet, it runs at normal speed. (I have her WIFI network permanently turned off until this problem is fixed.)
I ran both an AV and Malwarebytes scan and they show no problems.
I restored her hard drive to a point before when she was having a problem. This seemed to fix it for about a half hour, then it went back to it's slow state. (I always thought an Acronis disk image would solve all problems, but I guess it doesn't.)
I might try an earlier image thinking that the kit may have been asleep on the HD for a while before activating (wild guess on my behalf). Does this make sense?
Googling around on the net, I'm beginning to suspect a rootkit. Note: I'm not a computer guru, I get along with them, but am completely self taught; That means I don't know what I don't know and don't know what I might need to know (if you know what I mean).
So I downloaded RootKit Removal apps by Kaspersky, McAfee, and Malwarebytes (beta) and am wondering what may be the safest and easiest for a non-guru and best tool for detecting and/or removing a Root Kit if that's what her problem is. (I'm extremely shy about the Malwarebytes tool, because it is Beta and there is a big disclaimer basically saying that if it screws up your computer to the point where it is a doorstop, tough luck.)
Is there a better one out there?
This is unsettling because Leilani is careful and she doesn't open attachments or go to weird sites. That suggests to me that anyone can get hit with a kit. We also went to one of my working computers and changed her important passwords.
Thanks,
Bob
I would DL and use these in this order:
1-RKill -
http://www.bleepingcomputer.com/download/rkill/make sure that you choose RKill. RKill means Root Kill and it works better than Malwarebytes root kill.
2-AdwCleaner -
http://www.bleepingcomputer.com/download/adwcleaner/This finds things that Malwarebytes can miss.
3- Malwarebytes - not the beta version
https://www.malwarebytes.com/mwb-download/4- your anti-virus
I have had to use these free programs on a couple of friends computers and they cleaned them perfectly.
The safest way to make a backup is to use a Acronis boot disk. But if the computer is infected then Acronis will copy the infection. I run RKill, Malwarebytes and Defender prior to backing up. I only add AdwCleaner if I am having a problem.
Good luck.
Thanks Mario.
I have Malwarebytes premium, the beta is their root killer tool.
On my way to Leilani's computer.
It's learning time.
Bob
Update:
RKill, AdwCleaner, found nothing. I also ran Kaspersky TDSSKillar and McAfee rootkitremover and they found nothing.
The regular MalwareBytes Premium shows no problems and I'm doing a deep AV Scan. Last night it showed nothing.
So perhaps it's a hardware problem? The network card? Just a wild guess. Looks like we will take it in on Monday.
This is actually comforting to us. We practice safe computing. A hardware problem would be better than malware.
Thanks again.
Bob
Take a look at your wireless settings, maybe something has changed like the baud rate or the packet size.
If you have an USB wireless you can plug that in and see what happens.
Good luck.
If the problem is slow speed while using the wireless Internet, reboot your router.
No USB wireless.
I reverted to a disk image pre-problem so the wireless settings shouldn't have changed, but I'll re-check.
And the first thing I do when I get Internet trouble is reboot the modem and the router.
Thanks again,
Bob
Took it to the shop today. Gave it a good try by I'm in over my head. All the data is backed up on an external drive so no matter what the outcome is, nothing will be lost except some money.
Thanks again for all your suggestions.
Notes
It is wise to know and respect your limits.
Discretion is the better part of valor (or something like that).
Solved.
The PC repairman said that Leilani's computer was a victim of Microsoft's Decentralized distribution of the Windows Anniversary update.
The way I understand it is that instead of downloading the update to everybody from centralized Microsoft servers, it downloads to customers computers and then uses their computer to be a host to distribute the update to other computers. Normally this isn't a problem, but the Anniversary Update is over 2 gigs, and we don't have the bandwidth for that.
We live too far away from the end of the fiber optics to get real DSL, so we are stuck with DSL-Lite which maxes out at about 1.3M (they quote 1.25). Leilani's computer was trying to redistribute the Anniversary Update to a few other computers on the 'net, and saturated the resources of our DSL connection and her computer. Robert, the computer guy turned that off and it's working fine again.
The good news is there wasn't a root kit, and there was nothing wrong with her computer, just an unlucky draw from Microsoft's decentralized distribution.
Now, the way I see it is, Microsoft owes us $85 for an hour of emergency service repair work.
Notes
I am beginning to hate Windows 10's "you must do it may way" attitude. I am very seriously thinking about going to Linux for our Internet computers.
OK... I just had to login to ask the question... has anyone heard about this "Microsoft's Decentralized distribution" practice in the news? Obviously Notes' PC repairman knew about it, but I haven't seen any news articles about this. If you have a link to such an article I would appreciate seeing it. All I can say is wow... I'm glad I use Linux for the Internet!
I knew it was a technique they planned to use, yes. But I have not seen any coverage of any difficulty. One would think CNET would be all over this.
There's another aspect for music producers: how about if my PC decides to share something when I'm trying to record, or mix, or do something music-related that is computer-intensive?
When I installed Win 10 one of the options under the custom install was to not use the computer to export updates. I am going to try and find this option, if it still exists, hopefully later today. One of windows tricks is to reverse some of your settings!
My music computer is off line except when needed for updates. When I do update something I also update Defender, Ccleaner and Anti-maywarebytes. I disable my Ethernet card and immediately run those programs. I have shut off Win 10 Pro updates also. I will update Win 10 when I need to update Win 10!
I also disable Defender. Win 10 insists that it be one so I have to disable it again in a day or two. What a PITA!
I knew it was a technique they planned to use, yes. But I have not seen any coverage of any difficulty. One would think CNET would be all over this.
So did I. I think there's little coverage about this because it's rarely an issue but for those like Notes it's a "wow" for sure. Nothing is perfect, MS is dealing with hundreds of millions of systems and that number is growing every day and it's obviously cost effective to piggyback user's systems to push the updates out. Yeah, I know but they did give away well over a hundred million Win 10 OS's and the vast majority of those have fast enough internet. All I can say is nothing is truly free. An automatic solution could be to have the system detect the internet speed and bypass that specific computer for this. This is yet another example of what I've been saying for years.
You gotta be an informed computer nerd in the modern world.
Bob
I do pity those folks on metered internet connections that got notices from their provider that they exceeded their bandwidth because unknown to them, Microsoft was using their connection to distribute Windows to other users.
I do pity those folks on metered internet connections that got notices from their provider that they exceeded their bandwidth because unknown to them, Microsoft was using their connection to distribute Windows to other users.
Yep, that seems pretty rough! You'd think there would be a big, glaring notice that you were signing your computer up to this, wouldn't you? Plus repeated check-ins every, say, gigabyte that you uploaded, asking if you wished to continue functioning as a peer-to-peer distribution node. So weird.
To turn this update sharing off got to settings/update and security/Windows update/advanced options/ choose how updates are delivered and turn it off. This will stop the sharing of your updates and apps to others.
Applied to my other computers. Thanks Mario.
Win10, Apple, and Chrome all seem to be invasive OSs, the price we pay for not shelling out update dollars.
The problem with Linux is many of the apps that I rely on every day won't work on it.
So IMO it's just something we have to live with and adapt to.
Notes