What's so wrong with fromat/reinstall?

Martyn said:
and it should be 3) when it makes (business) sense.
Click to expand...

I have noticed a big difference between attitude between people in the USA and people in the UK. In the UK most of us seem to agree that N&P is sometimes a better solution than spending 10 hours removing a rootkit when there are also lots of other windows related issues on the system.

Pizza techs N&P when Malwarebytes doesn't solve the problem.

I like to think that us experts N&P if it is the best solution in terms of offering value for money for the customer and good business sense. It depends on two things:-

  • The client - very often they want me to just start from scratch
  • How bad the rootkit is
 
I'm surprised at how much this varies by area. I wouldn't think location would have anything to do with it. Most of my customers don't want their systems wiped and started over. But others on here say that most of their customers want the n&p.

There's nothing wrong with nuking a system if it's the best solution technically and/or financially. Even though it may take me a bit longer on some occasions to fix the problem, versus nuking, it's better business wise for me to fix most of the time. Avoiding the format is one of the major things that seems to separate me from everyone else around these parts. So the extra time spent turns into referrals.

And honestly, I don't know why, but I really hate doing a n&p. I'd rather spend hours on a system. I think it's because reinstalling is boring and I get no satisfaction out of it. And it is really important to me to find satisfaction in my work. Ah well, maybe that's just me I guess.
 
NeutronTech said:
words.gif
Click to expand...

It's exactly like that here too. Here the competition has an accountant that is a sister of the owner and she does N&P's all day (after getting customer permission after making them pay a $55 diag fee). They have an actual technician who is smart but she just takes the easy ones and punts them if it doesn't fit within their checklist.

Can't get in safemode? N&P
 
Ccomp5950 said:
You can't be 100% certain with even a N&P (you aren't replacing the MBR when you repair install or clean install)

We discussed this in another topic on this subforum I believe.

Topic: When is clean, clean?
http://www.technibble.com/forums/showthread.php?t=22495
Click to expand...

I always rewrite the MBR duirng a N&P and still do the usual rootkit checks.

I am not saying simply do a N&P and forget about it. I am just not going to spend ten hours going every every hook, DLL and SYS to get rid of the toughest rootkit if it keeps coming back when I am only going to get say £60 for it.
 
joydivision said:
I always rewrite the MBR duirng a N&P and still do the usual rootkit checks.

I am not saying simply do a N&P and forget about it. I am just not going to spend ten hours going every every hook, DLL and SYS to get rid of the toughest rootkit if it keeps coming back when I am only going to get say £60 for it.
Click to expand...


That's what I mean by business sense. You could have another 6 machines awaiting your attention.
 
ATTech said:
Restoring the MBR is actually a simple task.
Click to expand...

Yes it is.

Now what if your computer that you are burning your CD's off of has a virus that injects a bootsector virus in the CD? (I'm going to really over simpify these because it's a hypothetical that doesn't really matter) Or injects code that runs so that it installs problems afterwards?

Now what if your network has a nasty virus that only attacks newly N&P's due to lack of updates (Yes easy to fix if you are willing to patch your .iso's every patch)

Now what if the virus flashed the BIOS with a custom image in the blank space to run every time the computer boots? (I actually have no idea if this would work, would be interesting though)

"Is it 100% clean" is not going to ever be answerable. You cannot prove a negative any better than I can. It's a fallacy and we have to accept reasonable levels of doubt that infinitesimally unlikely situations are not occurring.

Edit: part of my post apparently went missing...

With Virus removal, I can say with confidence that it is clean and will not cause a problem if the symptoms are gone, no oddball network traffic (I have a linux server as a router that logs traffic from any system that isn't mine) is occurring and no pop ups occur. I can say with confidence that it is clean. Again results are reliable, not guaranteed.

</edit>
 
Last edited:
Ccomp5950 said:
Yes it is.

Now what if your computer that you are burning your CD's off of has a virus that injects a bootsector virus in the CD? (I'm going to really over simpify these because it's a hypothetical that doesn't really matter) Or injects code that runs so that it installs problems afterwards?

Now what if your network has a nasty virus that only attacks newly N&P's due to lack of updates (Yes easy to fix if you are willing to patch your .iso's every patch)

Now what if the virus flashed the BIOS with a custom image in the blank space to run every time the computer boots? (I actually have no idea if this would work, would be interesting though)

"Is it 100% clean" is not going to ever be answerable. You cannot prove a negative any better than I can. It's a fallacy and we have to accept reasonable levels of doubt that infinitesimally unlikely situations are not occurring.
Click to expand...
This has got to be the most pointless argument I've seen to date on these forums.
 
I really dont find anything wrong with it. As far as the customer is concerned, they bring you a computer that does not run right, when they pick it up, it runs right, so what do they care how you did it?

I dont do it a lot, but if someone has a bad infection and says that they dont really need anything but thier pics, then i will back them up and then nuke and pave. But when someone has specific software that they must have and dont have a disk for then i will manually approach the situation. B

For a day to day operation, i do maybe 2 to 3 nuke and paves a month as I have got much better and faster at virus removal...

i am just at the point to where I will manually remove the obvious virus, but then I still scan and find other trojans, etc. so I am not there yet, i dont see how some of you can get a machine virus free in 10-15 minutes as stated by some members, but hopefully I can get there one day!
 
ATTech said:
This has got to be the most pointless argument I've seen to date on these forums.
Click to expand...

I find the "How do you know if it's clean" argument to be pointless too, I'm glad you agree.

My point however is you can never be 100% sure. I can say I'm 99% sure but people that demand N&P "because you can never be sure" make the argument pointless.
 
I format as a last resort or if the customer wants that. I'm not trying to take the macho, "I can fix anything" approach. I just feel that it's a better "Wow" factor when you return a hopelessly infected pc that has all their programs and personal settings still intact. Something else, Doing a premature reformat sometimes leads to call backs, cause you forgot to re-install some overlooked program.
 
PC-MOT said:
seeing as its rare to find a virus hiding in settings and personal data,why not backup these files, then nuke and pave..reinstall files?
Click to expand...

Nearly all the infected PCs I have seen lately the documents and settings folder has been hiding the nasty virus exetubles and dll files.

Also it does take people time to reinstall all their apps and personal settings. I do N&P more than most here probably but I still do my very very best to avoid doing it.
 
PC-MOT said:
seeing as its rare to find a virus hiding in settings and personal data,why not backup these files, then nuke and pave..reinstall files?
Click to expand...
What it comes down to is the inconvenience of the end user for the changes made in a reinstall. I personally don't subscribe to the notion that it should only be your last resort. The fact of the matter is that if it makes sense, do it. It's best to find or develop tools that help to minimal the impact on the system. If you can reimage a system with all the important user settings/data transferred and all the major programs reinstalled in an hour, versus spending a few hours tracking down all the malware on the system, then it makes more sense to reimage. Unless it's a lawyer's computer, never make any changes to a lawyer's computer.
 
We're in business and every decision you make is what is in the best interests for you and the customer.

I'm replacing a power jack on a Dell Inspiron 1525 and I made the wrong decision :mad:
 
I use N&P as a last resort, for several different reasons.

1) I have a shop at a big flea market. (still trying to get enough customers for a full fledged store). There are 3 other computer repair shops. The other shops there always do N&P. One of the ways I started getting good business is I would advertise that I actually removed the viruses, and they wouldn't loose their data. Then of course I let them know that is some instances I would need to N&P. Customers were excited. They were use to the idea of just loosing everything.

2&3) Job satisfaction and learning. I look at these hand in hand. I believe that every virus can be removed and I want to know how to do it. When I beat the virus I feel good.

The only time I N&P is if the customer wants to or if it is taking way to long and the customer needs his computer back. I have spent days (when I have the free time) on a nasty rootkit, trying to learn how to remove it.

I have gotten removing viruses down pretty good. I still have a lot to learn about rootkits.

I would say my ratios are:
Viruses w/o rootkits 95% remove - 5% N&P (it may even be better than that)
Rootkits probably 60/40. (I'm still trying to learn all about unhooking)

Anyone know an good learning material that teaches rootkit removals?
 
You must log in or register to reply here.

Similar threads

lan101
Another password debacle thread lol
2
Replies
24
Views
608
HCHTech
HCHTech
britechguy
What's going on here? [Samsung Galaxy S24]
Replies
18
Views
2K
GTP
GTP
lan101
Recommend a good budget video card with 3 or 4 HDMI ports
Replies
10
Views
3K
frase
frase
britechguy
Wiping a Microsoft Surface prior to e-recycling
Replies
14
Views
2K
fincoder
fincoder
P
Transfer or reinstall Microsoft Office 2019 FFP on a reinstalled computer?
Replies
5
Views
764
fincoder
fincoder
Back
Top