I have never seen a more infected computer in my life

By f0rk_b0mb
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

f0rk_b0mb

Posted
  • Author
Posted

Personally if you don't know what to do and you have to question yourself you might not want to take someones personals things and do the work.

I do this all the time. It just with this laptop, it one thing after another. All the other computers before was just a simple malware bytes and it's gone. Again, I'll post some screenshots tonight or tomorrow of the infection.

Veteran

Shane Nokes

Posted
Posted

I do this all the time. It just with this laptop, it one thing after another. Again, I'll post some screenshots tonight or tomorrow of the infection.

I'm very interested to see what comes up. :)

  • f0rk_b0mb and Brandon H
  • Like 2
Grand Master

f0rk_b0mb

Posted
  • Author
Posted

What the fu** man. The "antivirus" program she was useing is this. I bet it works really well. /s I got past the FBI Screen tho. :)

http://www.2-viruses.com/remove-antivirus-protection-2012

http://support.kaspersky.com/viruses/rogue?qid=208286236

Grand Master

Astra.Xtreme

Posted
Posted

So saying that I'm baffled and stepping back because I don't want to **** people off is flipping out?

Man I'd hate to see what you'd call someone actually flipping out. ;)

You can try to tell me the same thing over and over again...and it doesn't change what I've been doing for years...without an issue.

The way I do things is the reason why I've worked for the government, and why places like MS have me consult on things and even contract my work at points.

I'm good at what I do, and security happens to be one of my specialties.

Well then perhaps the better label would have been "complaining". Logistics like that are beyond the point, so let's just let it go.

That's great that your method works for you and that's great that you have good work experiences, but that doesn't mean your method is the best method. And I'm not saying your method is wrong either. Just that many times it's not the most efficient.

Consulting is my side project and since I'm a nerdy engineer, I did time studies on the PCs I cleaned up when I started with my first client. As I already said, lack of updates and crapware were the worst problems on top of the malware/infections. Cleaning it up manually and running Windows updater took double or triple the time of simply backing up files and reinstalling with an up-to-date Windows USB stick. Windows 7 is a lot quicker to update, but XP takes hours and hours and hours to run through some of those updates on a slow PC. The timing wasn't even close. It wasn't that I didn't know what I was doing. It's that scans, cleaning, and updating takes a lot of time. If you claim otherwise, you're lying.

But for a third time, the context here is what matters. If somebody gives me a PC that is simply a little slow, then a virus scan and a little tidying up is all it takes. If the PC is super slow, the desktop is hijacked, the task manager is blocked, safe mode is blocked, the internet redirects to ads, etc, then it's probably not worth the time trying to reverse the damage. Killing the infection and running a Windows repair takes too long and it's still just a band-aid. With a clean install, there is zero chance of the customer coming back to you and claiming the problem isn't solved and demanding "warranty" work.

Grand Master

+Warwagon MVC

Posted
  • MVC
Posted

Unless you personally inspect the code of every file and registry key on the computer after it was infected, you can't be 100% sure. You can be as sure as it's possible to be, but not 100%.

100% means that you personally verified that state of all registry entries and code of every file on the system, and then were able to determine that the malware had not has not under any shadow of a doubt modified any of them. 100% also means that you restored the system to a known good state using known clean media, such as an image (after nuking partitions) or reinstalling off a known good clean installation media.

hose can still be cleaned...but for those who aren't certain they are 100% capable of doing so the best option is to back up and do a low-level format as those can be nasty.
You want to spend your time not learning how to properly clean an infection...cool.

^I'm quoting Shane Nokes on both

Dude, you just got done telling us that you keep logs of every infection.

I also keep a log of all infections. If (and it's rare) I get someone in soon after a repair I show them the log of what was found on the machine, and what is now on the machine. I check the date on the infected files found for when they were first put on the machine and compare it to the date of service.

If the date is after the service I performed I fix the machine, and charge the customer again.

Why would you do that if you weren't 100% sure you got it the first time.

Veteran

Shane Nokes

Posted
Posted

Unless you personally inspect the code of every file and registry key on the computer after it was infected, you can't be 100% sure. You can be as sure as it's possible to be, but not 100%.

100% means that you personally verified that state of all registry entries and code of every file on the system, and then were able to determine that the malware had not has not under any shadow of a doubt modified any of them. 100% also means that you restored the system to a known good state using known clean media, such as an image (after nuking partitions) or reinstalling off a known good clean installation media.

Dude, you just got done telling us that you keep logs of every infection. Why would you do that if you weren't 100% sure you got it the first time.

I explained why I kept the logs. I kept the logs there for the folks that would try to come in and claim that I didn't clean the machines.

Sometimes I wonder why I bother actually typing out actual full posts since it seems people skim them for about 30% or less of the actual content... *sighs*

Also if you want to go that route...then you can't trust any machine that you do not sit in front of 24 hours a day, 7 days a week, 365 days a year...without any breaks.

After all when you walk away someone could sneak in your window, infect the machine, and then sneak back out...all without you knowing...

I mean come on...do we really have to go down the route of stupidity here?

You don't have to inspect the code of every single file...once you know what is infected you clean it up...then run the system file checker...it can tell you if any files do not match the values that are supposed to match.

Any changes in code would be picked up immediately.

Do folks really keep intending to argue with me on this? I mean it's fairly worthless to keep arguing with me on this...you won't win.

Yeah...not replying to anyone but the OP from here on out...the rest of the posts are just wasting my time... *sighs*

Grand Master

f0rk_b0mb

Posted
  • Author
Posted

Also if you want to go that route...then you can't trust any machine that you do not sit in front of 24 hours a day, 7 days a week, 365 days a year...without any breaks.

After all when you walk away someone could sneak in your window, infect the machine, and then sneak back out...all without you knowing...

You know, you could just set a password, encrypt your disk, close your windows, and lock your doors. :p

Veteran

Shane Nokes

Posted
Posted

You know, you could just set a password, encrypt your disk, close your windows, and lock your doors. :p

I couldn't be 100% certain that someone wasn't spying on me seeing what I typed or what the backup encryption code was that was spit out by Bitlocker.

They could all be watching right now :shiftyninja:

;)

Grand Master

+Warwagon MVC

Posted
  • MVC
Posted

If the date is after the service I performed I fix the machine, and charge the customer again.

I think you meant to say "When" instead of "IF", if is second guessing yourself. :)

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Meta is reusing old DDR4 RAM in its servers instead of buying new hardware

      By sava700 · Posted

      The fact that memory in general is so high I have to take a loan out to build a computer now is just beyond stupid. Who's really to blame here? Low supply or high demand?
    • Display Driver Uninstaller (DDU) 18.1.5.5

      By Copernic · Posted

      Display Driver Uninstaller (DDU) 18.1.5.5 by Razvan Serea Display Driver Uninstaller (DDU) is a utility for completely removing AMD/NVIDIA/INTEL graphics drivers and related packages from your system, attempting to eliminate all leftovers (including registry entries, folders and files, driver store). Though AMD/NVIDIA/INTEL drivers can usually be removed via the Windows Control Panel, this uninstaller tool was created for situations where standard uninstall fails, or when you need to fully remove NVIDIA or ATI graphics card drivers. After using this driver cleaner, your system will behave as though it’s the first time you’re installing a new driver—similar to a fresh Windows installation. As with all such tools, we recommend creating a restore point beforehand, allowing you to undo changes if issues arise. If you're having trouble installing an older or newer driver, try it—there are reports that it resolves such problems. Recommended usage: The tool can be used in Normal mode but for absolute stability when using DDU, Safemode is always the best. Make a backup or a system restore (but it should normally be pretty safe). It is best to exclude the DDU folder completely from any security software to avoid issues. You do NOT need to uninstall the driver prior using DDU. Requirements: .NET Framework 4.8 Compatible with Windows 7, 8, 8.1, 10, and 11 (32-bit or 64-bit) Note: Using on Insider Preview builds is at your own risk. Display Driver Uninstaller (DDU) 18.1.5.5 changelog: Added 'Reset to recommended' button for the Options. General fixes and improvements. Download: Display Driver Uninstaller (DDU) 18.1.5.5 | 1.7 MB (Freeware) Download: DDU Portable | 1.2 MB Links: Display Driver Uninstaller Home Page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • WACUP 1.99.51.24568 Preview

      By Copernic · Posted

      WACUP 1.99.51.24568 Preview by Razvan Serea WACUP (WinAmp Community Update Project) is a modern, enhanced version of the classic Winamp music player, designed for better stability, performance, and compatibility. Built for Windows, WACUP retains the familiar Winamp interface while adding 64-bit support, bug fixes, and new features like improved audio format support, customizable skins, and optimized playlist management. Unlike bloated alternatives, WACUP focuses on lightweight performance and regular updates, making it the best choice for fans of the classic Winamp experience. Basically, if you miss the good old days of Winamp and want a modern upgrade that doesn’t mess things up, WACUP is for you! WACUP key features: Classic Winamp Feel – Keeps the familiar interface and functionality. Bug Fixes & Stability – Fixes old Winamp issues and improves performance. 64-Bit Support – Works better on modern systems. More Formats & Plugins – Supports additional audio formats and third-party plugins. Customizable UI – Skins and tweaks for a personalized look. Better Library Management – Improved playlists, media organization, and search. No Bloat – Focuses on performance without unnecessary extras. Regular Updates – Community-driven development with new features and fixes. WACUP 1.99.51.24568 Preview changelog: Fixed a deadlock seen from the recent crash reports when doing some of the drag + drop actions within the media library window Fixed a loading crash seen related to a problem with some of the artwork cache image files being restored which should now be better handled allowing for the bad image to be removed without it failing Fixed a deadlock seen from the recent crash reports when the internal metadata cache clearing is triggered which could block the main ui thread for too long with this now being moved to a background thread Fixed some performance issues with some of the methods related to determining artwork support which mainly affected the local library import / refresh (this is still slower for some compared to other players because there's more data & artwork aspects being checked for which means doing more processing on a single file despite the best of attempts to reduce duplicate / heavy processing where possible) Fixed a crash with the JTFE based missing files hotkey which no one seems to have used for an age for this to appear (maybe it's time to seriously consider stripping out features that aren't being used) Fixed how some of the file types which use extra information to reference their sub-songs is handled which was preventing some from being correctly resolved back to their base file (noticed fixing above) Fixed an issue with the handling of files with underscores in their filepath which wasn't being correctly handled causing some of the filename to be lost when shown as the title if title reading is delayed Fixed a few things that might be behind NotSoDirect not being stable for some setups though am still not certain that the changes done for this are going to fully resolve the problem from the crash reports Fixed the OS toast handling when there's no prior shortcut in the OS start menu to now create the shortcut (needed to allow the yes/no buttons for the new build / post-release toast) to be done as a hidden one so it's less likely to cause annoyance for those not wanting to see it whilst still allowing this less than ideal OS api implementation requirement to be met to avoid toasts without the needed buttons Fixed a regression when moving from taglib1 to taglib2 which broke some of the handling in place to allow for external programs to still access files when wacup has a held open cached instance of the file Everything else Updated cppwinrt (gen_win10shell.dll) to 3.0.260520.1 (26 May 2026) Updated libcurl (libcurl.dll) to 8.2.1 (24 Jun 2026) Updated Monkey's Audio (in_ape.dll) to 13.15 (28 Jun 2026) Updated mpg123 (mpg123.dll) to 1.33.6 (6 Jun 2026) Updated OpenSSL (libcurl.dll) to 3.5.7 (9 Jun 2026) Updated pugixml to 1.16 (16 Jun 2026) Updated taglib (tag2.dll) to 2.3.0 (11 May 2026) Updated vgmstream (in_vgmstream.dll) to the latest Git commit from 28 Jun 2026 Download: WACUP 64-bit | 9.6 MB (Freeware) Download: WACUP 32-bit View: WACUP Website | Screenshots Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Dbrand thought they could get away with this Steam Machine case, Valve disagreed

      By Doli · Posted

      "over a thousand engineering hours" and started selling it but could not take a couple of minuets to send an AI email to ask permission. What an expensive lesson.
    • Can't access the forum on mobile

      By WITHOUT-ME · Posted

      just tested it yesterday, a simple page with autoloading ADS takes 60mb....just 1 page for 60 megabytes.   poor people with a limited internet never will visit neolose

  • Recent Achievements

    • Week One Done
      Collagen Project earned a badge
      Week One Done
    • Reacting Well
      Wakeen1966 earned a badge
      Reacting Well
    • Rookie
      Almohandis went up a rank
      Rookie
    • Apprentice
      jahara21 went up a rank
      Apprentice
    • Reacting Well
      NovaEdgeX earned a badge
      Reacting Well

  • Popular Contributors

    1. 1
      +primortal
      526
    2. 2
      +Edouard
      265
    3. 3
      PsYcHoKiLLa
      146
    4. 4
      Steven P.
      99
    5. 5
      macoman
      55
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!