RE: [H] Suggested tools for helping a friend with bad virusinfestation
On Fri, 10 Feb 2006, Mesdaq, Ali wrote: You are aware of the exploit on the GDI libraries right? Data files and what seems like datafiles are extremely common vectors of attack now. And please tell me your joking about virus scanning software actually being your testcase for success. Yes, I'm aware of the exploit in GDI libraries. I'm also aware that cleaning just the data instead of Data + Executables + DLL + Registry, etc, etc, which I can be more sure of. Thats the data only field. Christopher Fisk -- [watching a baseball game] Stewie Griffin: Why does that man drop his club before he runs? I would bring it with me.
RE: [H] Suggested tools for helping a friend with bad virusinfestation
At 06:47 PM 10/02/2006, Christopher Fisk wrote: On Fri, 10 Feb 2006, Thane Sherrington (S) wrote: At 04:04 PM 10/02/2006, Christopher Fisk wrote: Here is the thing, I do this for a living, and the never being defeated thing is fine, but when you spend 10 hours on something that you could have fixed in 3 or less with a reformat how happy #1 are you, and #2 is your customer when you bill them those 7 extra hours? I bill flat rate for virus removal, so they're never unhappy. They are unhappy with the place down the road that fixed their problem by reinstalling Windows and then left them with three days of work finding their CDs and reinstalling and configuring their programs. So you answered #2, how about #1? I haven't starved to death in the street yet, so I guess I'm still reasonably happy. :) And you sidestepped, we already assumed that you were doing the data and software reinstalls... So when you reinstall Windows, do you reinstall all their apps and transfer data as part of the regular job? If so, what sort of cost would I be looking at to bring in a computer and have Windows XP with three users and six apps and data restored? I'm just wondering if I'm charging way too little. Hell, if I can make more money and spend less on AV software and removal tools, then perhaps I'm insane to keep doing what I'm doing. T
RE: [H] Suggested tools for helping a friend with bad virusinfestation
At 06:56 AM 2/13/2006, Thane Sherrington (S) typed: So when you reinstall Windows, do you reinstall all their apps and transfer data as part of the regular job? Most mom/pop shops do NOT putting the onus on the owner to have sufficient backups when everyone knows that home lusers don't backup nearly enough. Heck even MSFT doesn't install a shortcut to ntbackup on the start menu XP Home does NOT have ASR [automatic system recovery] feature anyway so what good is it? If so, what sort of cost would I be looking at to bring in a computer and have Windows XP with three users and six apps and data restored? I'm just wondering if I'm charging way too little. You probably are. There is a shop here in this little town that sells systems without AV software knowing that the client is going on the internet as a nOOb so they know that they'll get the machine back. They'll do a re-install for $50 but the client loses everything from Internet setup, email, pics of the grandkids etc. but what do they care? Another shop charged a chiropractor $250 to cleanup Happy99 by doing a wipe re-install without telling him that he was going to lose all his data then sent the laptop back at 640x480 when the native res was 800x600 so it looked like crap. He took the laptop back they soaked him for another $200 still gave the machine at 640x480. While bidding on a small 5 workstation network for him he asked me if I could fix his laptop display while he ran out to get the snail mail coffee. He thought he was testing me. I had it fixed before he was out of the driveway but he didn't believe me until he saw it for himself and when he did he asked me how much I wanted for the network job [I should've upped my price right there] then he wrote me a check on the spot. I told him I could've fixed Happy99 for $50 he wouldn't have lost all his data nor would the screen have gotten messed up. In this little college town with 4 or 5 mom/pop shops you'd think that I wouldn't have anything to do yet I get calls everyday if the people that call can't give a reference from a previous client then I refuse to do business with them. FWIW I don't advertise in the Yellow Pages I don't even list Svenska Computing in the white pages but the calls still keep coming in. Darned word of mouth anyway. ;-) So while in a few rare cases a wipe re-install is necessary it certainly is NOT req'd in all cases. I never charge more than $200 USD to cleanup a system even if that means doing a wipe re-install but I also re-install as many of the apps as I can salvaging as much of their data as I can but only after I try to clean the sucker as thoroughly as I can. This is what I would do for my own machine(s) [even tho I don't surf the shady sites have more than 1 backup] therefore I believe the clients deserve the same treatment. Heck the reason I developed XpPe was so I could clean up NTFS systems but why would I bother do that if I was going to take the wipe re-install route every time? There are bugs that shut down AV apps websites that I can cleanup in 5 min with my XpPe disk that I could never clean on the system otherwise without having to pull the HD put it in another system on the bench. ---+-- a Windows Xp based Diagnostic Recovery CD http://www.xppe.com/
RE: [H] Suggested tools for helping a friend with bad virusinfestation
Well part of my job duties is to collect and research malware. I would always highly recommend to reinstall. When a virus is installed on your system and its ran as administrator you have just as much control over your system as the virus does. Virus can install a rootkit to patch your operating system so that you don't see its network traffic, filesystem activity, kernel operations, and registry activity. It could even patch the OS so that any tools you use will not display proper output. Now in these cases yes its possible to clean your system but is it worth the several days of research you need to do before your totally sure its removed? I would say no to most people but if your in the field or you're a researcher like Mark Russonovich from sysinternals then yes its worth it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thane Sherrington (S) Sent: Friday, February 10, 2006 11:46 AM To: The Hardware List Subject: RE: [H] Suggested tools for helping a friend with bad virusinfestation At 03:20 PM 10/02/2006, Mesdaq, Ali wrote: Honestly just reformat. If you were to try to clean it you would need to be versed in rootkit detection and other kernel level skills to even be remotely able to clean out a partially sophisticated virus. Its just totally not worth it then you never have the peace of mind you got rid of all of them. Man, I'm shocked at the surrender attitude coming from this list. Removing viruses and spyware is possible, and really isn't much more time consuming than a reinstall, and is much less time consuming than a reinstall plus software install plus configuration plus data recovery. (Especially since data back without virus scan makes the reinstall questionable as viruses can hide in apparent data files. T
RE: [H] Suggested tools for helping a friend with bad virusinfestation
It takes more time, but because I see sport in this I NEVER, EVER format and reinstall in any situation like this. I have never been defeated, ever, either :) It's a new learning experience each time and the best way to keep up with filthware and their removal procedures. From: Thane Sherrington (S) [EMAIL PROTECTED] Reply-To: The Hardware List hardware@hardwaregroup.com To: The Hardware List hardware@hardwaregroup.com Subject: RE: [H] Suggested tools for helping a friend with bad virusinfestation Date: Fri, 10 Feb 2006 15:46:19 -0400 At 03:20 PM 10/02/2006, Mesdaq, Ali wrote: Honestly just reformat. If you were to try to clean it you would need to be versed in rootkit detection and other kernel level skills to even be remotely able to clean out a partially sophisticated virus. Its just totally not worth it then you never have the peace of mind you got rid of all of them. Man, I'm shocked at the surrender attitude coming from this list. Removing viruses and spyware is possible, and really isn't much more time consuming than a reinstall, and is much less time consuming than a reinstall plus software install plus configuration plus data recovery. (Especially since data back without virus scan makes the reinstall questionable as viruses can hide in apparent data files. T
RE: [H] Suggested tools for helping a friend with bad virusinfestation
At 03:46 PM 10/02/2006, Mesdaq, Ali wrote: your system as the virus does. Virus can install a rootkit to patch your operating system so that you don't see its network traffic, filesystem activity, kernel operations, and registry activity. It could even patch the OS so that any tools you use will not display proper output. Now in I know all that. I remove rootkits fairly often, actually. If you scan properly, and use the right tools, it isn't a couple of days of work, it's a couple of hours. T
RE: [H] Suggested tools for helping a friend with bad virusinfestation
On Fri, 10 Feb 2006, Hayes Elkins wrote: It takes more time, but because I see sport in this I NEVER, EVER format and reinstall in any situation like this. I have never been defeated, ever, either :) It's a new learning experience each time and the best way to keep up with filthware and their removal procedures. Here is the thing, I do this for a living, and the never being defeated thing is fine, but when you spend 10 hours on something that you could have fixed in 3 or less with a reformat how happy #1 are you, and #2 is your customer when you bill them those 7 extra hours? You may think it's giving up, I think it's smart business. Christopher Fisk -- I can't remember any specific books. George W. Bush, August 26, 1999 The candidate's answer when asked by an elementary school student to name his favorite book as a child. Reported by the Associated Press.
Re: [H] Suggested tools for helping a friend with bad virusinfestation
Overconfidence will be your Achilles heel T, mark my words. Thane Sherrington (S) wrote: At 03:46 PM 10/02/2006, Mesdaq, Ali wrote: your system as the virus does. Virus can install a rootkit to patch your operating system so that you don't see its network traffic, filesystem activity, kernel operations, and registry activity. It could even patch the OS so that any tools you use will not display proper output. Now in I know all that. I remove rootkits fairly often, actually. If you scan properly, and use the right tools, it isn't a couple of days of work, it's a couple of hours. T
RE: [H] Suggested tools for helping a friend with bad virusinfestation
At 03:56 PM 10/02/2006, Hayes Elkins wrote: It takes more time, but because I see sport in this I NEVER, EVER format and reinstall in any situation like this. I have never been defeated, ever, either :) It's a new learning experience each time and the best way to keep up with filthware and their removal procedures. I'm glad there are some who refuse to bow down to those who prey on computer users. T
Re: [H] Suggested tools for helping a friend with bad virusinfestation
At 04:10 PM 10/02/2006, warpmedia wrote: Overconfidence will be your Achilles heel T, mark my words. It's either doing it right or giving up and joining the rest of the wannabes. Anyone can reinstall Windows, and if that's the only solution, all the repair shops better close and let the friends/brother in laws and teenagers handle virus repair. And it ain't overconfidence when you do a thorough job. T
RE: [H] Suggested tools for helping a friend with bad virusinfestation
At 04:04 PM 10/02/2006, Christopher Fisk wrote: Here is the thing, I do this for a living, and the never being defeated thing is fine, but when you spend 10 hours on something that you could have fixed in 3 or less with a reformat how happy #1 are you, and #2 is your customer when you bill them those 7 extra hours? I bill flat rate for virus removal, so they're never unhappy. They are unhappy with the place down the road that fixed their problem by reinstalling Windows and then left them with three days of work finding their CDs and reinstalling and configuring their programs. T
Re: [H] Suggested tools for helping a friend with bad virusinfestation
- Original Message - From: Christopher Fisk [EMAIL PROTECTED] To: The Hardware List hardware@hardwaregroup.com Sent: Friday, February 10, 2006 3:27 PM Subject: RE: [H] Suggested tools for helping a friend with bad virusinfestation Because data is data, it's not executed, it's not stored in registry, it's much easier to verify with virus scanning software. When was the last time you saw a tiff file with a virus? Now with external hard drives handy here is how I do it. I back up the data to my external hard drive. I then hook my external hard drive to my shop computer and scan the data for viruses while I am installing Windows on the freshly formatted hard drive on my customer's computer. Then when I copy the data back, I know it is clean. As far as I am concerned, doing major repairs on Windows went out the door along with the solder gun that was used to repair circuit boards. Even in million dollar electronic machines, it is more preferred to spend ten thousand dollars on a new circuit board than to have somebody use a solder iron on trying to fix a circuit board. Chuck
Re: [H] Suggested tools for helping a friend with bad virusinfestation
- Original Message - From: Thane Sherrington (S) [EMAIL PROTECTED] To: The Hardware List hardware@hardwaregroup.com Sent: Friday, February 10, 2006 3:47 PM Subject: Re: [H] Suggested tools for helping a friend with bad virusinfestation It's either doing it right or giving up and joining the rest of the wannabes. Anyone can reinstall Windows, and if that's the only solution, all the repair shops better close and let the True, the guy down the street who knows all about computers can reinstall Windows. Not only do I do a clean install, (I have the media and I do not run the name brand restore process) I install the proper drivers, also. Then I do the full update along with many tweaks. Overall the job takes about 4 hours when you figure in intake time etc. and the time it takes to do the job right. The many tweaks I keep as my secret. Chuck
Re: [H] Suggested tools for helping a friend with bad virusinfestation
- Original Message - From: Thane Sherrington (S) [EMAIL PROTECTED] To: The Hardware List hardware@hardwaregroup.com Sent: Friday, February 10, 2006 3:48 PM Subject: RE: [H] Suggested tools for helping a friend with bad virusinfestation I bill flat rate for virus removal, so they're never unhappy. They are unhappy with the place down the road that fixed their problem by reinstalling Windows and then left them with three days of work finding their CDs and reinstalling and configuring their programs. I wonder how many will agree that after a year or two a format and reinstall job is needed anyway to get rid of the crud. In most situations that crud is the name brand install process. I do a clean install. I know it runs far better after I finish than it did when it came out of the box. That makes the format job worthwhile. I wish somebody would benchmark my work. Take any computer out of its box and benchmark it. Let me to my thing and then benchmark it again. It will yield far better results. Chuck
Re: [H] Suggested tools for helping a friend with bad virusinfestation
I have had several that wound up being a reinstall after many hours of *trying* to fix. The key is to have the wisdom to know the difference, sometimes I am just stubborn. fp At 02:12 PM 2/10/2006, [EMAIL PROTECTED] Poked the stick with: - Original Message - From: Christopher Fisk [EMAIL PROTECTED] To: The Hardware List hardware@hardwaregroup.com Sent: Friday, February 10, 2006 3:27 PM Subject: RE: [H] Suggested tools for helping a friend with bad virusinfestation Because data is data, it's not executed, it's not stored in registry, it's much easier to verify with virus scanning software. When was the last time you saw a tiff file with a virus? Now with external hard drives handy here is how I do it. I back up the data to my external hard drive. I then hook my external hard drive to my shop computer and scan the data for viruses while I am installing Windows on the freshly formatted hard drive on my customer's computer. Then when I copy the data back, I know it is clean. As far as I am concerned, doing major repairs on Windows went out the door along with the solder gun that was used to repair circuit boards. Even in million dollar electronic machines, it is more preferred to spend ten thousand dollars on a new circuit board than to have somebody use a solder iron on trying to fix a circuit board. Chuck -- Tallyho ! ]:8) Taglines below ! -- Why don't dogs get boogers ?
Re: [H] Suggested tools for helping a friend with bad virusinfestation
oh, and just a note, not everyone can install configure windows properly! =) Thane Sherrington (S) wrote: At 04:10 PM 10/02/2006, warpmedia wrote: Overconfidence will be your Achilles heel T, mark my words. It's either doing it right or giving up and joining the rest of the wannabes. Anyone can reinstall Windows, and if that's the only solution, all the repair shops better close and let the friends/brother in laws and teenagers handle virus repair. And it ain't overconfidence when you do a thorough job. T
Re: [H] Suggested tools for helping a friend with bad virusinfestation
Reinstalls are cake and take less time if you use unattended installs. I have a default universal XP DVD (with SP2 and all updates from microsoftupdate already integrated) that I can install from boot DVD or push off the network that is completely unattended from partitioning, key coding, domain joining, desktop settings - AND will install office 2k3 plus tons of other applications/settings and has practically every current driver for almost all current hardware. Thanks to the community at msfn.org I no longer have any need for expensive imaging software. Symantec can kiss my sweet ass with their ghost licensing fees. The unattended install is much better because it is NOT an image and will install on different hardware. For more info on how to do this shit all for FREE and ditch ghost/builder/drive image check out these links: http://unattended.msfn.org/unattended.xp/ - Main guide http://www.ryanvm.net/msfn/ - guy who makes an up-to-date update pack to integrate in a windows XP SP2 installation image, plus pre-made switchless installers of many popular applications that will install via the RunOnceEx.cmd of your Windows XP CD http://www.ryanvm.net/forum/viewtopic.php?t=67 - guide to make your own switchless installer executable of practically any application http://www.driverpacks.net/ - guy who makes driver packs for almost all current hardware and a program to easily integrate these drivers into your XP install CD. Updated constantly with the latest drivers. That all being said - I still prefer removal of filthware rather than reformatting and enjoy learning more about these critters. I work in a corporate environment where I do not encounter critters hardly ever (due to default users inability to do any damage) as opposed to those of you who mainly work on home-user pc's - so when the opportunity arises I don't mind taking a couple of hours to work on an infected PC. I'd like to put all the hours of reading I do a week on new threats to good use. From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED],The Hardware List hardware@hardwaregroup.com To: The Hardware List hardware@hardwaregroup.com Subject: Re: [H] Suggested tools for helping a friend with bad virusinfestation Date: Fri, 10 Feb 2006 16:15:55 -0500 - Original Message - From: Thane Sherrington (S) [EMAIL PROTECTED] To: The Hardware List hardware@hardwaregroup.com Sent: Friday, February 10, 2006 3:47 PM Subject: Re: [H] Suggested tools for helping a friend with bad virusinfestation It's either doing it right or giving up and joining the rest of the wannabes. Anyone can reinstall Windows, and if that's the only solution, all the repair shops better close and let the True, the guy down the street who knows all about computers can reinstall Windows. Not only do I do a clean install, (I have the media and I do not run the name brand restore process) I install the proper drivers, also. Then I do the full update along with many tweaks. Overall the job takes about 4 hours when you figure in intake time etc. and the time it takes to do the job right. The many tweaks I keep as my secret. Chuck
RE: [H] Suggested tools for helping a friend with bad virusinfestation
On Fri, 10 Feb 2006, Thane Sherrington (S) wrote: At 04:04 PM 10/02/2006, Christopher Fisk wrote: Here is the thing, I do this for a living, and the never being defeated thing is fine, but when you spend 10 hours on something that you could have fixed in 3 or less with a reformat how happy #1 are you, and #2 is your customer when you bill them those 7 extra hours? I bill flat rate for virus removal, so they're never unhappy. They are unhappy with the place down the road that fixed their problem by reinstalling Windows and then left them with three days of work finding their CDs and reinstalling and configuring their programs. So you answered #2, how about #1? =) And you sidestepped, we already assumed that you were doing the data and software reinstalls... Christopher Fisk -- BOFH Excuse #166: /pub/lunch
RE: [H] Suggested tools for helping a friend with bad virusinfestation
Real rootkits are not as easy as you think. There are basic ones that are user land and those are just hooks into certain dll's and do some basic injecting. Good kernel level rootkits can undo anything you try to do. I mean you need to be pretty well versed in things like softice to really really know if you got rid of all the kernel level rootkits. Just using a software and scanning isn't very proper. How do you know you removed it? Because a software tool told you there isn't one installed? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thane Sherrington (S) Sent: Friday, February 10, 2006 12:04 PM To: The Hardware List Subject: RE: [H] Suggested tools for helping a friend with bad virusinfestation At 03:46 PM 10/02/2006, Mesdaq, Ali wrote: your system as the virus does. Virus can install a rootkit to patch your operating system so that you don't see its network traffic, filesystem activity, kernel operations, and registry activity. It could even patch the OS so that any tools you use will not display proper output. Now in I know all that. I remove rootkits fairly often, actually. If you scan properly, and use the right tools, it isn't a couple of days of work, it's a couple of hours. T
RE: [H] Suggested tools for helping a friend with bad virusinfestation
You are aware of the exploit on the GDI libraries right? Data files and what seems like datafiles are extremely common vectors of attack now. And please tell me your joking about virus scanning software actually being your testcase for success. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher Fisk Sent: Friday, February 10, 2006 12:28 PM To: The Hardware List Subject: RE: [H] Suggested tools for helping a friend with bad virusinfestation On Fri, 10 Feb 2006, Thane Sherrington (S) wrote: At 04:00 PM 10/02/2006, Christopher Fisk wrote: In a business environment, yeah, removal is fine, but as a favor for someone, go the full reinstall route IMO, it's more sure thing, less gambling on how long it's going to take, and you leave knowing they at least have a backup from that day in case there is a disaster after that. Plus, you can sit down and watch TV while the thing is running the reinstall. But if you agree that the removal route isn't safe, then how can you guarantee the data? Because data is data, it's not executed, it's not stored in registry, it's much easier to verify with virus scanning software. When was the last time you saw a tiff file with a virus? Christopher Fisk -- Pop a Poppler in your mouth When you come to Fishy Joe's What they're made of is a mystery Where they come from no one knows You can pick 'em you can lick 'em you can chew 'em you can stick 'em If you promise not to sue us you can shove one up your nose.