Over Christmas, trusty, aging Compaq 1750NX got into trouble. First darling daughter, home for the holidays, websurfed somewhere evil and infected him with a rootkit. After blowing said rootkit away with TDSSkiller, and a second one with Combofix, poor old desktop still ran SLOW. In good shape he used to boot up in 45 seconds. Now he was taking two minutes. And every thing ran SLOW. The audio stuttered while doing the Windows warmup "Ka Ching" sound. Task Manager was showing 80 90 percent CPU usage when nothing was running.
I finally tracked it down and fixed it. I ran Process Explorer, a fancier version of task manager. Process Explorer showed me that hardware interrupts were sucking up all the CPU time. A quick google (Hard ware interrupt virus) got a lot of hits, from which I learned that Windows was shooting itself in the foot.
The disk drive is supposed to transfer disk data to main memory using "direct memory access" (DMA) whereby blocks of data are moved into memory without CPU work. For nostalgia sake there is a primitive mode called programmed I/O (PIO) whereby the CPU has to move disk data byte by byte, (one move instruction per byte) and interrupt the CPU when each byte is ready to move. PIO was used back in the dawn of computing, and the PIO mode is a historical curiosity. Somehow, the disk drive software had put the disk into PIO mode, slowing the entire computer.
How to fix.
Start Device Manager. (Start->Settings->ControlPanel-. System->Hardware->Device Manager). Click on IDE ATA/ATAPI controllers. Click on "Primary IDE Channel". Click on "Advanced Settings". If "Transfer Mode" shows as "PIO", that's your trouble. The three boxes ought to read "Device Type Auto Detect" : "Transfer Mode DMA if available" : "Current transfer mode Ultra DMA mode 5".
If the boxes are wrong, you can fix it by forcing Windows to remove and reinstall the driver. Click on the "Driver Tab". Then click "Uninstall". Windows will then ask to reboot. Let it. That's it. All fixed.
You don't need to get into Process Explorer, that was just the aid that tipped me off to what was happening. Just go to Device manager and inspect the IDE ATA/ATAPI controllers.
This is NOT a virus, it's a bug in Windows.
1 comment:
Thanks for sharing this. I had the same problem after running TDSSkiller. All fixed now, thanks to this post.
Post a Comment