What on earth did I do to my laptop?
August 20, 2009 5:15 AM   Subscribe

My laptop hasn't been the same since blitzing some particularly nasty malware. What on earth did I do?

I like to think I know what I'm doing with computers, but this one has me stumped. And just to pre-empt the inevitable good advice of just reinstalling Windows: not an option. This thing's as old as the hills; no CD drive, it doesn't boot from USB, and I don't have the necessary hardware for a network install. I've just about given up all hope of fixing this being anything other than a wild goose chase, so you smart people are my last hope. Here's what happened.

A couple of weeks ago, I managed to infect my laptop -- which runs Windows XP -- with some nasty spyware. I forget the name, but I can dig into removal logs and find out, if it makes a difference. It was one of those that stops you running executables and the task manager, replaces the background with a warning about spyware (which I found deliciously ironic), and installs (if that's the right word) a fake spyware detector that encourages you to pay to remove all the infections it "finds" (none of which matched up to the real infections, naturally).

Trying to remove it was a hellish experience, but for once the age and terrible boot speed of this thing did me a favour, and I was able to launch Malwarebytes' Anti-Malware (adivce from MeFites in other questions lead me to that, by the way, so thanks!) before the exe-blocking stuff kicked in. I thought I'd managed to remove all trace of the nasties -- and even un-ticked some boxes in the boot options and got XP booting at a wonderfully fast speed. But then I noticed some odd behaviour with the Windows Classic theme.

This screenshot demonstrates it quite nicely. See how the titlebar has inherited the dark blue of the background behind it? That's what it does now. It inherits whatever is behind it, and that becomes the new titlebar background. Moving the window around just leaves whatever was there before. I think it's a symptom most XP users have seen before when trying to move windows around and finding the background moving with it, except this is permanent. That would be manageable, except a side-effect is that everything becomes awfully sluggish (and this laptop only has 256MB RAM, so it's sluggish enough to begin with). Changing the theme to the awful default XP theme fixes this, for the most part, but certain apps still cause everything to crawl to a halt -- Foobar2000 and Filezilla being two examples.

This stumped me for a few days, but I made some progress when I tried to play a game using Mame. It simply would not work! Something about a driver not being loaded. I assumed that to refer to either DirectDraw or Direct3D -- maybe they're the same thing? I don't know, my knowledge gets a little vague around here, forgive me if my explanations aren't up to par. So I fiddled with the config, disabling some graphic options and made no headway at all.

So I moved on to dxdiag, and tried running the tests. The first two DirectDraw tests go fine (the windowed ones), but the fullscreen ones do not; the bouncing box only manages to move a few pixels before the test ends -- extremely slow, basically. None of the Direct3D tests worked. So I reinstalled DirectX. Didn't fix a thing, except it now tells me gcdef.dll is not the latest version, which may cause some problems. Except it's certainly the latest version I can find.

And that's about as far as I've come in trying to figure this out. My best guess at the moment is that something relating to the onboard graphics card has become corrupt. I've reinstalled the display drivers (which were difficult to find), but that made absolutely no difference. It's a Trident Video Accelerator Cyber-XP4.

Until a resolution is found, I've completely disabled hardware acceleration in Windows. This, rather happily, allows the Classic theme to be used again without slowdown, and everything is actually rather hunky-dory, except for the fact that I can't play any games!

I recognise that the best course of action here is re-installing Windows, but as mentioned above, that's not an option. The only reason I even keep the thing around is for playing some games I really like that don't have OS X counterparts. (Big Jap shmup fan, none of those guys develop for Macs!) So not being able to do that makes it useless.

Here's one final thing that is probably irrelevant, but in the interest of presenting all the information, I'll include it. This happened after all of this -- the very next day, in fact. My life is truely a comedy of errors. I managed to spill a little tea on the upper-left of the keyboard -- literally, the tea only touched 3 keys in the upper left corner, but apparently spread much further once it got inside. It was fine at first, but after a while, started just persistently beeping, the way it does when to many keys are pressed at the same time. No amount of cleaning, blowing, and praying fixed it, and I eventually just disconnected it from the mothership and use an external keyboard instead now.

What do you think? Anything I can do? It's not the end of the world if I can't do anything about it; I was hoping I wouldn't have to resort to dual-booting Windows (or virtualizing it) on my Mac, but that's definitely an option -- it just seems a little overkill for three or four games I'm too addicted to go without and only play a couple of times a week. It also seems a waste to give up on an otherwise fine laptop.
posted by nostrich to Computers & Internet (9 answers total)
I want to know how you managed to get windows xp on a machine that didn't come with at least a cd drive!

Seems to me you have a few options.

Crack the laptop open and make sure the graphics card is okay (and anything else). The water may have dried, but there should still be residue left over from the tea. That will let you know if the tea is the culprit. as for fixing that - depends, can you get a replacement graphics card/motherboard?

You can buy a new laptop.

Or as you said, you can dual-boot windows onto your mac.

That last option is probably the easiest. They're all pretty cost heavy though.
posted by royalsong at 5:51 AM on August 20, 2009

You could try something like the System File Checker
sfc /scannow
is a longshot, but I've seen it fix some strange problems. You might need to mount the XP CD over the network, or copy the i386 cab files to a local directory.

Also, reinstalling a service pack might help.
posted by teabag at 5:52 AM on August 20, 2009

To follow up, make sure you run chkdsk as well... just for fun.
posted by teabag at 5:56 AM on August 20, 2009

Take the hard drive out, put it in another computer (or in an external enclosure attached to another computer) and re-install windows. Not what you want to hear, I know. Hopefully someone else can swoop down and save the day with an easier solution.
posted by ChrisHartley at 6:03 AM on August 20, 2009

You don't necessarily have to dual-boot on your Mac - get something like VMware Fusion. I find it works just as well as dual-booting, if not better.

Anyway, obviously some important file is missing. The best way to resolve this is to boot from the XP CD and run the repair option it gives you, but you say you can't do this. Alternatively, try (re)installing the latest service pack.

Slightly more "hardcore" is to figure out what file is missing (you listed the name of some DLL) and find it on the XP install CD (it'll be named something like gcdef.dl_ in the i386 folder). Boot into safe mode command prompt and use the extract/expand command to get the uncompressed version (I forget the exact command name, type HELP for a list), and copy it into your Windows\System32 folder (or whatever the file is supposed to live).
posted by jon4009 at 7:02 AM on August 20, 2009

Speaking as a programmer myself, you need to get into the mindset of recognizing an OS reinstall is often required following an infection. Virus repair programs rarely are able to return an OS to its original state and there are often fragments of the virus/trojan still active. If reinstalling Windows is not an option, you need to examine why that is and address that issue, and if it's due to the complexity of the reinstall then use a program like TrueImage that can snapshot a sterile OS.
posted by crapmatic at 7:43 AM on August 20, 2009

My guess is that is has nothing to do with malware....it just might be that your video card is coincidentally starting to pack up at the same time, or your video drivers.
posted by kimdog at 8:13 AM on August 20, 2009

I'd say it's the video card. When you turn off hardware acceleration, you're having the CPU handle stuff instead of offloading to the graphic card, and that's why it works. The weird background effects you describe are also explainable by the video card acting up and creating some sort of performance problem.
posted by dhoe at 8:56 AM on August 20, 2009

3rding the video card problem. One of the things that always gets me when diagnosing a computer problem is when two things go wrong at once, or very close together. All the symptoms of the 2nd problem get dismissed because your SURE that the first problem is the cause.

I once had a video card go bad and right after I installed a replacement I was having power problems. I was SURE the card was bad but after working with the manufacturers phone support for a couple of days I replaced the PS just to PROVE he was wrong (and I saved the receipt too!) and ... he was right.
posted by Bonzai at 10:58 AM on August 20, 2009

« Older 30 days in Europe, what to see?   |   Can I find a cloak in Cornwall? Newer »
This thread is closed to new comments.