PDA

View Full Version : Is there a point where you think its just not worth trying?


Sevdog
02-09-2009, 02:55 AM
I'm wondering if there is a point where you think it is just not worth trying to remove all of the malware and just opt for a fresh OS install right of the bat. I recently looked at a PC that would not boot. I used the UBCD to boot and scan the drive with a few tools and it came up with a ridiculous number of critical results. After working on this for quite awhile I finally got the drive to where it would boot up and it had 3 users on it. Based on all of the folders Program Files they had all obviously fallen for every "Your PC is Infected" scam in existance and had tons of toolbars on top of that. Would you bother taking the time to clean up a system loaded with such a multitude of crap or just recommend new install?

gunslinger
02-09-2009, 03:09 AM
I can tell with most systems in about 20 mins. On the first scan if It has something like 500 bits of malware and 5-6 viruses forget it. You might remove the malware and viruses bit most likely the system will never really be the same. If a computer will take more than 2-3 hours just to remove the infections I'll back up and reinstall.

abe
02-09-2009, 03:20 AM
hi'

It takes some time for me to tell what i'm gonna do, but usually its the client who asks to do the reformat, however if i see its bad and they dont like the idea of a reformat (i.e. no os install media) i give them my price to clean the current os, and they either take it or leave it.

Abe

p.s. have a guy coming in tommorow with the 3rd different laptop in 2 months, i dont know what thus guy does and its not my buisness to poke around in his history, but no amount of warnings seems to help.

MSgherzi
02-09-2009, 06:38 AM
I agree with gunslinger. If I come up with a good amount of viruses and spyware, I just format the machine and forget about it. There's only so much you can do with a machine that has a bunch of garbage like that on it since it probably would be running extraordinarily slow.

lawson_jl
02-11-2009, 04:07 AM
My rule of thumb is if I can boot an infected system into safe mode and run Combofix or SmitFraudFix it can be followed up by SUPERAntiSpyware or Malwarebytes in normal mode and the small random things can be fixed up pretty easy. All in all a 2 hour job with me actually in front of the computer for about 30 minutes or so of that. If the computer is still un useable in safe mode and Combofix and SmithFraudFix don't run I call it a reinstall. I hate to reinstalls though since most people (in fact I've never had someone) don't have back ups and something always gets lost. Some random program someone uses stores data in a hidden folder in the programs files or user documents and settings so I don't find it and people get mad. I do always call the client before formating a hard drive and tell them that while I take every precaution I can't know everything and something may slip threw.

robrich22
02-11-2009, 12:20 PM
If I absolutely can't get it fixed after about 2 hrs, then I'll start thinking about a format. Well I guess its hard to say, sometimes I'v formatted after a few minutes, other times I worked for like 4 hours before formatting. I guess it depends on what kind of information they have on the PC. If there is alot of financial stuff, quickbooks, etc.. I try my best not to have to format. But if there isn't much on the HD, I think that steers me more towards formatting.

Next time I have to do a complete format, I was thinking about shrinking the main volume and creating a 2nd partition. Copy all the files to the secondary partition and then re-installing the OS. So that way if I did forget to backup any essential data, it will still be accessible.

Flyingbull
02-11-2009, 12:39 PM
It is all about context, or more specifically, circumstances. Your goal when dealing with a clientís computer isnít always about speed, but of after service satisfaction. If they have a lot of data on there (as in cannot be replaced or restored), then you find a way to either move it off to a separate system, or you send the time to get it done. Circumstances dictate your range of choices, and having a hard fast rule, isnít always the way to conduct business. Iím not saying you canít do a risk analysis, and say to them: Look you donít have any data on here (or I can just pull the data out of here) and format from scratch, it will take about an hour (or so depending on how lucky/unlucky) to do that, but I can rescue the system, and that can and probably will take 4 hours or more. Give them the choice, even it is unappetizing to you.

nelsonm
02-11-2009, 05:48 PM
Its always tough to know what course of action is best and how much time to devote to one machine until you have already spent some time diagnosing the problem. But time and experience as well as taking the experience of others can help build procedures that will allow you to predict most correct courses of action and how much time to spend on them.

The fact is that you are running a business and you must treat it as a business. You want to provide service but you also have to make money to make a living and for your business to grow. You can't treat the business like a starving artist - just doing it for the love of it.

There has to be a balance between service and revenue. Spending too much time on service at the expense of revenue is just a path to a slow death. You don't want to find yourself one day looking back and saying "we bent over backwards providing great service and trying to satisfying the customer, so why am i out of business?". Your customers will be wondering the same thing too!

When business is slow and there is no backlog, you can afford to spend more time on one machine and even experiment with new and different repair/removal techniques and chalk it up as R&D. But when you have a backlog, you simply can not afford to spend all of your time on one machine. As long as parts are not required or not required to be shipped, I typically return a machine within 24 to 48 hours. Thats when you need to have a plan/process/procedure in place for servicing machines.

Don't get me wrong, sometimes disinfecting a machine can turn into a quest to slay the dragon! There is a great sense of satisfaction when the last monster has been stabbed through the heart. However, and obviously, the more machines you can fix and get out the door per day, the more money you make.

Though we are a small business, we try to maximize revenue while maintaining quality of service by having a multitasking process in place.

1. We currently have 6 service stations in place and we try to keep them all occupied.

2. We expect each in-shop tech to be able to service a minimum of 3 machines at the same time.

3. When a machine is assigned a station, the tech sets up and initiates a backup of the system drive onto our backup server then moves on to the next station. This affords us the opportunity - if needed - to change gears without shooting ourselves in the foot with respect to restoring the clients system, factory image or data.

4. Priority is given to setting up and initiating any required processes on machines that will take a while to complete but require periodic interaction.

(while our techs are knowledgable and we have an arsenal of diagnostic and repair apps and scripts on the server - that we got off the net btw - we still utilize the experience of expert and enthusiastic people on the net to help solve problems. It's a tremendous resource! I can't tell you enough how much time and money we have saved utilizing it.)

5. Every type of repair has a procedure. The tech round robins the stations applying and checking off each step of the repair process noting any unexpected problem or issue that needs to be resolved until a machine is repaired or has exceeded the normal amount of repair time.

6. If a machine is kicking the techs' butt, It's removed from the station for review and the next available machine is put on the station for repair. We don't want to slow down the repair queue any more than necessary. Once the issue with the problem machine has resolved and repair can continue, the machine goes to the head of the queue and waits for the next available station. In cases where the repair is going to take longer than what the customer expects, the customer is informed.

7. Once a machine has been dubbed repaired, our quality assurance tech, usually performed by the same or a free tech, performs a quick system check to insure the machine has been fixed before it leaves the station.

8. The process repeats with step 3.

nonchalant
02-11-2009, 08:19 PM
I'm wondering if there is a point where you think it is just not worth trying to remove all of the malware and just opt for a fresh OS install right of the bat.

Yes, more so these days. Its a case of spending 2-3 hours trying to clean the PC and if that doesnt work having to format & backup which means another 2-3 hrs. I usually make a decision within the first 20 mins or so as to which way Im going to go with a PC. It may be nice for a customer to get their PC back repaired with all their shortcuts etc still on the desktop but just as important is my time.

Majestic
02-12-2009, 03:45 AM
I'm wondering if there is a point where you think it is just not worth trying to remove all of the malware and just opt for a fresh OS install right of the bat. I recently looked at a PC that would not boot. I used the UBCD to boot and scan the drive with a few tools and it came up with a ridiculous number of critical results. After working on this for quite awhile I finally got the drive to where it would boot up and it had 3 users on it. Based on all of the folders Program Files they had all obviously fallen for every "Your PC is Infected" scam in existance and had tons of toolbars on top of that. Would you bother taking the time to clean up a system loaded with such a multitude of crap or just recommend new install?

heh I just went through a PAINFUL lesson. I charged 6 hours for 16 hours of work. Why? Because I was trying to be a hero. I had a client whom had 2 of his computers infected with everything from w32.Virut to Antivirus 2009, to multiple variants of MANY trojans not to mention a few Rootkits. Everytime I thought I had it beat there would be something new that came up. I did everything possible from running Malwarebytes anti-malware in safe mode to combofix, smitfraudfix, ccleaner to clean all temp files (before), hijackthis, unhackme...I turned off the system restore, ran a full system virus scan.. you name it.

After all was said and done and I thought it was fine... suddenly the antivirus went nuts with many new trojan variants.

Anyway I took one of the clients machines home while I did a fresh install on the other computer and made it remotely accessible.

So still trying to be a hero I tried to rescue the machine.. but get this I finally reinstall everything fresh... Install the apps.. One reboot.. BOOM! Rootkit back etc.. get this.. It INFECTED MY USB KEY!!! (fok!!) And then it spread like wildfire. Now I had to not only clean my key but reinitiate a new (2nd) fresh install.

In the end I installed all apps over the network and had to reformat my key then copy back what I needed (pain in the ass).

What I should have done was reinstall after 2.5 hours realizing it would take that much longer. But this is how we learn!

Majestic

l337
02-12-2009, 04:09 AM
hi'

It takes some time for me to tell what i'm gonna do, but usually its the client who asks to do the reformat, however if i see its bad and they dont like the idea of a reformat (i.e. no os install media) i give them my price to clean the current os, and they either take it or leave it.

Abe

p.s. have a guy coming in tommorow with the 3rd different laptop in 2 months, i dont know what thus guy does and its not my buisness to poke around in his history, but no amount of warnings seems to help.

maybe this guy has his laptops networked and by cleaning 1 hes taking them home and soon as he plugs it back into the network it could get reinfected

and as for not worth trying i think its a see as you go kinda thing unless the customer species they want a reformat

Tiddle
02-12-2009, 12:11 PM
hi'

It takes some time for me to tell what i'm gonna do, but usually its the client who asks to do the reformat, however if i see its bad and they dont like the idea of a reformat (i.e. no os install media) i give them my price to clean the current os, and they either take it or leave it.

Abe

p.s. have a guy coming in tommorow with the 3rd different laptop in 2 months, i dont know what thus guy does and its not my buisness to poke around in his history, but no amount of warnings seems to help.
What do u mean he comes in with a diff laptop?
do they all have the same infection?

maybe hes stealing them or something

abe
02-12-2009, 03:11 PM
na, i know his computers he has a toshiba his wife a dell and now he got himself a netbook, these are the same ones he brings in for upgrades so i dont think they are stolen, i talked him into imaging the drives and restoring every few months, he agreed since it will be cheaper for him and less downtime.

He dosn't use them for buisness, only for checking email and watching movies, so imaging a clean install with all the codecs, media players, java, activex,... is even better then a reinstall since its ready to use as soon as he picks it up.

Abe

arrow_runner
02-12-2009, 05:38 PM
I'm just curious, what's your rate and method for going about selling an individual that type of service?

usacvlr
02-12-2009, 05:45 PM
Speed... I have too many systems to spend more than 2 hours max on any one system. You have to draw the line somewhere. If the system comes in at the right time and I'm in between things or I can do the virus removal as I'm doing other things fine but if it becomes a headache then it's just as bad as a time waster standing in the shop trying to suck info out of your brain. It's just not worth it.

It is all about context, or more specifically, circumstances. Your goal when dealing with a clientís computer isnít always about speed, but of after service satisfaction. ...

Sevdog
02-15-2009, 02:09 PM
Thanks for all the replies. Lots of good advice. I think it is easier to make a quicker decision to a format if you know what kind of user your client is. This one used the PC mostly for internet (as do a LOT of people out there) and did not have a lot of programs installed other than what came with the computer and did not have many personal files to backup. Just a couple of songs and a few pictures. Easy format in this case especially with the amount of viruses, etc.

usacvlr
02-16-2009, 05:43 PM
Only good thing about AOL is that it stores their mail online and not locally.

Felix
04-08-2009, 01:20 PM
Great advice!

Now I feel more confident that just because I have to reformat doesn't mean I'm a bad tech. It just means I can't spend 8 hours fixing one machine!