Process explorer is good to get a feel for what is going on, then regmon to see what is actually happening. Autoruns is great for the initial check as well, especially if you filter off all the MS entries.
For the registry clean up this can either be done by hand, or for a simple safe clean then use either spybot and ccleaner for a basic clean. Mike -----Original Message----- From: HELP_PC [mailto:[email protected]] Sent: 07 March 2009 13:54 To: NT System Admin Issues Subject: R: Antivirus Which registry opimizer did you use ? And Sysinternals Process Explorer ?(Or/and autoruns) GuidoElia HELPPC -----Messaggio originale----- Da: Michael Hoffman [mailto:[email protected]] Inviato: sabato 7 marzo 2009 11.18 A: NT System Admin Issues Oggetto: RE: Antivirus We tend to use the Norton product exclusively for end users as unlike some other products they are less likely to turn it off. We switched over to the 2009 product in October when it was launched and it does work really well. One issue it does not address is the cleanup after a partial infection - especially of malware with random name generation. The main cause of machine slowdown with viruses is that when the virus infects it populates the operating system menus with shortcuts and fills the registry with random hooks to reload. If a machine is cleaned of the virus with these hooks remaining then the system goes slow. I have seen machines doing a DNS lookup and timing out every time you right-click on explorer. When a machine is in this state then the registry optimiser programs actually make a difference as they cause the machine to fail more quickly and this speeds it up - not really a fix, but a solution that can be seen to work and appears correct. The best solution to this is to use the sysinternals tools to look for all file access and remove references as appropriate. We were repairing a machine last week with Norton 360, McAfee, Avast and ZoneAlarm on, as well as a few viruses - no wonder the ip stack was messed up! Even after a full uninstall of the other programs there were references to all sorts of dll's in the registry which no longer existed. Fix the registry and the machine can perform like a fresh install. Mike [email protected] -----Original Message----- From: Phil Brutsche [mailto:[email protected]] Sent: 07 March 2009 05:51 To: NT System Admin Issues Subject: Re: Antivirus +1 on that, I've got a number of sites that haven't had AV for years, and to this day have never had a malware problem. lists wrote: > One of the best protections against virus/spame/malware is to ensure > that users are not local administrators. -- Phil Brutsche [email protected] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
