Malware issues

[dee001]

Hello, I have a customer that running windows 10 pro that keeps getting infected with malware the past few weeks normally I just run Malwarebytes a few days in a row and call it a day, but this customer is real concern and knows enough to be dangerous. What do you guys do with a customer like this to calm the concerns they wanted me to look into each infected file and give them some documentation on what that type of malware and what or if any damage has been done..... Any suggestions or thoughts on issues like this?

 

[Sky-Knight]

Honestly, fire the client. I refuse to work for people like that these days. If they know that much, they can do the Googling themselves. Worse, their habits are the source of the infection, and no matter what AV you install, it's never going to be enough.

Though I suppose I might print the scan report to see if that's enough first... but really, this sort of thing indicates a not only a fundamental issue on the customer's situation, but also points out a lack of trust in your service. Without that trust, how far can you really go?

 

[Slaters Kustum Machines]

• What AV are they running?
• Where are they getting the malware?
• What browser are they using?
• Do they have uBlock Origin installed?
• Is the OS and 3rd party software fully updated?
• Is there any DNS filtering being done?

 

[Markverhyden]

I wouldn't fire them unless they are wanting all this work done as "warranty" from a previous repair. But it they keep getting infected then I'd be concerned about a root kit. So nuke and pave would be in order.

 

[Sky-Knight]

Hmm... no you're right a nuke and pave might just be the best path forward. If the lack of trust is in the machine, that's the only way to get it back.

 

[dee001]

• What AV are they running?
• Where are they getting the malware?
• What browser are they using?
• Do they have uBlock Origin installed?
• Is the OS and 3rd party software fully updated?
• Is there any DNS filtering being done?

They are running kaspersky antivirus, not totally sure where they are getting infected from, Chrome, No uBlock installed, I just updated windows the other day while I was at their desk the person cuts their computer off every night so not getting updates, No DNS filtering being done. This is a small office that really won't commit to too much of my labor time so I have to limit my time labor.

 

[dee001]

I wouldn't fire them unless they are wanting all this work done as "warranty" from a previous repair. But if they keep getting infected then I'd be concerned about a rootkit. So nuke and pave would be in order.

Not sure if I am getting old but the thought of backing up and reloading this system would be a nightmare especially on site. Do you guys take customer system off-site for a job like this or just plan a few hours at a customer site. And I can hear them not having any passwords, not being able to find their software..... any tips on this LOL

 

[Porthos]

I have a customer that running windows 10 pro that keeps getting infected with malware the past few weeks

This is a small office that really won't commit to too much of my labor time so I have to limit my time labor.

A client I would not want to be sure.

 

[dee001]

Hmm... no you're right a nuke and pave might just be the best path forward. If the lack of trust is in the machine, that's the only way to get it back.

Yeah but concerned about the time it would take sitting onsite doing this job but it may just have to be done

 

[GreyWolf]

Check the chrome extensions to see what your getting also which malware is it? knowing what the infection is can pin point the location start of the mess.

10 to 1 in my book check the emails .pdf.exe type files or something similar, also check to see if kaspersky antivirus is the free version or bought one and check to see if the darn thing is legit.

As for nuke and pave if this client is iffy on payments check logs on the pc heck if it's a logged user profile accounts.microsoft.com and check the privacy logs I'm sure your doing your job fine it's who ever that is 13 inches from the screen that seems to be the issue.

 

[Porthos]

Not sure if I am getting old but the thought of backing up and reloading this system would be a nightmare especially on site. Do you guys take customer system off-site for a job like this or just plan a few hours at a customer site. And I can hear them not having any passwords, not being able to find their software..... any tips on this LOL

Irrelevant since they don't seem to want to spend any money anyway.

But either way sounds like the users are there worst enemy as usual.

 

[GreyWolf]

Heck considering your fear of passwords just doing anything remotely as a malware scan and it finds one in the setups all passwords will be history anyways so unless you have tools (nirsoft comes to mind) to get all the passwords out of chrome I'd get them to sign one heck of a waiver

 

[Markverhyden]

Not sure if I am getting old but the thought of backing up and reloading this system would be a nightmare especially on site. Do you guys take customer system off-site for a job like this or just plan a few hours at a customer site. And I can hear them not having any passwords, not being able to find their software..... any tips on this LOL

Nothing like that is ever done onsite, at least as far as what I do. Pickup and drop off, flat rate.

The reason for me mentioning that is it becomes a customer relations matter when the problem doesn't seem to go away. Word of that can spread. So nuke and pave is starting with a tabula rasa. I'd take the time to do everything properly. Browser anti-spyware addons, DNS, and a proper AV subscription. As in no free AV. My preference is for Bitdefender. There are various methods to harvest passwords stored in browsers. Of course software disks are always an issue so you'll have to do an inventory.

And what ever is backed up make sure to scan it with a couple of different solutions. Nothing worse than their favorite solitaire app they download being the vector.

 

[dee001]

Nothing like that is ever done onsite, at least as far as what I do. Pickup and drop off, flat rate.

The reason for me mentioning that is it becomes a customer relations matter when the problem doesn't seem to go away. Word of that can spread. So nuke and pave is starting with a tabula rasa. I'd take the time to do everything properly. Browser anti-spyware addons, DNS, and a proper AV subscription. As in no free AV. My preference is for Bitdefender. There are various methods to harvest passwords stored in browsers. Of course software disks are always an issue so you'll have to do an inventory.

And what ever is backed up make sure to scan it with a couple of different solutions. Nothing worse than their favorite solitaire app they download being the vector.

I use D7/ instant housecall and I can recover the passwords from chrome but they have a lot of small proprietary apps require passwords, I have done an upgrade system for one of the users and they had to have both systems at their desk for a few days as we got our hands on everything to reload and setup. With you Bitdefender do you do any monitoring or ??

 

[GreyWolf]

Press 3 and hold...

If too many in house software's and no one has the passwords but really if you cleaned the PC and you rebooted several times and re scanned nothing showed up on your side what was run? I've seen excel being a nice player in trashing a PC or ask for their USB keys scan those... external hdd it's great rebuilding a machine when there is no choice but I hate repetitive work so if you can figure out what they are not telling you may make your life more tollerable.

 

[Markverhyden]

Lifeboat is my partner for GZ but they have a minimum of 3 seats. So for singles I just point them to BD website to buy. It's not worth the effort plus I'm getting my hourly while I'm doing the install and checking things.

 

[Diggs]

My preference is for Bitdefender.

A word of caution on Bitdefender's SOHO package. It immediately shuts down peer-to-peer networking/file sharing and buries the correct settings four levels deep in menus. It's crazy stupid that a product aimed at SOHOs that advertises as "no IT skills required" destroys a small office network and then hides the correct settings. A simple question or two during the install that would correct the settings is all that it would take. They lost my trust when they did this.

@add - I should add that Bitdfender is well rated and performs at or near the top in tests.

 

[Markverhyden]

A word of caution on Bitdefender's SOHO package. It immediately shuts down peer-to-peer networking/file sharing and buries the correct settings four levels deep in menus. It's crazy stupid that a product aimed at SOHOs that advertises as "no IT skills required" destroys a small office network and then hides the correct settings. A simple question or two during the install that would correct the settings is all that it would take. They lost my trust when they did this.

I try to avoid those all-in-one packages, especially standalone. This dates back to Norton's 360 products. What mess that could be.

 

[nlinecomputers]

I wouldn't fire them unless they are wanting all this work done as "warranty" from a previous repair. But it they keep getting infected then I'd be concerned about a root kit. So nuke and pave would be in order.

It's SOP for me to N&P any machine that boomerangs on me. Hell anymore most virus problems I nuke. If I can restore all the programs than FABS and a reinstall results in a better PC. Toss in an SSD and you turn into the miracle worker.

 

[glricht]

I have a customer that I used to visit about every 1-2 months to clean up his PC and remove infections.(He had "clickavitis", meaning he would click anything that was clickable.) Although the money was good (and predictable), I got tired of doing it all the time. Education didn't seem to help.

I ended up changing his primary id to a standard user and added an administrative-type account. Told him to always use the standard account so an infection wouldn't mess up Windows itself. Of course, there are loopholes in this approach, but he's a lot happier now.