Anybody getting come backs?

[Panama Red]

Am I the only one getting computers that I just cleaned coming back within a day or two with the same infection? I've had a rash of machines in the last week to 10 days that leave here clean and I get a call the next day claiming the same thing is back and "I haven't done anything or been anywhere on the internet". I end up cleaning them the second time for free and, just as always, I test the internet activity by browsing with their default browser to sites I commonly go to. I also do a google search for known malware solutions sites and use the google link to go there knowing that a browser hijacker will typically redirect away from that kind of site. I finally had one guy who admitted he went right back to a trivia site he "always goes to" and he immediately became reinfected. This is getting annoying!

[rjfvillarosa]

Any chance you can check the browser history before starting to clean the machine? You might find a common link.

[Panama Red]

Quote:

Originally Posted by rjfvillarosa Any chance you can check the browser history before starting to clean the machine? You might find a common link.

Excellent idea! I shoulda thought of that.

[rjfvillarosa]

I often wonder why you all see so many infected machines over that side of the pond, when I don't see that many this side....

[jdeb]

Double check the java versions and uninstall the non used one's. Additionally, not a bad idea to look for remnants of old anti-virus programs.

What anti-virus program did the one you are specifically talking about have installed?

Also, if they are java based virus' coupled with a 32bit version of Windows, you really can't do much but explain to them about clicking on popup's saying their pc is infected or has suspicious files and explain to them how their anti-virus program works.

I have had pretty good luck with MSE but there is not much you can do other than switch their anti-virus or move them into Linux.

Another program called Secunia can help as well. It provides security advisories and information about patches, and provides software for vulnerability management. I usually put it on computers where a lot of porn viewing is going on. http://secunia.com/

[Nuclear Krusader]

Disable System Restore.

[Petef56]

Quote:

Originally Posted by Panama Red Am I the only one getting computers that I just cleaned coming back within a day or two with the same infection? (

See my reply #16 in the thread below and the list of things I have learned to do after having "come backs". Two important issues come to mind. The Task Manager may be reinfecting the computer or there may be re-direction issues in the browser that lead the customer to the same sites of the original infection.
New Tools Needed After Cleaning Virus & Spyware

---pete---

[Petef56]

TDSSKILLER is an essential tool for ensuring there are no root-kits. I typically run it on my test computer while the customer's Hard Drive is either slaved via IDE connection or as a USB external drive.

The odd thing about TDSSKILLER is that it sometimes detects and cleans root kits on the customer's Hard Drive (connected as described above) and sometimes it misses them which is only evident when I run TDSSKILL on the customer's HD after it is "cleaned" and reinstalled in back in the customer's computer.

Lesson here is to always run TDSSKILLER while cleaning with a test computer and always run TDSSKILLER again after the HD is reinstalled in the customer's computer.

---pete---

[Panama Red]

I appreciate all the advice guys but maybe I didn't stick my tongue in my cheek far enough. I wasn't really asking for advice on HOW to clean a customer's computer. The question was "Are YOU getting any come backs?". The real issue as I see it is the outright lying of the customer who says, "I didn't even go anywhere and it came back." The only honest customer was the one who admitted that he saw the infection reappear after returning to THE SAME SITE he had been on when he was previously infected. I'm not claiming to be perfect but I've had a good handle on cleaning computers for the last 8 years. I keep stats on all the repairs I do. The clean and/or reformat column is right now at 821 with 3 more machines on the floor. This ain't my first rodeo either.

I think my buddy rjf picked up on my sarcasm with his suggestion of checking where the customers have been but I'm not into the detective thing. If they infer that I didn't get it clean the first time, I just do it again and smile. Pissing them off by proving they lied isn't going to get me any more referrals and that's where all my business comes from.

btw, I've added another tool to my arsenal of late. It's been talked about on PCM before but I seldom see anyone reference the AVG Rescue Disk. As long as you have an internet connection (not wireless), you can update the virus data base before doing a full system scan with this handy boot disk. I've had pc's that wouldn't "come clean" with the "normal" tools that AVG finds the extra crap and removes it.

Again, I mean no disrespect to all who offered suggestions. Your ideas are all solid. I'm just blowing off steam over the rash (4 actually) of folks who have the nerve to deny any wrong doing so they don't have to pay a second time. Funny how they don't have any further issues even tho I use the same techniques for the second disinfection.

You are dead on PR, they blew it, they know it but they also know you've gotta protect your reputation. Those folks are just going back to the same garbage web sites that brought them to your door in the first place.

[Nuclear Krusader]

We had a machine come back to-day after only about a week after we replaced the HDD and did a fresh install of Windows XP. Customer complaining that IE was extremely slow. As soon as my colleague opened IE he saw like 5 toolbars... little wonder.

This might be the customer's fault, but it might not. A good number of the essentials (and I am tempted to say pretty much all of them) nowadays come with these horrendous bars. Java is a good example: it now comes with the Ask.com toolbar, if you're not careful (most customers aren't, they just click away) you will end up installing it. Adobe products such as Flash and Acrobat Reader, come with 'freebies' from McAfee. Many other applications come with the Google toolbar and/or Chrome. One really has to watch out when installing stuff, even legitimate stuff.

And just when you think you've seen the worst, something tops it: now Asus loads their laptops with the Bing bar! And no, you cannot opt out: there's the checkbox during system preparation that says 'must accept in order to use the computer'. So far, we're still able to uninstall the stupid crapware after the OS is fully running, but I wonder if in the future we'll be able to do so.

[Petef56]

Quote:

Originally Posted by Panama Red I appreciate all the advice guys but maybe I didn't stick my tongue in my cheek far enough. I wasn't really asking for advice on HOW to clean a customer's computer. The question was "Are YOU getting any come backs?".

Yeah Panama, I didn't quite get your intention, but that's ok. Whenever I post I usually have in mind that many others besides the OP will be reading the thread and I try to present my message in a manner that would help everyone.

This issue brings to mind another idea I had recently. Tell me if you think this would be useful. Most AV programs contain logs that track the threats encountered and quarantined. They usually include DATE & TIME, the name of the file and the name or type of the threat. My idea is to also have the AV program record the URLs of any open browser tabs on the major Browsers and also record any open applications at the time of the threat encountered.

If we had that additional info, we could use it to show the customer which websites or programs were most likely responsible for bringing in the infection. How about that?

---pete---

[Panama Red]

That's a great idea, Pete. That info would allow me to answer the 2nd most frequent question I hear, "Where did it come from?" Wanna know the most often asked question? "How long are you going to have to have my computer?! I really need it bad!"

[Panama Red]

Quote:

Originally Posted by Nuclear Krusader We had a machine come back to-day after only about a week after we replaced the HDD and did a fresh install of Windows XP. Customer complaining that IE was extremely slow. As soon as my colleague opened IE he saw like 5 toolbars... little wonder. This might be the customer's fault, but it might not. A good number of the essentials (and I am tempted to say pretty much all of them) nowadays come with these horrendous bars. Java is a good example: it now comes with the Ask.com toolbar, if you're not careful (most customers aren't, they just click away) you will end up installing it. Adobe products such as Flash and Acrobat Reader, come with 'freebies' from McAfee. Many other applications come with the Google toolbar and/or Chrome. One really has to watch out when installing stuff, even legitimate stuff. And just when you think you've seen the worst, something tops it: now Asus loads their laptops with the Bing bar! And no, you cannot opt out: there's the checkbox during system preparation that says 'must accept in order to use the computer'. So far, we're still able to uninstall the stupid crapware after the OS is fully running, but I wonder if in the future we'll be able to do so.

Ack!! Toolbars!!! Hate the dang things. I'm amazed how folks can watch their screen size slowly disappear as they add these useless tool bars across the top of the page. Despite my warnings to uncheck the default boxes, the same folks have the same bars when the computer comes in for cleaning 6 months later.

[Nuclear Krusader]

I think it is our obligation as techs to warn them anent these bars and other crapware: forewarned is forearmed. And it works for us quite well too, if after being warned they come back with the same problem, then it's not our fault and we don't have to fix the PC for free: we charge them again. If they don't listen to us, then maybe they will to their wallet.

[rjfvillarosa]

Quote:

Originally Posted by Panama Red Ack!! Toolbars!!!

I call them "FoolBars" installed by fools and used by fools and no I will not repair a machine free of charge that is riddled with FoolBars......

[edfair]

My favorite was the guy who had about 1 1/2" of browser window left after all the toolbars were loaded. Really a job to browse any site.

It isn't a matter of fools, it is carelessness in watching what the installers are putting on the machine. There generally are defaults that can be overridden.

[glc]

Some people just can't say no. Other people are simply fixated on the "next" button.