SKY Broadband asking for a nuke n pave!!

[Kitten Kong]

Hi all, I have just had a customer come into the workshop, with a letter from sky broadband.

Basically saying..

Dear Mr X
An investigation involving Sky Broadband has identified a further breach of our acceptable use policy. This would indicate that either your computer has been compromised again or that the remedial action previously taken has not resolved matters. Unfortunately, this means that we have had no option but to suspend your broadband connection for a second time.

In order for us to again restore the connection you'll need to, on this occasion, contact a computer specialist to reformat your hard drive, and reinstall your software from scratch using the original CD ROMS. Before doing this, you will need to back up any data files on your computer so that they're not lost.

As this is the second occasion that we're suspending your broadband connection, we require a written report from the computer specialst detailing and confirming the actions that have been taken. In addition to this we also need confirmation that you've installed anti-virus software to help prevent your computer being compromised again.

Once this has been carried out, please fax the written report to xxxxxxx blah blah..

Has anyone else ever had a request like this off a BB supplier??



When the laptop came in, mbam had already been installed, ran umpteen times, with all logs there, started off with 16 infections, but ended up with just one. A TDSKK rootkit, which mbam would not remove. He also had installed AVG v9, which did not find a thing. He honestly has no idea where or how long the rootkit has been infecting his pc, but obviously its been there for a while, for sky to of taken this action.

within 10 mins I removed this rootkit, scanned the rest of the pc, and it all came back clear. But following sky's recommendations did a complete nuke and pave. Only thing is, this customer had over 160gb worth of data, which I have had to charge extra for.

Juat rang him and told him, the bill would be £195 for everything, primarily because of the data transfer, and he didnt bat an eyelid. He's just happy that its been done, and that shortly he will be able to get his bb back on again..

 

[Emergency PC Repairs]

Wow, I didnt know BB companies was doing this, will keep an eye out for it in the future.

The rootkit must have been hammering bandwidth then?

 

[Kitten Kong]

Thats the only thing I can think of too. Which is why I posted the letter on here. Just a fyi. This is the first time I've personally come across a situation like this, where they wouldnt simply allow the removal of the rootkit, but required a complete n&p.

 

[MrUnknown]

Wow.

Without seeing the agreement he signed, it seems very odd to require the client to do something specific with their computer rather than to just have it resolved. I think they are overstepping their bounds a little bit. Then again, at least they aren't telling him to sign up for their $10/mo package to remove viruses.

However, the broadband company has the right to suspend his account if his computer is spamming everyone or something.

 

[Holzster]

I also have has ISP's tell there user that must get there machine reloaded by a third party Tech company - they even called me to make sure I did it. I will not say who it was, but it was a large ISP with three letters in the name & the first 2 are AT

 

[benrybin]

We have a college located near us and we have students that get banned from the network due to viruses (eating up bandwidth) and they must show that they have gotten the computer fixed before they are allowed back on. Pretty similar to this but i have never seen an Internet provider block a customer.

 

[Canadian Tech]

Here in Canada one particular company called Rogers, will block a customer if they have a virus. They will also require proof of an AV program on the system but I haven't heard of them requiring a nuke and pave.

 

[maclaptech]

Here in US I've heard from few customer that their ISP told them called them and warned them about their PC spewing junk out. But that is about it.

However, I did see on the news yesterday that in Australia they might cut off your connection if they detect it.

 

[ATTech]

We have a college located near us and we have students that get banned from the network due to viruses (eating up bandwidth) and they must show that they have gotten the computer fixed before they are allowed back on. Pretty similar to this but i have never seen an Internet provider block a customer.

This happened to me back in college when I was in the dorms. They specifically told me I had to Nuke and Pave.

 

[iptech]

contact a computer specialist to reformat your hard drive, and reinstall your software from scratch using the original CD ROMS.

Although nuke 'n' pave is a cop out, it's good news guys, this is easy money that the pizza techs aren't going to grab.

 

[Larry Sabo]

One of my clients who uses Rogers encountered this, but by telephone notice. I scanned that system with everything I could, several different top-drawer AV boot CDs, rootkit scanners, etc., even slaved to my system, and had it cleared up, I thought. Connected it to his modem and they promptly suspended his account for spewing viruses. Finally backed up the data, re-initialized the drive, re-installed Windows, restored the data and all was good with Rogers again. I had to talk to them and describe what I did to fix the problem.

I've also had a client who was told the same thing. Cleaned it up with a variety of tools but without a N&P and all looked good. Then they received an e-mail, ostensibly from Rogers, saying they were still infected. The e-mail was itself infected and wasn't from Rogers!

 

[Xander]

Here in Canada one particular company called Rogers, will block a customer if they have a virus. They will also require proof of an AV program on the system but I haven't heard of them requiring a nuke and pave.

Cogeco and Sympatico are the big two around here and I've never heard of Sympatico asking this of anyone. Cogeco has (and I haven't heard of it happening in the last year or two) shut off someone's access until they have it cleaned.

 

[BrianB]

Considering that the ISP has no way to know if the person doing the work is any good at removing rootkits, it's not completely unreasonable to request the customer get a N&P after the second suspension. After all, his first cleaning attempt must have failed to get suspended twice, right?

 

[vdub12]

Considering that the ISP has no way to know if the person doing the work is any good at removing rootkits, it's not completely unreasonable to request the customer get a N&P after the second suspension. After all, his first cleaning attempt must have failed to get suspended twice, right?

He may have gotten reinfected which is not uncommon for people that are prone to infections. For these people a N&P still will not help.

 

[BrianB]

True. Still, he was given the non N&P option first, so the ISP is looking more at a CYA. It's also easier to protect from rootkits on a known clean system than it is to get rid of them. So, N&P isn't a bad option for starting to protect him from himself. Maybe the cost will encourage him to think a bit about his surfing or P2P habits a bit as well.

 

[4ycr]

I just had a client who asked BT to install some anti-virus software for her. After a 2.5 Hr call and the software installed it will now not boot to windows, even in safe mode.

And BT's response to their fault, call a computer specialist to fix it.

Easy money but she had important emails and college work which needed recovered.

 

[Daifne]

On Time Warner Roadrunner here. I had a a machine in infected with Virut and other various infections. I have an isolated network for customers machines, but, of course, the networks share the Internet connection. This particular machine spewed so much garbage in the short time it was connected that RR blocked us. All they have you do, though, is to click on a link on their special page telling them that it's fixed.