PDA

View Full Version : correct answer for customer on "How did I get that virus?"


netxm
02-20-2009, 04:19 AM
Almost every time I do a clean up, customers ask me "How did I get that virus?, I have good antivirus, which you recommended" (which is AVG), I don't like to tell them words like don't visit porno sites or don't download illegal music.
What do you do in situations like this? I apologize if this question already has been posted here (I did search and didn't find)

abe
02-20-2009, 04:32 AM
i know its difficult to say that to their faces, but you could say something like " these are the sites in your history ...." or "this file detected by spybot is called ...." "was installed at 10:53 at that time someone on this computer was viewing xyz.info" but the truth is you gotta learn to say it to their faces. They will probably deny it, but at least they will know the truth.

Abe

Bryce W
02-20-2009, 04:43 AM
I get asked this all the time and these are my answers.

If the issue was something like Antivirus2009:

"You were probably surfing a website and had an error message pop up saying your computer is infected with a million viruses, press OK to fix this. It will probably look very legitimate too and often hard to get rid of on the screen. If this happens in the future, just close the browser completey and reopen it. Never ever click OK to these things as thats how you get infected"

If the issue is an email virus:
"You most likely opened an email attachment. Sometimes you'll get a random email from someone you dont know but it will try and get you to open it. They are usually very unspecific like "Here are the files you asked for". If you open them you'll most likely get infected.

The worst kind are the ones you get from your friends. Lets say my computer got infected, these viruses will send a copy of itself to everyone on my address book. Now, lets say your on my address book and you get a copy. You see the email is from me, you know me and trust me so you open the email attachment and get infected yourself. THEN it sends a copy of itself to everyone on YOUR address book. Your friends get it, they know you and trust you.. and the cycle continues"

If the issue is just adware:
"You most likely installed some software that came with it. It can be in the form of free screensavers, free toolbars, free smileys or you may have even installed some other free software like Limeware, Bearshare etc.. In most cases, while installing these it'll say somewhere that its going to install this junk. Read it very carefully or just avoid them completely."

netxm
02-20-2009, 05:00 AM
usualy I tell them "none of Antiviruses will protect you if you're using harmful websites, or filesharing", or "Antivirus efective only on 80%".... something like that

14049752
02-20-2009, 05:20 AM
I usually say something to the effect of "It's hard to determine exactly where the problem came from, but..." (and then a concise version of what Bryce said.)

MLCS
02-20-2009, 10:15 AM
I'm the same as Bryce as well. Mentioning "Porn Sites" is a big no-no in my opinion. Because you can't be 100% sure that's where it came from to begin with, and if it didn't come from a porn site, you're now getting some younger sons in trouble, keeping a mother up at nights, or getting a husband in trouble (that husband may be the guy signing your checks btw) for no reason.

I usually tell them that these viruses can come from anywhere. I will bring up file sharing as one of the possible infectors, but if I mention sites at all it's a round about way like "harmful websites" or "websites with unknown integrity". You don't have to go into specific detail, and I don't think you should unless they really push you on the EXACT location it came from.

Majestic
02-20-2009, 09:01 PM
Almost every time I do a clean up, customers ask me "How did I get that virus?, I have good antivirus, which you recommended" (which is AVG), I don't like to tell them words like don't visit porno sites or don't download illegal music.
What do you do in situations like this? I apologize if this question already has been posted here (I did search and didn't find)

Usually I tell them it's impossible to know exactly how they got the virus. I continue to say how they could have got infected through a greeting card email, a malicious website, or simply opening a program sent to them in email when they didn't know who was the author.

As for recommendations.... I have been SO disappointed with AVG. These days I recommend VIPRE or Antivir.

Majestic

nonchalant
02-20-2009, 09:23 PM
I agree with Majestic. Its impossible to tell a customer HOW they got infected.

I recall some years ago downloading a program from download.com which turned out to contain a virus. So I say something along the lines of "you can be as careful as you like but no matter what you do, no matter what programs you run, as long as you use the 'net you run the risk of becoming infected". I leave it at that.

netxm
02-20-2009, 09:26 PM
and how about when customer mentions that I sold them an Antivirus, which has to protect them from malware and now they got infected and pay me for clean up. Sometimes people think if they have AV they can do whatever they want and nothing will infect them. Or sometimes I have situation: 1-2 days (or even hours) after clean up, customer calls and say that pop ups or warnings are back. (I'm sure it was clean, before I left) When I go back there (internet history is empty, limewire is installed) and try to explain that I'm not guarantee that you will get virus again, I do just a clean up. They are frustrated.

Majestic
02-20-2009, 09:48 PM
and how about when customer mentions that I sold them an Antivirus, which has to protect them from malware and now they got infected and pay me for clean up. Sometimes people think if they have AV they can do whatever they want and nothing will infect them. Or sometimes I have situation: 1-2 days (or even hours) after clean up, customer calls and say that pop ups or warnings are back. (I'm sure it was clean, before I left) When I go back there (internet history is empty, limewire is installed) and try to explain that I'm not guarantee that you will get virus again, I do just a clean up. They are frustrated.

heh I come across this sometimes. I tell the customer how no matter what antivirus they have there are programmers out there that are genius and they fool even the best protection. Unfortunately, that's the reality today. That said, I DO give them a 1 month guarantee. If they get re-infected within that time span I'll re-clean up their computer for free.

I had an issue once where I cleaned the computer and spent 3 hours (it was really nasty ). They called me back 2 weeks later.. I guess I didn't completely kill it all. I went there for another 3 hours and this time it really was out. That's part of business. That's life.

Majestic

nonchalant
02-20-2009, 10:29 PM
heh I come across this sometimes. I tell the customer how no matter what antivirus they have there are programmers out there that are genius and they fool even the best protection.

Indeed. In fact many of these low-lifes test their viruses and malware (particularly against the more well known antivirus programs out there) before they release them, to ensure they are not detected.

And if you know where to go you can find online 'supermarkets' where you can buy a virus or spyware for $30. If you want a virus that is totally unique it will cost another $5. Viruses today are 'big business'.

bmetman
02-21-2009, 11:00 PM
And if you know where to go you can find online 'supermarkets' where you can buy a virus or spyware for $30. If you want a virus that is totally unique it will cost another $5. Viruses today are 'big business'.

Nonchalant you are correct. I came across alot of these studying for the security plus exam. Some sites even sell virus writing kits with a gui. You just choose what you want the virus to do and it will write it for you. It's bad enough we have to deal with the actual virus writers but the existence of these types of tools and sites leave it wide open for millions of script kiddies. Don't get me wrong, I do make money from there efforts but it does get frustrating. Just venting a little.

Methical
02-21-2009, 11:11 PM
I have the security plus exam up next, can't wait. Should be a good read. Security is a big issue these days, and alot of money can be spent settin' up a good secure system. Money for my pocket :D

Comtech Solutions
02-22-2009, 06:56 AM
Almost every time I do a clean up, customers ask me "How did I get that virus?, I have good antivirus, which you recommended" (which is AVG), I don't like to tell them words like don't visit porno sites or don't download illegal music.
What do you do in situations like this? I apologize if this question already has been posted here (I did search and didn't find)

My best answer:

Even the very best AV program can not predict what new stuff the bad guys will think up in the future. AntiVirus programs are reactive, not predictive.

That's why a 30 day guarantee doesn't make sense. Perhaps a guarantee against currently existing viruses for 30 days would make more sense.

7leaves
02-22-2009, 08:00 AM
HaHaHaHaHaHaHaHaHaHa!

I Enjoy Technibble.

ASDCR
03-03-2009, 03:58 AM
here's what i tell ppl


a few months back a company called me in - they couldn't send email

turns out - they were SLAMMED w/ trojans/antivirus2008/etc/etc


they were a major spam source

and they had gotten blacklisted



when you're blacklisted, you've gotta ask "pretty pretty please" to be allowed back to the table with all the good kids

the main company for blacklists (that all the major email companies outsource to) is CBL - Composite Blocking List



as you might imagine, they have a little procedure for all the legitimate (and unwitting) companies who just got slammed w/ viruses, are now suffering the consequences, and want back into the greater internet's good graces

here (http://cbl.abuseat.org/checkploit.html)'s their stock answer to everyone



here's the relevant portion i point out to my clients...

The track record of current/popular Anti-Virus software at finding current and severe threats is terrible. In fact, recent studies have shown that "new" threats are only caught by any of 35 of the most common A-V packages 23% of the time, and that only improves to 50% after a month. In other words, if you were running all of those 35 A-V products at once, a new threat would be caught only 23% of the time by any of them.



did you get that??

*ALL* of the anti-virus products... PUT TOGETHER... will catch any random virus TWENTY-THREE PERCENT OF THE TIME!!

and YOU only have ONE a/v on your computer

what do you think YOUR odds are??




so see... this company's BUSINESS is to deal w/ ppl/companies on the receiving end of these viruses - they're getting hammered - ya think they know what theyr'e talking about?

yep - me too




anyway.. that's what *I* tell them!

happy hunting!

Spiderz
03-05-2009, 01:20 AM
You have a lot good replies on what to say but i have success saying to the user what they are is asking is the same as if you asked your doctor "how did i get this flu?" There are many many ways of getting the flu and no amount of medicine can stop you from getting sick forever and ever. The best way is to practice good habits so when or if you get sick you recover faster.

then you can go into and say good habits to go on the internet avoid opening attachments you are unsure of, etc, etc, alot of what people already said.

then be honest saying no antivirus is 100% but you would be alot worse without one. hope this helps

Jager
03-05-2009, 02:30 PM
and how about when customer mentions that I sold them an Antivirus, which has to protect them from malware and now they got infected and pay me for clean up. Sometimes people think if they have AV they can do whatever they want and nothing will infect them. Or sometimes I have situation: 1-2 days (or even hours) after clean up, customer calls and say that pop ups or warnings are back. (I'm sure it was clean, before I left) When I go back there (internet history is empty, limewire is installed) and try to explain that I'm not guarantee that you will get virus again, I do just a clean up. They are frustrated.

Nothing is 100% beyond avoiding the source. You can take every precaution you like, but there's always a chance of infection. It's kind of like pregnancy that way...

nonchalant
03-05-2009, 09:37 PM
Even the very best AV program can not predict what new stuff the bad guys will think up in the future. AntiVirus programs are reactive, not predictive.


Thats another good point I mention if the customer seems insistent that they are doing all the right things (ie not opening suspicious emails, etc). There is always a time gap between when a new virus is released to it being officially recognised, to new definition files being released to identify the new virus. Then theres the variations of a virus that are released once definition files have been updated. Its a constant game of 'cat & mouse'.

Antivirus programs are mainly reactive not proactive. Its impossible for them to predict what virus is coming out tomorrow. IMO heuristics is 'proactive' to a degree but its success is limited.