Multiple computers mysteriously slow down, not traceable to system resource

0

Doesn't that title make me sound like a superstupiduser? I swear it isn't a stupid question.

I'm running into a scenario I haven't encountered before in an organizational peer to peer Windows network. Very informal network, low control, sloppy, some very crappy computers amongst better ones.

In the past few days I have had several reports from various staff that their computers began going ridiculously slow. It is true. Programs will either be totally fine, or going on random timeouts for minutes at a time, with no explanation. I have checked all of the obvious things I know:

  • During these timeouts, there are no processes running up any CPU, extensive or unusual memory usage. In some cases I have a GB or more memory free, no page file, CPU running around 5%.

  • I cannot trace this down to any active virus running, I have quarantined the computers down to the basic system processes as far as I can tell. I don't see any unusual programs running, unless it of course some virus has injected itself into a system process. Killing explorer.exe doesn't affect the timeouts.

  • The speed even seems to extend to boot time when Windows starts up.

Keynote

Now normally, I would automatically attribute this to a hardware problem, such as a failing hard drive.

Look man, your computer is dying. It's terrible. Buy a new one.

However, the organization has had a few viruses that have crept in in the past week that I am stamping out, but these look relatively simple and are easy to kill.

But the main thing that is getting me is this is happening to several computers at once! And some of these computers are not bad at all! It definitely looks like a software-induced problem, however I cannot map it to any rogue processes or anything tangible, to my knowledge.

Question

Is there any way a virus could damage a computer to reproduce the above effects and dramatically slow it down, despite not appearing to use any system resources and without any active process running that I am aware of?

The only thing I could think of would be some program intentionally scrambling or fragmenting the file system so it is forced to work unreasonably hard for a simple task, or some other I/O manipulation. I haven't done too much diagnostics on I/O problems.

Nitty Gritty Details

The versions of windows running vary, though a majority are Windows XP, but this problem also reproduced on a Windows 7 laptop.

On what is timing out, its system-wide timeouts. For example, you press CONTROL-SHIFT-ESCAPE to start task manager, 20 seconds. Now you can move it around fine. And it behave fine. But you press 'Show processes for all users', and that takes 5 minutes. Totally random. It applies to vendor programs (such as office), or normal windows dialogs or programs, regardless of explorer.exe.

dthree

Posted 2014-01-10T04:24:33.503

Reputation: 213

Which versions of windows are in play here? What else is similar between these systems? – Journeyman Geek – 2014-01-10T04:27:32.480

Answered above. So far, XP and Windows 7. What else is similar? Terrible antivirus software, and many out of date. Hence, lots of potential for viruses. – dthree – 2014-01-10T04:28:59.370

Just a point: This laptop (Vaio running Vista) had a problem originally that it would run very slow at times. Finally traced it to some problem with the WiFi adapter -- when the adapter was switched OFF (mechanical switch) the problem would likely occur. And Process Explorer showed no processes running (though CPU would be 50%). Figured out it was a rogue interrupt -- when switched off the WiFi was constantly interrupting the CPU. (So I kept the switch on, and the problem went away when I had to reinstall about 18 months back.) Maybe something is causing a "floating" interrupt line. – Daniel R Hicks – 2014-01-10T04:40:15.297

(Of course, a biggie for causing hangs in general is browsers, but they will always show up as running processes.) – Daniel R Hicks – 2014-01-10T04:42:43.480

(It's worth considering whether everyone with the problem might be accessing the same web app or some such.) – Daniel R Hicks – 2014-01-10T04:44:28.080

Thanks. I updated above on what exactly times out, so I don't think its a browser problem or the like. Your laptop bug is interesting, but i'm not quite sure its the same thing... – dthree – 2014-01-10T04:49:31.770

Could be a virus that has injected itself or attached to some system processes. I have seen a few in the past. Try reinstallation. If it were not for many systems being affected at the same time could also have been hardware problem. – Gaurav Joseph – 2014-01-10T06:17:49.280

@Gaurav Joseph, thanks. Attached to some system processes is what I am thinking, but then I don't see any visible process acitvity causing it to slow down. I am not trying to fix a computer or two - I am trying to find out why this is happening the way it is. – dthree – 2014-01-10T07:01:10.823

If you want to find out try getting some original system files and compare hashes with the ones your system has to find out the affected files and then you could attach debuggers and try to reverse engineer the programs to find out discrepencies. – Gaurav Joseph – 2014-01-10T07:04:19.840

Answers

1

One thing you could try for the XP machines is to disable Windows Update. The algorithm used to calculate updates is exponential time. However you should see the svchost.exe at 100% utilization if this was the case. Trying this however will eliminate yet one more cause. Also, hope you're unplugging all those XP machines from the Internet come April 2014. End-of-life and Microsoft means it this time.

headkase

Posted 2014-01-10T04:24:33.503

Reputation: 1 690

Also, come April too disable Windows Update anyway as once you have the last patches it will serve no purpose other than to waste resources. – headkase – 2014-01-10T06:17:22.573

Down with disabling windows update! Don't think this is it though... – dthree – 2014-01-10T07:01:46.747

0

It sounds like you have already removed viruses, but I am picky about what I use. What exactly did you use to scan the computers? I use Malwarebytes typically. If the virus still seems to persist and you cannot rebuild the system, I would boot to a Kaspersky Live disk and scan with that. Make sure you update Kaspersky before scanning.

What programs are running slow? Do they require network connection? Have you tried re-installing the programs?

I understand that you say that the problem persists through several computers, but these are places I would look despite that.

Another possibility (I know this is most likely not the issue...) is temp files have built up. Have you tried using CCleaner? This is probably the least likely out of my suggestions to fix the issue...

If you say the problem persists across computers, the only thing I could think of in regards to that aspect is that the program that they are using is requiring network connection, whether that be to another computer on the network, a NAS on the network, or the internet. Perhaps this connection is getting bogged down or host machine is having issues.

David

Posted 2014-01-10T04:24:33.503

Reputation: 6 975

Thanks. No its system-wide timeouts. For example, you press CONTROL-SHIFT-ESCAPE to start task manager, 20 seconds. Now you can move it around fine. And it behave fine. But you press 'Show processes for all users', and that takes 5 minutes. Totally random. It applies to vendor programs (such as office), or normal windows dialogs or programs, regardless of explorer.exe. – dthree – 2014-01-10T04:44:06.397

What about the other suggestions? I made several edits... – David – 2014-01-10T04:45:04.623

I'll try CCleaner out, and i'll try a sweep with another antivirus program. I am using a crappy antivirus you may not even have heard of: Vipre. Otherwise, its definitely not network related. – dthree – 2014-01-10T04:48:07.887

Asked: 2014-01-10T04:24:33.503

Viewed: 413 times

Active: 2014-01-10T06:14:03.653