The Download Blog

Published by Johnathan; Pasadena, California

Well, one day I was logging onto my computer when I noticed a virus alert. I had noticed a week or so before that the sites I visit (like Crunchyroll) felt a little slower, and a month before that my computer started restarting randomly and continuously. I had to turn it off for a day to fix it. After I saw the virus alert, the sites I go on took about 8 seconds a page compared to the normal 2 or 3 seconds.

That's not all, however; I found that I couldn't log off, use the task manager, or look at the programs I had. It deleted my Mozilla Firefox icon so if I didn't have AIM--thank the gods I do--I wouldn't be able to use the Internet. Ad-Aware didn't do anything and when I finally used AVG, it saved my computer a bit. I don't have the computer on virus alert, but I still can't log off or look at my programs and I can't use Task Manager. Any help?

Editor's Response

I remember having to play Memory with hidden icons to launch my programs after a program jam that mucked up my display. That was before I discovered Launchy. It was a slow-going challenge, and an IT rep was dispatched to surgically remove my hard drive and return it a few hours later, completely wiped. Like I said, that was an issue with visual freezing and not a malware attack, but the bottom line is that invisible computing doesn't work. The erratic shut-downs you experienced should have be the first warning sign of something screwy overcoming your beloved computer, and a big hint to check the baseboards for malware.

I'll assume that once your computer began short-circuiting, you heeded the warnings and shut it down safely. I'll also assume that you let it rest a few minutes, then rebooted and punched F8 to arrive at Safe Mode. I'll assume you cycled through the boot-up procedure one more time in an attempt to refit whatever could be out-of-whack, and that you ran malware scans in Safe Mode when the problem proved not to be a one-time glitch.

The easiest move from where you stand is to fall back on a restore point, which is why you have them in the first place. If you can get into the Windows Start menu, first click Help and Support and then System Restore. Try rolling back to a restore point before the computer began fizzing up, maybe 2 months ago. If successful, you'll shed the ailment and will get to keep most of your files. If niether System Restore not normal malware removal procedures succeed, you may be forced to save what you can and reinstall Windows.

Published by: Bob; Boston

I have an XP Systemax unit that has worked flawlessly for two years. Until today. I checked my e-mail in the morning and noticed it was a little sluggish, so I rebooted--I admit, it had been a while since my last reboot. When the computer came back up, it was almost at a dead stop. Neither my ZoneAlarm nor AVG Anti-Virus would load. Any program I tried relating to anti-anything would not work, either.

After several reboots I was able to launch AVG and found hundreds of spyware files dumped on my system, from CoolWebSearch to lots more with the word "search" at the end of it. I managed to delete all the entries, but my system still working badly. I had to use Phoenix System to restore the unit to its factory settings and hope for the best. I have yet to go home and see if it worked. Any suggestions as to any more forms of defense? I have (had) SpyCatcher Express, ZoneAlarm, ZoneAlarm ForceField, CCleaner, Advanced WindowsCare Personal, and SpywareBlaster. Luckily, I had everything backed up to a separate drive and to other computers on my network that they could not see.

Editor's response

Just when we all thought CoolWebSearch was a thing of the past, it rears up to trouble the victim with pop-ups, browser hijacking, and scraping up personal data. Getting rid of it and its ilk is the first task. Keeping them from returning is the second.

CoolWebSearch first began spying on Windows users in 2003. Not too long after, InterMute Software (now part of TrendMicro), released CWShredder, a freeware antispyware utility bent on destroying CoolWebSearch and known variants from your PC. Start there.

Hopefully the infiltrating malware isn't crafty enough to disable your Internet connection or new downloads. If it is, downloading the file on an uninfected computer and transferring it through flash memory or a CD to the besieged computer might work. If the executable installs but isn't able to run, rebooting in Safe Mode--by repeatedly punching the F8 key and selecting "Safe Mode"--should succeed.

At this point, let's assume that CWShredder has emerged victorious and most of the files are gone. This is a good time to rev up one of your trusted antivirus applications for a second-round check. When all appears clear, I'd let loose with CCleaner to sweep away fragments of digital debris on the hard drive and Registry. You'll have the added assurance that CCleaner will make backups to undo changes in an emergency. If you'd like, scan with a different antivirus program to make sure you've thoroughly hunted down the malicious code, and--this is recommended, but completely optional--top it off with a thorough defrag session.

Gosh, that sounds like a lot of work. It is, but that's the nature of the DIY malware-removal beast. Wiping XP and reinstalling Windows is a more straightforward, more extreme technique, but it, too, takes hours to accomplish and requires the presence of your original boot disks. Besides, you'll need to reinstall all the software, photos, music, and other personal files that you had accumulated over the years, another time-consuming effort.

What about when the computer is back to its pristine state? How, then, do you keep nasty, invasive malware from piercing your armor? A good firewall is crucial. Equally essential are safe surfing habits. Take advantage of user accounts on computers you share with extended family and friends who may engage in risky online behavior. (See our how-to). Also, try switching to Firefox, Opera, or Flock browsers if you've had problems with viruses targeting Internet Explorer. And you know those Web-site-rating browser add-ons we routinely advocate? Use them; they work. WOT, Netcraft Toolbar, LinkScanner, and McAfee SiteAdvisor are all solid options.

Published by Mesila; San Francisco, CA

I recently had unknown malware that was causing Windows to keep rebooting at odd moments. Another thing it did was install a kazillion services and then have all of them running at once. It wasn't something that any scanner would pick up--and being big on file sharing, I've made it a point to keep a whole army of antimalware programs around. I'm assuming the culprit was either one that was new at the time, or a variant that had morphed itself from an older version. Eventually, after a lot of fussing and cussing, I had to reinstall Windows XP. (The malware had also gacked the System Restore function.)

Services in general faze me, even as an intermediate-to-advanced user. I use Process Explorer to ferret out running services that do not belong to Windows or to programs that I am familiar with, but more than once I have shut down something I'll see running that hides under svchost.exe. It confuses me to see svchost.exe running multiple copies of itself--that's one place a lot of active malware hides, but too often I'll end up hosing something that I shouldn't have and screwing up my system in the process.

I wonder if there's some way to shut down services we're never going to use, or keep anything other than Windows from using them, because then I wouldn't have this happen so much. I'd imagine that would also save resources. Windows Help files about services are unfortunately not very helpful.

Editor's response

Good move with Process Explorer. We've extolled its virtues in many an editorial as a clear way to see what's running and pick off what ought not to be. Yet despite Windows' proclivity to run multiple instances of the generically-named process, not all host files are troubled.

However, since you asked, one way we know about how to control a Windows service in XP is through the Service Control Manager. There are two methods of getting to this native control. Method one: Open the control panel, and then select Administration Tools. Select Services from the bottom of the pile. Method two: Press the Start button, select Run, and type in services.msc.

If you hover over an instance of the svchost.exe in Process Explorer, you'll see which services are associated with each process, and can then suspend the service from the Service Control Manager. You can also right-click any process in Process Explorer and click "Properties," then hit the "Service Tab" to stop or pause any of them without using services.msc.

That's my take, but if others of you out there have insight for Mesila or for anyone else confounded by hosts, now's your chance to pipe up in the comments.

Submitted by Scott, Vernon Hills, Ill.

This past April, a friend of mine, Jeff, called me on a Saturday afternoon, letting me know that I was instant messaging him right then. I obviously wasn't. He said that after some lines of basic text, I acted panicked and asked for money to be wired to an African bank account, which Jeff knew immediately was bad news for the real me.

I immediately changed some passwords in key accounts and found that my Hotmail account had been mysteriously compromised. The evildoers had got a ton of my contacts and sent out some boilerplate e-mails to unwitting friends and family, most of whom I assumed were smart enough to sniff a scam. I figured my first wave of defense would be good enough until I had more time to filter everything. That was really going to suck, I reasoned, but I had other things to do in the time being.

That evening we were at some friends' house for a dinner party. Our friends' 2-year-old child accidentally set off a carbon monoxide alarm in the basement, and in the ensuing chaos of children, the alarm, and a boisterous party, I received a call from my obviously distressed mother who had just been instant messaging me and was at her wit's end with worry.

Here's the conversation she relayed:

'ME': Hi Dad!
Parents: Hi Scott, it's Mom here
'ME': OK, how are things?
Parents: Good, how are the girls?
'ME': Good
Parents: Did you hear about Heidi's sister yet?
'ME': Yes [at this point, Mom was wondering why I was spewing all these one-liners]
'ME': Mom, in trouble and need help...[wire money pitch followed]
'Parents': Call me! What's going on? Are you serious?
'ME': Phone not work well...problems here

That's when my mother called my cell, and unlike all the other friends and family who ignored those obvious scam e-mails, poor Mom's stomach was sinking downward and her mind was scrolling through worst case scenarios like any good mother's would. I answered the call in the middle of the carbon monoxide din, which only made me feel even more trapped when I discovered the true purpose of the call. It took a few minutes to calm Mom down, and after explaining the earlier incident with Jeff, we ultimately had a good laugh over the mess. Except now I had to deal with the keylogger Trojan (TrojanSpy/ProAgent) I had somehow contracted.

The villains had sent off about 10 messages and made contact with three people through IM before I was able to change the password. It was a bold and shocking violation of privacy. Amazingly, they preyed on the right folks from a contact list of over 100: my parents, the most likely to cave at an unknown peril to their first born.

I use Norton Internet Security on all my PCs and am very careful with my security all-around. When I called Norton, they said I was at fault for opening up a 'legit' program that Norton could not distinguish as good or bad. Can't Norton scan for keylogger code?! I purchased XoftSpy, which appeared to do the trick of identifying and eliminating the keylogger, or so I thought. I used a second Trojan antispyware package for a "second opinion" to confirm it was gone and it identified some totally new Trojans! The horror!

Realizing I was going to fall into a trap of continually spending $30 registration fees, I figured an absolute confirmation was necessary, so I took Norton up on their $99 eradication service and a nice representative gave my system a good natural cleansing. I showed him the results of the other package that reported my infection, and he pointed out it was a fake to entice someone to pay for the registration! My God, who can you trust?!

It took two hours for the representative to clear out all the infections and to this day I've had no other issues. The villains did send login ID requests to PayPal, eBay, Amazon, and other financial sites, a fact which will haunt me for years as I wonder when they'll mine all those prior e-mails for something I missed, something sensitive to my life.

One lesson learned is to purge old accounts. My Hotmail account had 8 years of old e-mails, many with password information requests that I had sent. Stupid. I removed those and thanked my lucky stars that the policies have changed over the past few years and that some sites now force you to change old passwords. If not, maybe I would have been cleaning out my bank account via eBay or PayPal.

I was hoping we'd have an 'ID Theft' registration site that financial sites could reference in case my life savings was in the process of being wired to Somalia or the like.

Editor's response

We don't have a lot of first-hand accounts of IM scams in our annals of Spyware Horror Stories, but when they happen, the cons are mighty effective. Similarly to phishing e-mail, IM scams count on the recipient's assumption that their buddy is in truth the typist and on the recipient's conditioning to click the offered link.

Thanks to the speed and breadth of the communication medium, malicious message can spread widely and rapidly through a victim's buddy list. Even a bare link devoid of context can net a good deal of response from users who trust a friends' mysterious URL bait in hopes of an entertaining payoff.

Most of the ruses I'm familiar with involve phishing links such as this one or a hidden .exe download. Scott's haunt used the IM medium to deliver a twist on a '419' scam. Instead of asking for a bank account number in exchange for a percentage of some bogus money trade, this method took advantage of IM's personal touch by begging for a direct money wire. The tactic wouldn't be as convenient as an e-mail blitz that nets the numeric key to clean out a bank account, but it could well whip up enough panic in a dear relative or friend to elicit some cash. You would have been wise, Scott, to alert your IM provider and buddies of your compromised accounts.

Making matters worse is the keylogger that first got you into the mess and the successful rogue antivirus trick that dug you deeper. I may be a little biased here given my place of employment, but if you're not scouting software on a site that's known to offer safe downloads (a few spring to mind,) you should at the very least be using a link-rating tool such as McAfee Site Advisor or AVG LinkScanner, the latter of which has also now been sewn in various degrees into the premium and free versions of AVG Anti-Virus.

Submitted by Peter; Cordoba, Argentina

I'm a writer, currently living in Argentina. My native (and working) language is English. Obviously, word processing software is a vital tool for me. I bought my last computer, a beefed-up HP 2200, in Cordoba, Argentina. Unfortunately, I had to accept the Windows XP Pro OS, in Spanish, that the vendors supplied it with. I specified that MS Office should be included and it was; alas, in Spanish. When I contacted the MS people in Redmond, Wash., about a download in English--there are complicated restrictions about getting CDs through the local customs--I was informed that I had to work through Microsoft Argentina as "...our software distributed to that country is substantially different to the U.S...". End of story? Not even close.

It turns out that the vendor's Office 2003 installation on my computer was pirated! I paid for a license, but in my own foolishness, I didn't check the package for documentation. These people have since gone out of business and their firm exists with new owners.

I worked for a year with the computer offline, then a year ago I connected to an ADSL link and because I run some networked applications, it is on 24-7. About six months into this, Office started to go wrong. At first it froze and I had to close it with the Task Manager. Then the whole system became progressively less stable. Scans with Norton, Ad-Aware, and other security software came back clean. That's as far as my geek ability can get me, so I finally had to wipe the drives. My budget doesn't allow for an effective backup, so I must have been able to recover about half my files.

Now I'm running a "clean" XP, the vendor's original, have downloaded and am about to install Ubuntu (with dual boot,) and am collecting a lot of very effective open-source and or free software through Source Forge, CNET, and the open community in general. I'm finding not only some really impressive stuff, but also a huge number of very intelligent and willing volunteers out there to give help whenever I'm about to hit the panic button. For a Net newbie nitwit like me, that's often.

Editor's response

Buying technological goods in foreign countries can be a challenge, and I speak from personal experience. The ease of acquisition and quality of choice tend to follow global economic currents, and our old friends--supply and demand--return to explain how in cooler markets, local buyers wind up paying princely sums for smaller selection. In truth, gradations of service and quality span continents, countries, and cities. Just take San Francisco, where consumers buy goods in retail shops, thrift stores, and in informal economies, such as Craigslist. The major difference I see is that locals are better suited to recognize, and therefore navigate, the risk.

If we had the power to give Peter a do-over, he would likely put as much research into the source of his purchase as he would into the laptop model. There are three immediate things one in his shoes could do when deciding where to buy big-ticket items:

1. Call the manufacturer. It may be a pain to calculate time zone differences, buy a calling card, and wade through automated menus, but in Peter's case, asking about certified distributors in his area could have made a huge difference.

2. Harvest recommendations. You're not the only foreign national wherever you are. After checking with local friends about where they make their purchases, interview the other expats (there are often social groups), and go case the suggested stores for prices, selection, warranties, and evidence of good management.

3. Take advantage of the long tail. Spend a few hours with a friends' computer or at an Internet cafe to search for advice or ratings online. See if there's a larger distributor that will ship to you from a major city, or check local versions of Amazon.com or similar online stores for their stock and shipping rates. International shipping charges are often substantial, but if you've got close friends and family with access to a virtual or brick-and-mortar store you know and trust, buy yourself a power converter (locally) and reimburse your gophers for all other costs.

With regard to the software itself, Microsoft Office isn't the only productivity suite around, and Microsoft Word isn't the sole word processor. AbiWord and Dark Room are two freeware applications more than capable of handling compositions. AbiWord is multilanguage, with an interface reminiscent of Microsoft Word and WordPerfect, where Dark Room keeps the background full screen and inky to focus the author on their text. OpenOffice.org is a well-lauded, open-source productivity suite that includes spreadsheet, presentation, and drawing programs with its Microsoft-like word processor.

Readers, do you have other pointers to add? Leave them in the comments. To share your own Spyware Horror Story, click the shiny yellow button below.

In which two readers were burned by high-risk computing.

Submitted by Peter; Tamuning, Guam

Well, to begin with, I tried to get Microsoft Office Enterprise Edition from torrents site mininova.com. There was even a whole bunch of comments saying that it worked "great." So when it finally finished downloading, I opened it, and got it installed. It really did work "great." But then after a few times running it, things started to go wrong. So I tried deleting, but it keeps saying that its "write-protected." I opened the folder and deleted random files to see if that would delete the virus, but it didn't work. However, what I did find was a Notepad document with a bunch of instructions telling the computer to change all values to 3 or something like that. Now I still have the file because of my stupidity in thinking that there wasn't a price to pay. Any advice?

Submitted by Ivan; Rome, Italy

I'm a 12-year-old guy who I think knows way more about PCs than he should. Not long ago my friend came and installed a cracked version of an NHL hockey game. At first, I though it was cool and played it a little. However, once I restarted the computer, my CHKDSK service was running a complete hard drive scan, even though I didn't authorize it. Since it was late, I had to go to bed. I shut down my PC--let me tell you, that was a mistake, besides the fact that I wasted my money on Windows Vista!

The next morning when I turned on my computer, I got the Blue Screen of Death. Error code: 0x00000024. This means that a very important NTFS file was removed or misplaced during a system scan. I thought it was my mistake and that my parents would kill me.

However, the next day, my friend told me that when he was installing NHL, he forgot that he misplaced the crack icon for one of the viruses that he got from the Internet. Let me tell you something, you didn't want to be my friend then. Anyway, the solution was that I had to undergo a complete Vista reinstall, but I had to wait a whole three weeks for my father to buy the CD for me.

I did send my friend a little virus I made myself, though harmless. Now, I'm running Comodo Firewall Pro and AVG Anti-Virus 8.0.

Editor's Response

I guess some users insist on being moths, forever attracted to the flickering flame of crack sites and peer-to-peer downloads, for the same reasons that everyone else engages in risky behavior. Free programs, music, and games are the glimmering rewards, but over the years, readers have been singed by some accompanying viruses. (Here's another example.)

Maybe it's that law-abiding school mom streak in me, but weren't you guys kind of asking for it? Crack and P2P sites are absolutely notorious for ladling out code you don't want along with the downloads you do, some of which end up jammed or have been purposely jimmied to carry malicious software. I can't condone illegal acquisitions of any type, and I won't tell you how to game the system, but there are applications out there anyone can--should--use to scan files before they're downloaded and installed. If your regular antivirus software doesn't have that feature, I'd recommend at least the light (free) version of link-scanning software for any user.

Even folks who regularly download from normally OK sites should consider bumping up to pro versions of the software, which digitally eyes instant-message links, software signatures, and the malicious software payload that could be packed in with all the good stuff. AVG Anti-Virus 8.0, which Ivan mentioned, recently padded their product with the capability to do just that when they bought the makers of LinkScanner Lite and LinkScanner Pro. AVG Anti-Virus 8.0 Free Edition, which is expected to release this Thursday, incorporates the light version of the link-scanning software.

Peter asked for advice to his dilemma, the false move that got him a bunk enterprise-edition of Microsoft Office. It's pretty simple, actually. Don't go for Microsoft. What you want is product, not brand. If your goal is to get a powerful office suite for free, excellent desktop and Web ware alternatives have emerged as viable contenders that also drop the cost. Try out OpenOffice.org, a multilanguage open-source productivity suite that does most of what Microsoft's application can do with text, spreadsheets, presentations, and HTML and XML documents. It earned a 5-star editorial review.

Zoho is another credible option, and a winner of the Webware 100, an annual user award based on Webware.com, CNET's site for Web application reviews. While Zoho's suite isn't quite as deep as Microsoft Office, it is broad, and offers the use of over 20 applications to engage everyday and business tasks.

Here's my final piece of advice for you guys, and really something every user should follow. Save all your installation disks, including printer drivers, boot-up disks, whatever you've got, and keep them all together, for example, in a big CD case. This goes for backup disks, too. Keep the CDs well organized and clearly labeled, and put the collection somewhere uncluttered--not back in a closet somewhere or in some random box. This way, when things goes wrong, as they almost always do at some point in a computer-owner's lifetime, the confidence you've built from knowing you have a reinstallation plan will offset the panic of losing months, perhaps years, worth of data.

Submitted by Chris, U.S.A

I was--and still am--running UbuntuStudio 7.10. Now, even though this is Ubuntu, I can run Windows programs with Wine.

My friend's brother was playing on my computer and got into my e-mail. He opened up the Elvis e-mail, which contains a virus. I found out later that the virus got into Wine. Not too much later after the contamination, I started running Microsoft Office, when Ubuntu came up with an error. Firefox randomly crashed. Then Wine started running Notepad instead of the application I wanted.

I used Ubuntu's virus scanner and it found one virus in the Wine folder, one virus in the Apt folder, and one in the Root folder. It, unlike Norton, deleted all three without any problem. Now I have a special program, BlueProximity, that locks the computer whenever my Palm Treo, bluetooth phone, or bluetooth censor, enters or leaves the computer's range. I also have my computer auto-lock itself. I was able to recover some files on the Virutal C:\ drive, but most were lost to the virus.

Editor's response

We're not exactly sure what Chris means by the "Elvis virus," (the first four pages of Google search results list it as the condition by which "your computer gets fat, slow and lazy, and then self-destructs, only to resurface at shopping malls and service stations across rural America,") but we're certain Chris' friend's brother shouldn't have been poking around Chris' in-box. Why was he tampering with Chris' e-mail anyway? His first problem is a rude house guest.

Incidentally, why was there a link to a live virus stewing in said e-mail message? Before pointing a finger at any antivirus program, Chris should consider implementing a guest account to keep bratty brothers in check, and ramping up the spam filters in his e-mail. If constant spam makes the current account unwieldy, it's easy enough to start fresh with a new account.

I dove into some Ubuntu forums to get a better understanding of the extent to which a virus can infect a Linux box running Wine, the Windows-like environment. There were differing opinions, experiences, suppositions, and authorities, but from the multitude of propositions there was this silver thread: that some malware can indeed infect Wine, including manifesting in the crashes Chris described. The majority of infections, however, will not be able to spread into the Linux operating system. That is, unless you're running Wine as root. According to the Wine wiki, this will throw open the gateway for viruses to access your computer, and if Chris found a virus file in the root folder, there's a good chance that's what happened.

To purge the virus, try killing your Wine processes, delete the contents of the ~/.wine directory, and when you re-start, make certain it's in regular mode, and not as root (or sudo.) If nothing rights itself immediately, try rebooting; and if you still have the heebie-jeebies, you can always run a firewall.

True story, happening now. It's 1:48 a.m. on a Saturday morning and I'm hand-picking through a mountain of spyware and adware on a friend's laptop. I've borrowed the laptop and Internet connection to "quickly" finish some work, then quickly realized this was actually going to take all night. After a 20 minute start-up churn, I had only just gotten VPN running and Firefox loaded. It wasn't the interminable start-up that had me worried so much as the two casino icons squatting on the desktop. There's no way they were legitimate on this straight-laced pal's rig.

As soon as Revo Uninstaller finally loaded, it was immediately clear that despite updated McAfee protection, the laptop, ancient by the modern standards of a disposable economy, was riddled with adware and spyware. We're talking 180Solutions, WhenU, TopText, CommonName, and a slew of mysterious-sounding toolbars that never showed up on any browser. Not that I'm blaming McAfee--there are years of security unawareness, lapsed protection, and misclicks that I'm sure are bound to this six-year-old Hewlett-Packard. Assignations of blame don't matter, anyhow. What matters is thoroughly junking the refuse that I angrily know is collecting data and bogging down the computer performance.

These 32 registry items won't be sneaking around on my watch.

(Credit: CNET Networks)

I've chosen Revo Uninstaller as my weapon of choice for a few reasons. First, ever since we editors discovered it, it's become a personal favorite. I appreciate the four levels of in-depth removal, and the way the app scours registry and hard-drive files well after completing the unwanted app's built-in uninstaller. It's amazing how many registry entries, program files, and auto-starting dlls remain.

Second, I'm curious. Running a spyware removal program--and there are very good ones--would likely take out most of the adware trash, but would I be any wiser? Late as it is, I'd rather see where the files are hiding out and under which names and pseudonyms. I'd like to eyewitness what the 500 registry entries left behind after the uninstall are called, and get a feel for their cunning. I'm keeping the enemy close. You know, before disposing of it.

By now I've gone through a few demolition rounds, hitting the "brand-named" adware first, and already the desktop looks trimmer. Those garish casino icons have disappeared, their flames deprived of fuel. Adware and spyware beget more adware and spyware, so in some cases, slashing the main app can weaken its spin-offs. Manually deleting those offending icons from the screen, however, wouldn't have done a darn thing to the files in the driver's seat, least of all facilitated the kinds of connections I'm seeing now.

Some of these leftover apps I see in Revo are in obvious need of burning out, like the MBKWbar Toolbar; for everything else, a little Web search helps determine my allegiance while Revo Uninstaller does its worst with the parasite at hand.

It's 2:19 a.m. and the coast is looking much clearer. Of course, caution is necessary any time you get in the vicinity of essential computer processes, but a good uninstaller should help you along. That and my great-grandmother's mantra, "When in doubt, don't," have rung true this far. I'll soon be able to restart the computer to complete some of the leftover file deletion (that's normal,) then set the trusty laptop to defrag overnight. Then I'll come back tomorrow, refreshed, to finish the job with a CCleaner bath and one more antispyware scan just to make sure.

Submitted by Chookkii; Willaston, Australia

After reading all the stories and blogs, I'm starting to think that maybe all the problems I'm having all of a sudden could be caused by the Norton Internet Suite I purchased this year. My computer is running slowly, programs are constantly "not responding," I'm getting error reports about programs that I didn't even know were running, let alone that they existed, and to make it worse, I am very basic on the computer. We did not have them when I went to school, so all I know is only what I have taught myself. When something goes wrong, I have a hard time trying to fix it and if I do manage to fix it, you can bet I don't know (or remember) what I did to fix it!

Everyone talks about having enough memory, but I've no idea what I should have. My laptop has a speed of 1,729 MHz, RAM 512 MB, total capacity is 111.78 GB, and free disk space is 80.04--all of which means nothing to me. Also, everyone talks about cache memory, but no one tells you how much you should set your cache memory to. Anyway, if my problems are with Norton, what do you do? Do you put up with it since it cost over $100.00 for a year's subscription, or cut my losses and disable it?

Editor's response

As liberating as computers are, it's terrifying when things go wrong. You're left abandoned, even mocked!, by the tools on which you've come so heavily to rely. It's like having your trusty accountant wipe a stack of forms to the floor, storm out of the office, and leave you to sort out your own taxes.

That's why this Spyware Horror Story (see all) goes back to basics. Without a good foundation, novice users will perform tasks without understanding what they're doing or why. Not that this quick response will solve all problems, but it's a start.

Memory. The two kinds of memory Chookkii mentions are RAM (random access memory) and cache memory, the latter of which can mean different things in various contexts. In layman's terms, RAM is a sizable data reservoir that makes much of your data quicker to access, faster than pulling data from the hard disk. I've heard it described with a library book analogy, and here's another--getting data from RAM is a bit like getting a cold drink from the kitchen refrigerator, instead of from the garage. Cache memory works similarly, but is a reservoir to make getting select data even quicker than getting it from RAM, like fetching that drink from the mini fridge at your feet instead of traipsing to the kitchen.

If you're not a gamer or running a ton of heavy, full-featured programs, a 512 MB RAM is usually adequate. You can add more RAM, let's say a gigabyte (GB) more, by buying it from any retail or online electronics store (compare prices here.) That will generally speed your computer's performance, and is a good choice if you plan to store large multimedia files, like music, photos, and videos.

I'm no cache memory expert, but from what I understand, the limit is tied to the CPU chip that comes with your computer. Replacing that means messing with the guts of your computer. Don't take my word for it, though. There's a lot of good information on the Web, and plenty of forums to help, including CNET's.

Problems with Norton. While antivirus apps have been known to compete with each other and spontaneously combust when you've got too many going at once, I suspect Chookkii's problems are more of a malware nature. This was the tip-off: "I'm getting error reports about programs that I didn't even know were running, let alone that they existed." Ding, ding, ding! Ah, the sweet warning bells of corruption. There are a few things I'd do in this case.

First, make sure Norton is completely updated. You can do this by opening the program interface and finding the "Updates" button. The next step is to get a second opinion whether the software in question is unwanted malware or some greater system wreckage. I suggest scanning the computer with a different third party antivirus app. There are plenty of good choices out there, but I might start with one like SUPERAntiSpyware Free Edition.

If that doesn't turn up anything, you can easily escalate the hunt by running a diagnostic scan with Trend Micro Hijack This, a free, invaluable tool, and send the log to a dedicated spyware forum for analysis. Read our help manual for more details.

My final piece of advice is also the most drastic, and should be followed only if you're at your wit's end. Back up your photos, MP3s, and important documents (you could do this with an external hard drive or with software) and reinstall Windows with your original installation disks. This is time consuming and you'll lose all your extra programs and data, taking you back to the extreme basics. Known as a "clean install," this method also usually rids the system of what ails it and is a straightforward enough concept for even extreme novices to find success. Best of luck.

Find you also have suggestions for Chookkii? Leave them in the comments below.