I have a customer that is getting infected once a month, what should I tell them

the first time, we ran all the malware removal tools and the computer was working great.

second time, we wiped it clean due to the fact the OS was bombing out on startup

third time, i suggested them to run their AV and call me back if it does not fix it, well i got a call

what should i tell them or do?

I have try to sell them AV and they are like well my son likes free avg and antivir

I have tried to sell them superantispyware, just got a no thanks


Thanks
Richie

Stop visiting dodge websites and opening emails from people not known to them :p Seriously though, you need to determine where they are getting the viruses from, prevention is better than cure as they say ;)

Point out to them that their son obviously isn't a computer tech and what he likes obviously isn't working or they wouldn't be seeing you so much. I've ran into my son/brother-in-law that know computers says thing more then a time or too. I've even gotten so annoyed with people second guessing me like that I've said if your son/brother-in-law is so go you should take it to them and let them fix it.

You should do as TazUK suggests and try to figure out how they are getting infected likely the same "computer wiz' son I would guess. Once you do that you can tell the customer what's going on.

Just remember if you do sell them an AV such as NOD32 and they get infected again they are going to blame you. "You told me this would protect me and I got infected again." If you know how they are getting infected at least you can tell them it's cause someone keeps visiting "gay teens daily."

What kind of infections have they been having that alone is typically a good indicator of the vector.

look for file sharing & porn.

educate them

Configure open DNS

I'd recommend 2 separate users for daily (1 for the kid, one for the parents) both non-admin and an admin account for installing software.

Try blink from eeye great stuff.
pro http://www.eeye.com/html/products/blink/download/index.html
free http://free-antivirus.eeye.com/

this will help

I bet someone is either on porn or warez. Install OpenDNS on their machine as a service so it's undetectable to the average user.

yea your kind of fighting a uphill battle here, your best bet is a DNS like has been suggested before.

Actually your best is to try and get away from this client, this has chronic all over it.

Actually your best is to try and get away from this client, this has chronic all over it.

+1

Tell them this will only keep happening and you will have to charge them the full rate each time. If they dont like that, walk away from them. If you are being sympathetic and charging less each time or spending too much time trying to get a handle on this, its just wasting your time. Little Johnny is probably surfing porn all night and he isnt going to stop no matter what you do to that computer.

Actually your best is to try and get away from this client, this has chronic all over it.

+2. I've had friends in the past whose kids could get any machine infected within a matter of hours. They brought it to me a few times because it kept getting infected + the friend factor. I tried telling them countless times and set the kids accounts to standard. They kept changing the accounts back and kept up with old habits, then just kept bringing their machines back to me whenever they were hosed up again. The reason being was they were friends and I wouldn't charge them much. But they refused to change their habits or lock down their kids and just figured they'd keep bringing it to me until I put the brakes on that situation telling them in short that if they are not going to listen, they are wasting my time and patience. So now they are someone else's problem.

Is it XP or Vista? Vista has a really good content filter. If it's XP, suggest something like Netnanny. Make sure their firewall is enabled. I would put something like AVG Internet Security. Setup CCleaner to run daily on the temp files. Remove admin rights form the kids profiles. That should work for starters.

I think we are missing something. Open DNS only filters content if you have registered with them. You can still get to all the porn, filesharing, wazes, etc with open DNS installed.

But again it's not your issue if they aren't willing to learn a little they shouldn't be using a computer.

Education and better tools to prevent the infection.

Another antivirus is not the answer. One of these may be. Set him up with www.sandboxie.com (http://www.sandboxie.com/) or Windows Steady State (http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx) or Virtual Box (http://www.virtualbox.org/). Those will keep threats from being able to infect the system in the first place. These systems give the programs a virtual place to play, but keep them from affecting the real programs and OS.

www.mywot.com is an excellent tool to add on to IE or Firefox. It will warn them when attempting to visit sites that other WOT users have marked as bad.

Also, OpenDNS.com will block known phishing sites by just using their DNS servers. If you wish to block categories like porn, filesharing, specific domains, etc, you do need to signup for the free account.

-- Patrick B.

I use hosts file from biss it prevents infection from bad sites and is customer proof most have no idea what a hosts file is.

http://www.bluetack.co.uk/forums/index.php?autocom=faq&CODE=02&qid=16

I use hosts file from biss ...

I tried blocking bad websites with extensive lists of addresses in the hosts file. That technique works well to block the sites; however, once you have 10's of thousands of entries in the hosts file, you have to disable the DNS Client on the machine. [See http://www.mvps.org/winhelp2002/hosts.htm#Note]. That means that no prior lookup is cached, so every item on every webpage and every email send/receive and every instant messenger contact and Skype contact and torrent contact and ... must contact the DNS server. That's not so bad if you run your own DNS server, but could be a real drag on the Internet if many people increased their DNS queries 100 fold or 100,000 fold. The DNS Client caches those query results and prevents the need to constantly query the DNS server for the same addresses.

Much more Internet-friendly and as effective would be to load your own DNS server with a block list or to let www.opendns.com (http://www.opendns.com) do it for you. With OpenDNS, you never have to update your hosts file and it remains nearly empty.

Similarly, I quit using the "Global" immunization feature in Spybot Search and Destroy. It also adds thousands of entries to the hosts file. I do use the rest of its immuniation feature.

-- Patrick B.

thank you all good idea, I will talking to the customer again.

My billing person (aka my wife) bills everyone so no gets a discount, lol, i am the weak one

I will suggest webfiltering, and different user accounts

Thanks again

My wife agrees with most of you, we would get away from this customer, this is the only virus/malware customer we have ever come back over and over with the same issue. he kid plays i don't do anything to the computer dad, the virus was already on there, lol

Ive said it before... AVAST... I put it on one of my business clients office PC because when he isnt running his shop he is using Limewire. He was getting viruses all the time and I did charge him regular for each occurrence. Well I finally got him to get the AVAST and register it. Its free and catches the things he runs into. Now if its Antivirus 2009 or its variants, Avast is of no help there once infected, but its pretty good at getting everything else. AV2009 gets detected and deleted, but keeps coming back. For that I used Malwarebytes on a variant successfully. I can infect a test PC and test to see how Malwarebytes does with AV2009 though.

Also I think I remember seeing a product here that copies the OS so during restart you get a cleaned OS again. I saw it here today. Its called "Returnil", I haven't tested it yet though, but the reviews here look good

Maybe they've got some USB flash drives around that are infected. I usually clean PCs and all writeable media and explain how to check on CD/DVDs (disable autorun and scan them all).

Or maybe your client is using warez, I had a client who used a cracked version of Photoshop over and over again... :(