How To Diagnose a Suddenly Slow Windows Computer? 835
Ensign Taco writes "I'm sure nearly every one of us has had it happen. All of a sudden your Windows PC slows to a crawl for no apparent reason. Yeah, we all like Linux because it doesn't do annoying things like this, but the Windows desktop still reigns supreme in most managed LAN work environments. I'm running XP with 4G of RAM and a decent CPU, and everything was fine, until one day — it wasn't. I've run spybot, antivirus, and looked at proc explorer — no luck. There is no one offending, obvious process. It seems every process decides to spike at once at random intervals. So I'm wondering if there's a few wizards out there that know what to look at. Could this be a very clever virus that doesn't run as a process? Or could this just be some random application error that's causing bad behavior? I've encountered this a few times with Windows PCs, but the solution has always been to just add more hardware. Has anyone ever successfully diagnosed this kind of issue?" And whether such a problem is related to malware or not, what steps would you take next?
Try this (Score:5, Interesting)
Unplug the network cable in the back and see if the problem persists. The network is a common cause of this problem.
Simplest answer (Score:4, Interesting)
Bottom line, if your system has a sudden dramatic change in behavior for no visible reason, wipe your drive and reinstall windows. There are nasty things now that don't show up as a process, mearly using the windows kernel to spawn another thread to do whatever it wants.
Backup your data and do the safest thing. I usually run windows inside VirtualPC which means only using it for the programs that *require* windows, not for general browsing and stuff.
How To Diagnose a Suddenly Slow Windows Computer (Score:2, Interesting)
Re:EASY ANSWER (Score:3, Interesting)
I do not see this as easy when You deal with a bunch of RAID drives or similar setup, but booting something small (COUGH deamn small linux COUGH some disk test/recovery distribution) from CD and running it straight in memory may also help a lot in diagnosing a problem.
Just last week we had a 22 out of 22 Windows in one network shutting down network processes for no apparent reason, without any errors in log, without any HDD problems. After thorough search it seems somebody infected them with some kind of rootkit, but three AV programs could not weed it out. Only reinstalation helped.
Run Memtest (Score:3, Interesting)
Re:Firefox (Score:1, Interesting)
Same here. I use the flashblocker addon to stop flashvertisements from running.
Suggest using Sysinternals process explorer and
Root kit revealer.
If you're running an out of date version of Java you might have picked up a variant of Vundo. It hooks winlogon, lsass and explorer with random named dlls. Even loads in safe mode.
Re:Process Explorer (Score:3, Interesting)
There are a slew of other sysinternals tools as well, many of them would probably be perfect for troubleshooting system bottlenecks.
Clean up your computer (Score:3, Interesting)
We all clean our computers regularly, right? I noticed this on an offloaded pc I cleaned up to pass on. The processor fan and cooling vents was heavily caked in dust and it was clocking slower so it would not heat up so much. Cleaning the dust off the processor cured the problem.
Nuke the site from orbit... (Score:3, Interesting)
Why bother. I keep up to date images for all my hardware and, at the first whiff of trouble, it's bye bye birdy.
There's just not a huge list of reasons to dick with this stuff any more. Yeah, you might learn the attack vector, then you might be able to manually remove the nasty little bugger that's got you slowed down and patch against future intrusion. Or, you can start from scratch and move on with your life after an hour or so. Besides, if it is hardware, it'll be pretty apparent after you've reloaded (if you can reload at all.)
I no longer care what crapware my users have managed to infest themselves with. Ghost the machine, move on to genuinely interesting problems.
Still... (Score:5, Interesting)
Actually, while I do somehow sped more time at home on my Windows gaming box than under Linux (so this isn't a blanket Windows bashing,) my superficial and uninformed impression was that, all else being equal, any Windows box I've seen seems harder hit by IO than any Linux/Unix box I've ever seen.
Yes, you can get a Linux box to crawl too, if the hard drive is stuffed and it can't swap for example. Or if the chipset isn't supported well by the drivers. (Rarer these days, but certainly possible.) Or whatever.
But Windows... seems a bit special. I mean try to copy a directory between two hard drives, or better yet from a DVD to HDD, and Windows seems to me basically stuffed. Even notepad can get about as responsive as a narcoleptic snail. And you can just about forget about, say, playing a game while that happens.
And that's before you even add such brakes as an anti-virus.
I've seen that behaviour in any Windows, from 3.0 to Vista, including a detour through NT 4.0. In fact in Vista let's just say there's a reason why so many people were pissed off at the indexer kicking in all the time.
My subjective impression is that I've yet to see Linux get anywhere near that unresponsive, in a similar scenario. Again, assuming that you don't have a nearly dead HDD and the chipset is supported in DMA mode.
But heck, even in PIO mode, I've used Linux in PIO mode and I've used, say, NT in PIO mode. (Thanks to a retarded IT department which installed the wrong IDE drivers.) Linux did obviously have poor file IO performance, but NT just freaking _froze_ for a second or two, for example, when minimizing or maximizing a window. (Presumably due to aggressive memory management which swapped more of a process out when minimized.)
Now admittedly I haven't actually programmed an OS at any point, so I'm probably talking out the arse, but I see no reason why that should happen at all. Any common source of IOWait has an interrupt. Even in PIO mode you don't have to poll until it's done. And DMA, now that was invented for the precise reason and purpose of transferring some data while the CPU services another process. It's why it's there. So there's no freaking reason for the whole OS to just twiddle its thumbs and wait. Even if one process is waiting for _paging_, you can still yield to another process while waiting for the HDD.
another suggestion (Score:2, Interesting)
Also, nothing stops a computer like a piece of hardware telling everything to wait. Go to the actual manufacturer's page for every piece of significant hardware and update the driver for it. You'll be surprised how many are described as critical fixes but don't appear on windows update. And there's a lot of lines in the changelogs that will say something to the effect of "fixed system hang/pause when..."
Re:Virtual Machine (Score:1, Interesting)
Watch porn in a virtual machine.
Or just use Sandboxie lol
Wow im "Anonymous Coward"
Viruses running as threads and interrupt handelers (Score:3, Interesting)
This is a scary thought that might be relevant. Wired recently published an interview with a repentant spyware author who mentioned that they had figured out how to run the virus as a series of discrete threads which are not running as part of any parent process, something that Windows evidently allows. He also stated that they considered using a completely threadless model, by installing the code as an interrupt handler. Just tie it to an interrupt that regularly fires, and their code runs in an utterly transparent manner - something Windows also allows. The guy claimed that they didn't actually do the interrupt trick. But the frightening think was that it is even possible. I have no doubt that someone will do it eventually.
Re:Check the HDD (Score:3, Interesting)
where to begin... (Score:3, Interesting)
First: Get this. [free-av.com] If you got a rootkit, this should find it. unless it's something zero day. If it finds stuff, then reboot back into windows and run something like Malwarebytes Anti Malware [malwarebytes.org] or Spybot Search and Destroy [safer-networking.org] for a few days (a week or two with Spybot. They only update on Wednesdays) to get it completely cleaned out. Windows Defender also works good here and adds realtime scannning to the mix.
Second: Like someone above posted, Check for Drives Running PIO in Device Manager. If you find any, run the resetDMA Script someone above posted. ALso Check your BIOS for changed settings. Dying CMOS batteries can cause a lot of havok with DMA settings depening on the BIOS defaults.
Third: Test Hardware. Contrary to Popular belief here, Windows NT Kernel Failures, *Especially Blue Screens* Are usually caused by either a Hardware failure or a Driver failure. If it's been running great and then BAM, check hardware first. The Ultimate Boot CD [ultimatebootcd.com] has all the tests you need. Test for RAM errors and test your Hard drive using the Drive Specific diagnostic program.
Forth: if all else fails after this, backtrack. If you installed something recently, and the machine started acting weird afterwards. uninstall it and see what happens. System restore (if it actually works) also comes in handy.
Finally, a Tip. Stay The Hell away from "optimizing" software. Just about every Registry optimizer I've ever seen screws up more then it's worth. Speed boosters tend to slow things down in the long run or lock windows, and any disk optimizer basically does nothing different than defrag C:. Even Microsoft's Registry and cleaning offerings on their onecare site has screwed me over in some cases, and if they can't optimize their own OS... Just say no to them.
Upgrade Windows to help Microsoft (Score:2, Interesting)
Processor power throttling? (Score:3, Interesting)
I scanned through the comments and didn't see this mentioned yet, so...
Check if the processor speed is being throttled. I once saw a laptop that seems to have the symptoms you described - everything going slow, processes taking lots of CPU time.
It turned out something was wrong with the power management and it was keeping the CPU at the minimum speed permanently. Setting the power profile to "Always On" fixed it for a while, but then it started again, so I disabled the processor power management features in the BIOS.
The post didn't mention if this is a laptop or desktop, but even modern desktop CPUs have lots of power states. Worth a look.
Re:Turbo button... (Score:3, Interesting)
I saw a lot of those computers in my college lab, and of course experimented with the "turbo" button but it never seemed to do anything. Why were those buttons installed on old machines? And how come they're no longer used in modern PCs?
My old Commodore 128 had a "FAST" command in Basic, and it did make a noticeable difference.
The TV screen went blank.
Re:Check the HDD (Score:5, Interesting)
Better yet, do the aforementioned "Reformat and reinstall clean software", then, and ONLY then, make a restore point.
THEN disable "System Restore".
At that point, the .exe can no longer be used to corrupt your restore points, but YOU can always go back and turn the service back on to access that KNOWN good system/software install if the shit hits the fan again.
MUCH easier to use a restore point then reformat.