Cleaning and optimizing a Windows computer safely

From Federal Burro of Information
Jump to navigationJump to search

From: http://www.decentsecurity.com/holiday-tasks/ ( the same guys that does @swiftonsecurity )

Decent Security LEARN VISUAL GUIDES ENTERPRISE BLOG ABOUT THIS SITE

Cleaning and optimizing a Windows computer safely

...written by someone who might actually know what they're doing
“Unlike the rest of the site, this is not strictly beginner-level. If you aren’t comfortable with a step, you can skip it.”

This is a guide to maintenance for Windows 7 and higher. Although this isn't a computer disinfection guide, it will remove many viruses and repair their damage. Unlike the rest of the site, this is not strictly beginner-level.

All of these tasks have been performed by me or my scripts across tens, hundreds, or over a thousand computers. These are hard-won lessons. There is nothing unusually risky here, but I won't give you a warranty.

I am not compensated in any way by, nor do I have any personal or business relationships with, the companies I mention on this site. There are no referral links. I don't have any advertising. In fact, I pay someone to host this. You are actually costing me money being here. You should feel bad for doubting my integrity. I bet you spit on people who open doors for you. That's disgusting.

The ORDER of these steps is purposeful. For example - uninstalling some programs, running a temp file clean, and rebooting can leave them in a broken state.

1.) Backup. Backup. Backup.

You think you're too cool. Nothing will go wrong. And if something does, it won't be your fault. But you're still the person who lost all their vacation photos. Which can never ever be replaced. Shhh - don't protest.

Ideally, you will want them to have an external hard drive backup, and a cloud backup solution. External drives are for backing up the entire drive and OS so it can be restored. Cloud backup is so things like CryptoLocker can't wipe all the files. If an external hard drive is plugged in, malware will delete stuff on it. You can't trust them to leave it unplugged.

Specific information will go in another article at a later time. Use the Windows built-in backup (note, super-slow in Win7) for local hard drive or Synchronicity if you want to do files only. For cloud I like BackBlaze.

2.) Physical cleaning

"It's just dust." I used to think that. Heat kills electronic components. Also, computers limit themselves if they aren't being cooled. A literal plug of dust can form behind the heatsink of a laptop. Use canned air - NOT a vacuum. Also, don't spin fans too fast or you'll break them.

3.) Preliminary programs uninstall

This first section is for the more technically-minded. If you aren't sure, reboot and skip to Windows Update Clean.

Start > type "Programs and Features" > Enter From this view, uninstall anything that you know doesn't belong. Read the prompts you get VERY CAREFULLY to make sure you're not agreeing to leave anything behind. If you don't know what doesn't belong or are unsure, don't remove anything. That's okay - we'll address that later.

Reboot before doing anything below. Just do it.

4.) Windows Update clean

Completely clear the Windows Update cache. This is safe. The folder will be regenerated. Often saves a gig.

Start > type "services.msc" > hit Enter. "Background Intelligent Transfer Service" > right click > Stop "Windows Update" > right click > Stop. Delete the folder C:\Windows\SoftwareDistribution. If it won't let you, stop the services again. You do not need to manually start the services at this time.

5.) Windows files clean with cleanmgr.exe

The built-in Windows cleaner was improved via Windows Update in 2013. You can save gigs (sometimes 6GB+) of space cleaning WinSxS, which no other tool can safely touch.

Note: Do not do this on Windows XP.

Start > Type "cleanmgr" > Hit Ctrl+Shift+Enter to run it as Administrator. More Options tab > System Restore and Shadow Copies > Clean up Disk Cleanup tab > Check everything > Hit OK Cleanmgr will just disappear when it's done. You do not need to wait for it, proceed to the next step.

6.) Temp file clean with CCleaner

We will do more intensive stuff later. We want to get to the junkware and virus cleanup as soon as possible.

Download and install CCleaner Free. If you have the money, buy it. They have a good product that doesn't install junk that 99.9% of people use for free. Launch CCleaner Options > Monitoring > Uncheck "Enable system monitoring" > Uncheck "Enable active monitoring" Cleaner > scroll to Advanced > Check "Environment Path." Run a clean When cleanmgr and CCleaner are done, REBOOT.

7.) Fast virus scan

Run even if you already have an antivirus. Simple tools to do quick scan of a computer.

Microsoft Safety Scanner - This is a no-install antivirus in an EXE from Microsoft. Run a quick scan. Takes ~10 minutes. Kaspersky TDSSKiller - This is a no-install rootkit scanner in an EXE. Run a scan. Takes only a few seconds.

8.) Malware/Junkware checkup

Run even if you already have an antivirus, unless you know the machine is clean.

MalwareBytes Anti-Malware is my go-to for automated cleanup of a broader range of malicious software and system changes. The free version only cleans up after infections. If the computer's user is prone to installing junkware, you should consider purchasing Premium. Advanced users only: AdwCleaner is a little-known but very effective way to get rid of various things that hijack a computer. Make sure you click the "Download Now @BleepingComputer" button and not the other ones. Reboot if anything is detected and removed.

If you think the machine is infected, scroll down to "Appendix X: Cloud antivirus checkup" and "Appendix XI: Intensive local antivirus checkup."

9.) Check Windows Update and Firewall

A classic sign of infection damage are if the following settings cannot be enabled or do not work. Fix them.

Start > type "Windows Update" > hit Enter Check for updates. If it doesn't work, make note of that and continue. Start > type "Windows Firewall" > hit Enter Make sure it's on or that it says it's being managed by another program. If you want it left off, at least make sure you can turn it on. If it still doesn't work, make note of that and continue. Start > type "services.msc" > hit Enter Check to see if "Windows Defender" exists. If it doesn't, make note of that and continue. If Windows Update doesn't work, repair it with Microsoft Windows Update FixIt tool. If Windows Firewall doesn't work, repair it with Microsoft Windows Firewall FixIt tool. If Windows Defender is missing, repair it with Microsoft Windows Defender FixIt tool. If any of the above fixes don't work, you can try the Windows services repair tool by Webroot.

10.) Install Windows updates and configure automatic update

If updates fail Step 1 - FixIt

Run the Microsoft Windows Update FixIt tool.

If updates fail Step 2 - System file scan

Start > type "cmd" > hit Ctl+Alt+Enter A black box will appear. Type "sfc /scannow" without the quotes When it finishes, proceed (Win 8+) Type "dism /online /cleanup-image /restorehealth" Reboot when done If updates fail Step 3 - Microsoft tool

Download and install the Microsoft System Update Readiness Tool.

11.) Quick scan with SecureAnywhere System Analyzer

SecureAnywhere System Analyzer by Webroot will do a very fast scan of running processes and important system locations for things marked bad in the "cloud." It triggers on viruses and junkware, and doesn't clean, so you normally want to run it after you've done the initial cleanout of a computer. It's for information only.

12.) Antivirus maintenance

If the existing antivirus is out of subscription or it's an old version, you can remove it at this point. I make it a policy to not publicly endorse any specific antivirus vendor.

If you are running Windows 7, the minimum is Microsoft Security Essentials, but users should consider something better.

If you are running Windows 8.1, you can get by with Windows Defender, included with the OS, which is equivalent to MSE. However, I still recommend you get something better.

13.) Enable SmartScreen (Windows 8 only)

This will check with Microsoft and warn users if they download+run any programs not commonly seen. This will prevent most infections downloaded from fake emails unless the user clicks through the stern warnings.

Start > type "SmartScreen" > click "Change SmartScreen Settings" On the left, click "Change Windows SmartScreen Settings" Select "Get administrator approval" and hit Ok

14.) Browser maintenance

NOTE: This wipes saved forms and passwords.

Internet Explorer

We are going to reset Internet Explorer to default settings. It's not a 100% reset, but it's pretty close. Make sure you have IE11 installed. To be safe, we will backup the bookmarks. Long story.

Backup Internet Explorer favorites Internet Explorer > Press the Alt key > Tools > Internet Options > Advanced > Reset Check "Delete Personal Settings" > Ok Google Chrome

We are going to 100% reset Chrome. I'm not talking about clearing registry keys since that feature only activates on domain-joined (company) PCs.

Export Chrome favorites. Uninstall Google Chrome. Start > type "%LocalAppData%\Google" > hit Enter > Delete the "Chrome" folder Delete the folder C:\Program Files (x86)\Google\Chrome Install Google Chrome with the machine-wide offline installer. You can install it normally, too. I won't go into it. Import Chrome favorites. Firefox

<to be expanded>

15.) Browser configuration

Internet Explorer

It's important you did the complete IE reset earlier, as I'm assuming everything's back to defaults.

Configure Advanced options

Press Alt key > Tools > Internet Options Advanced tab Check: Enable 64-bit processes for Enhanced Protected Mode Enable Enhanced Protected Mode Uncheck Use SSL 3.0 Enable protection of search provider

Press Alt key > Tools > Manage Add-ons Under "Add-on types" select "Search providers" Check "Prevent programs from making changes to my default search provider" Review and modify search providers as you see fit

16.) Install/update apps

17.) Enroll into MAPS

Windows Defender/Windows Security Essentials has a critical "cloud" component to it called MAPS, which used to be called SpyNet. This improves protection considerably. Most users should already be set to MAPS Basic, but while we're in there we're going to set it to MAPS Advanced. There's conflicting information on if MAPS Advanced provides any additional protection.

Start > Search for Windows Defender or Microsoft Security Essentials Settings > MAPS > Advanced Membership Save changes

Below this line is content in development

HijackThis
Process Explorer
Autoruns
TCPView
WinDirStat
RougeKiller (guide)
Junkware Removal Tool

Appendix X: Cloud antivirus checkup

The following programs scan your computer with multiple scan engines. However, the more scan engines, the more possibilities for false-positives.

hertProtect (Portable version is no-install) Hitman Pro (If you do not intend to buy, uninstall when done.)


Automate defragmentation The number one bottleneck on any modern computer is the hard drive. Compared to CPU and RAM, it moves at a geologically slow pace. You could spend a thousand dollars on the best CPU and RAM on the planet. It literally doesn't matter if the hard drive is the bottleneck. Buying an SSD is the solution, but optimizing a spinning hard drive is also possible.

The biggest speed limiter on computers is when the hard drive read head has to reposition itself to find a file. Defragmenting makes sure that files are not split into multiple chunks spread across the disk.

Optimize physical placement of files with MyDefrag The next level of hard drive tuning is optimization, the physical placement of files on the hard drive platter. This is done by putting commonly used files at the outermost part of the disk, which is actually significantly faster to read from, and by putting files associated with each other closer together. Windows has improved over time with its built-in defragging and optimization. However, aging computers can use an intensive tuneup.

MyDefrag is the descendant of JkDefrag. It does not move files itself, it only tells Windows to move them. It is no riskier than Windows' built-in defragmentation tool.


Ninite Intensive virus scans Discuss Java, including how to turn off Ask Toolbar prompts Automate Adobe Flash update Automate Adobe Reader update Automate Windows Update Automate defrag Windows Features http://download.webroot.com/wsvcscan.exe

Send requests or ideas Message *