85 replies to this topic 1 votes

[+sc302]

ShiZZa, on 20 November 2012 - 19:23, said:

Personally if you don't know what to do and you have to question yourself you might not want to take someones personals things and do the work.

.

[Tyler R.]

ShiZZa, on 20 November 2012 - 19:23, said:

Personally if you don't know what to do and you have to question yourself you might not want to take someones personals things and do the work.

I do this all the time. It just with this laptop, it one thing after another. All the other computers before was just a simple malware bytes and it's gone. Again, I'll post some screenshots tonight or tomorrow of the infection.

[Shane Nokes]

Tyler R., on 20 November 2012 - 19:31, said:

I do this all the time. It just with this laptop, it one thing after another. Again, I'll post some screenshots tonight or tomorrow of the infection.

I'm very interested to see what comes up.

[Tyler R.]

What the fu** man. The "antivirus" program she was useing is this. I bet it works really well. /s I got past the FBI Screen tho.

http://www.2-viruses...protection-2012

http://support.kaspe...e?qid=208286236

[Astra.Xtreme]

Shane Nokes, on 20 November 2012 - 19:25, said:

So saying that I'm baffled and stepping back because I don't want to **** people off is flipping out?

Man I'd hate to see what you'd call someone actually flipping out.

You can try to tell me the same thing over and over again...and it doesn't change what I've been doing for years...without an issue.

The way I do things is the reason why I've worked for the government, and why places like MS have me consult on things and even contract my work at points.

I'm good at what I do, and security happens to be one of my specialties.

Well then perhaps the better label would have been "complaining". Logistics like that are beyond the point, so let's just let it go.

That's great that your method works for you and that's great that you have good work experiences, but that doesn't mean your method is the best method. And I'm not saying your method is wrong either. Just that many times it's not the most efficient.

Consulting is my side project and since I'm a nerdy engineer, I did time studies on the PCs I cleaned up when I started with my first client. As I already said, lack of updates and crapware were the worst problems on top of the malware/infections. Cleaning it up manually and running Windows updater took double or triple the time of simply backing up files and reinstalling with an up-to-date Windows USB stick. Windows 7 is a lot quicker to update, but XP takes hours and hours and hours to run through some of those updates on a slow PC. The timing wasn't even close. It wasn't that I didn't know what I was doing. It's that scans, cleaning, and updating takes a lot of time. If you claim otherwise, you're lying.

But for a third time, the context here is what matters. If somebody gives me a PC that is simply a little slow, then a virus scan and a little tidying up is all it takes. If the PC is super slow, the desktop is hijacked, the task manager is blocked, safe mode is blocked, the internet redirects to ads, etc, then it's probably not worth the time trying to reverse the damage. Killing the infection and running a Windows repair takes too long and it's still just a band-aid. With a clean install, there is zero chance of the customer coming back to you and claiming the problem isn't solved and demanding "warranty" work.

[warwagon]

Unless you personally inspect the code of every file and registry key on the computer after it was infected, you can't be 100% sure. You can be as sure as it's possible to be, but not 100%.

100% means that you personally verified that state of all registry entries and code of every file on the system, and then were able to determine that the malware had not has not under any shadow of a doubt modified any of them. 100% also means that you restored the system to a known good state using known clean media, such as an image (after nuking partitions) or reinstalling off a known good clean installation media.

Quote

hose can still be cleaned...but for those who aren't certain they are 100% capable of doing so the best option is to back up and do a low-level format as those can be nasty.

Quote

You want to spend your time not learning how to properly clean an infection...cool.

^I'm quoting Shane Nokes on both

Dude, you just got done telling us that you keep logs of every infection.

Quote

I also keep a log of all infections. If (and it's rare) I get someone in soon after a repair I show them the log of what was found on the machine, and what is now on the machine. I check the date on the infected files found for when they were first put on the machine and compare it to the date of service.

If the date is after the service I performed I fix the machine, and charge the customer again.

Why would you do that if you weren't 100% sure you got it the first time.

[Shane Nokes]

warwagon, on 20 November 2012 - 19:56, said:

Unless you personally inspect the code of every file and registry key on the computer after it was infected, you can't be 100% sure. You can be as sure as it's possible to be, but not 100%.

100% means that you personally verified that state of all registry entries and code of every file on the system, and then were able to determine that the malware had not has not under any shadow of a doubt modified any of them. 100% also means that you restored the system to a known good state using known clean media, such as an image (after nuking partitions) or reinstalling off a known good clean installation media.




Dude, you just got done telling us that you keep logs of every infection. Why would you do that if you weren't 100% sure you got it the first time.

I explained why I kept the logs. I kept the logs there for the folks that would try to come in and claim that I didn't clean the machines.

Sometimes I wonder why I bother actually typing out actual full posts since it seems people skim them for about 30% or less of the actual content... *sighs*


Also if you want to go that route...then you can't trust any machine that you do not sit in front of 24 hours a day, 7 days a week, 365 days a year...without any breaks.

After all when you walk away someone could sneak in your window, infect the machine, and then sneak back out...all without you knowing...

I mean come on...do we really have to go down the route of stupidity here?



You don't have to inspect the code of every single file...once you know what is infected you clean it up...then run the system file checker...it can tell you if any files do not match the values that are supposed to match.

Any changes in code would be picked up immediately.


Do folks really keep intending to argue with me on this? I mean it's fairly worthless to keep arguing with me on this...you won't win.



Yeah...not replying to anyone but the OP from here on out...the rest of the posts are just wasting my time... *sighs*

[Tyler R.]

Shane Nokes, on 20 November 2012 - 20:22, said:

Also if you want to go that route...then you can't trust any machine that you do not sit in front of 24 hours a day, 7 days a week, 365 days a year...without any breaks.
After all when you walk away someone could sneak in your window, infect the machine, and then sneak back out...all without you knowing...

You know, you could just set a password, encrypt your disk, close your windows, and lock your doors.

[Shane Nokes]

Tyler R., on 20 November 2012 - 20:24, said:

You know, you could just set a password, encrypt your disk, close your windows, and lock your doors.

I couldn't be 100% certain that someone wasn't spying on me seeing what I typed or what the backup encryption code was that was spit out by Bitlocker.

They could all be watching right now

[warwagon]

Shane Nokes, on 20 November 2012 - 18:27, said:

If the date is after the service I performed I fix the machine, and charge the customer again.

I think you meant to say "When" instead of "IF", if is second guessing yourself.

[Shane Nokes]

warwagon, on 20 November 2012 - 20:28, said:

I think you meant to say "When" instead of "IF", if is second guessing yourself.

You're treading on ignore territory at this point...seriously the trolling isn't cute.

I'd rather not go that route in your case.