Go Back   Technibble Forums > General Computers > General Computer Chit-Chat

  Technibble Sponsor

Reply
 
Thread Tools Display Modes
  #1  
Old 10-14-2011, 04:12 PM
Encrypted Existence Encrypted Existence is offline
 
Join Date: Aug 2011
Posts: 1,239
Encrypted Existence is on a distinguished road
Default Prospective customer attempts to pry for info

Hello all. I had a guy call me today and explain to me that he was infected with the trojan "bamital n". He proceeded to tell me that he had ran several anti-malware scans on his computer...they would identify the trojan...but it kept coming back. Long story short he asked me to do some "research" and then call him back. Right away I was suspicious. I did a bit of googling on the trojan and called him back. What's funny is this guy actually asked me in a round about way what I use! Needless to say I did not tell him. I responded with "I have some very advanced tools for this sort of thing" or something to that nature...not exactly sure what I said. I am fairly sure this is a common thing as I have seen other people post about it on TN. I was thinking it would be nice to come up with a default answer to give people when it becomes apparent to me that they are simply trying to use me for info. Any suggestions? What do you do if/when this type of situation occurs? Thanks.
Reply With Quote
  #2  
Old 10-14-2011, 04:21 PM
FoolishTech's Avatar
FoolishTech FoolishTech is offline
 
Join Date: Aug 2010
Location: Manteo, NC (USA)
Posts: 2,757
FoolishTech is a jewel in the roughFoolishTech is a jewel in the roughFoolishTech is a jewel in the rough
Default

Quote:
Originally Posted by degresh View Post
Hello all. I had a guy call me today and explain to me that he was infected with the trojan "bamital n". He proceeded to tell me that he had ran several anti-malware scans on his computer...they would identify the trojan...but it kept coming back. Long story short he asked me to do some "research" and then call him back. Right away I was suspicious. I did a bit of googling on the trojan and called him back. What's funny is this guy actually asked me in a round about way what I use! Needless to say I did not tell him. I responded with "I have some very advanced tools for this sort of thing" or something to that nature...not exactly sure what I said. I am fairly sure this is a common thing as I have seen other people post about it on TN. I was thinking it would be nice to come up with a default answer to give people when it becomes apparent to me that they are simply trying to use me for info. Any suggestions? What do you do if/when this type of situation occurs? Thanks.
I tell people a little bit of the truth: I use a custom application that I personally wrote to assist me in the manual removal of malware. My techs say that "we" use a custom application that "we" have designed in-house.

Granted that wouldn't work for everyone :P but if you do use D7, feel free to say that "we" (the royal "we") use a custom designed application that assists us in manual removal of said viruses/malware.

When/if client asks about the custom app, I say it is designed for experienced technicians to assist in manual removal, hence it isn't a "scanner" in the traditional sense and would do you no good without a highly technical background...

Now I used to just say I do the majority of the removal manually, following up with those scanner apps (that your customer may or may not be familiar with) to cleanup the leftovers. I'll explain if I have to why the majority of the scanner tools are ineffective without some prior manual intervention.
__________________


Author of d7 & d7II, and TONS of other FREE PC technician's tools. www.FoolishIT.com

Author of CryptoPrevent - Crypto/Malware prevention for any OS.

Latest free tool: dBug - Neutralize malware preventing you from running removal tools.

NEW d7II single technician pricing!

Last edited by FoolishTech; 10-14-2011 at 04:24 PM.
Reply With Quote
  #3  
Old 10-14-2011, 04:27 PM
PaulRome's Avatar
PaulRome PaulRome is offline
 
Join Date: Apr 2011
Location: Chicago
Posts: 303
PaulRome is an unknown quantity at this point
Default

Tell them i do it manually, cause scanners are ineffective.

Best of luck
Reply With Quote
  #4  
Old 10-14-2011, 04:29 PM
phaZed's Avatar
phaZed phaZed is online now
 
Join Date: Nov 2010
Location: Richmond, VA
Posts: 1,746
phaZed is a jewel in the roughphaZed is a jewel in the roughphaZed is a jewel in the rough
Default

I tell them the truth... There is no way of diagnosing the problem over the phone. Just because you have XYZ virus doesn't mean there isn't something else such as an exploit delivery package hiding on the system, and there moat likely is; most infections don't usually apply themselves in one step, but are built on exploit upon exploit. We have advanced removal tools specifically for this type of scenario, however, even automated tools may fail to remove all threats, in which case we have the knowledge and experience to remove them manually. When would you like to come by the shop?

That's how I handle it.
__________________

Aaron Heidlebaugh
Computer Technician / Owner
www.AaronsPCSupport.com
804-307-4465 (Call or Text)
Laptop LCD repair | DC Power Jack Repair | Virus Removal
Desktop Repair | Hardware | Software | Troubleshooting
Reply With Quote
  #5  
Old 10-14-2011, 04:45 PM
RichmondTech's Avatar
RichmondTech RichmondTech is offline
 
Join Date: May 2011
Location: Richmond, VA
Posts: 925
RichmondTech will become famous soon enough
Default

Quote:
Originally Posted by phaZed View Post
I tell them the truth... There is no way of diagnosing the problem over the phone. Just because you have XYZ virus doesn't mean there isn't something else such as an exploit delivery package hiding on the system, and there moat likely is; most infections don't usually apply themselves in one step, but are built on exploit upon exploit. We have advanced removal tools specifically for this type of scenario, however, even automated tools may fail to remove all threats, in which case we have the knowledge and experience to remove them manually. When would you like to come by the shop?

That's how I handle it.
Exactly. There's no one size fits all solution. A tool you use in one scenario may not be effective in another. You need to look at the machine to determine what tools you need. That expertise is what people pay for.
Reply With Quote
  #6  
Old 10-14-2011, 05:27 PM
Encrypted Existence Encrypted Existence is offline
 
Join Date: Aug 2011
Posts: 1,239
Encrypted Existence is on a distinguished road
Default

Quote:
Originally Posted by phaZed View Post
most infections don't usually apply themselves in one step, but are built on exploit upon exploit. We have advanced removal tools specifically for this type of scenario, however, even automated tools may fail to remove all threats, in which case we have the knowledge and experience to remove them manually.

That's how I handle it.
Well said. Thanks for the input. Truth is I don't want to assume someone is fishing for info and end up being a jerk...but I also don't want to spend my valuable time on the phone with someone who has no intentions of using my services in the first place. I will use something along the lines of what's quoted above to cut straight to the point. Much appreciated.
Reply With Quote
  #7  
Old 10-14-2011, 06:32 PM
Cornerstone Technologies Cornerstone Technologies is offline
 
Join Date: Feb 2011
Location: Indiana Pa
Posts: 960
Cornerstone Technologies will become famous soon enough
Send a message via Yahoo to Cornerstone Technologies
Default

These are those time wasters we all dread. I think you handled it just fine actually. No need to get rude, just adamant about not disclosing free help. As time goes on, you will develop a pretty accurate ability to detect these kinds of calls earlier and earlier. The knowledge is applicable to telemarketers and the like too.

I think your title of this thread is optimistic. There is no potential in these kinds of people.

Last edited by Cornerstone Technologies; 10-14-2011 at 06:35 PM.
Reply With Quote
  #8  
Old 10-14-2011, 07:09 PM
NETWizz NETWizz is offline
 
Join Date: Jan 2008
Posts: 1,421
NETWizz has a spectacular aura aboutNETWizz has a spectacular aura about
Default

I have always told them the truth... Then I tell them that tools like HiJackThis & AutoRuns in the wrong hands can cause more problems than they fix.
Reply With Quote
  #9  
Old 10-15-2011, 06:18 AM
Appleby's Avatar
Appleby Appleby is offline
 
Join Date: Jan 2010
Location: Texas
Posts: 1,290
Appleby is on a distinguished road
Default

Agree with all the advice given. When I'm in this situation, I don't even do any research. I just tell them I will be glad to do a virus removal for them and my fee is $XX. If they ask how or what I will use to remove it, I tell them I have alot of professional tools I use, plus alot of manual removal. End of story. If they persist, I tell them that I can't explain manual removal to them because it takes years of experience and learning. I'm not rude, but I make it pretty clear that I'm not going to tell him to download XYZ and it will fix his problem.

I don't have this issue much but when it does, it doesn't really matter what you tell them because these type of people are doing exactly what you think they are....fishing for free advice.
__________________
Simply let your 'Yes' be 'Yes,' and your 'No,' 'No'; anything beyond this comes from the evil one. - Matthew 5:37
Reply With Quote
  #10  
Old 10-15-2011, 12:53 PM
1aComputerServices's Avatar
1aComputerServices 1aComputerServices is offline
 
Join Date: Jul 2009
Location: MD
Posts: 239
1aComputerServices is an unknown quantity at this point
Default

I use classified software and processes to remove your malware infection. If I tell you about them I will have to kill you.
__________________
1A Computer Services Inc
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 07:24 AM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.