When things get much worse

[therealcrazy8]

Since I am brand new to being a business owner, I have been listening to Podnutz, YFNCG, and this morning I checked out the Mike Tech Show since I met him at the Unconvention. This episode was 590 and he was talking about a client of his who suffered a severe virus/malware infection and even after cleaning it (1000+ things detected) it clearly caused irreparable damage to their medical software and eventually required a reinstall of Windows if I recall correctly.

I know in my past (when I was doing free work) that there have been cases that blew up into much bigger problems than initially intended and Im sure many of you can easily think of times you've experienced that. Here's my question. This is kind of a stupid question, and I have already formulated my answer but I am going to ask anyway. Assuming the above scenario happened to you, do you charge for the removal of the virus, the removal of the virus and reimaging and whatever else you did, the removal of the virus but then maybe give a discount on the other things you ended up having to do, or just charge for the reimaging and setting the system back up pre-infection? A second part of the question, would you charge a flat fee or an hourly?

Just curious to see what some of the answers are that you all would have for something like this.

 

[Slaters Kustum Machines]

I haven't listened to the podcast, but based on your post I would have went straight to nuke and pave since the machine is related to medical records/PII and the like. However if we take that out of the situation then seeing 1000+ items is the second red flag that nuke and pave is the right choice. I don't think the customer should be charged multiple times for the same issue. The tech should have known better. So we charge for virus removal or nuke and pave, not both.

 

[therealcrazy8]

I haven't listened to the podcast, but based on your post I would have went straight to nuke and pave since the machine is related to medical records/PII and the like. However if we take that out of the situation then seeing 1000+ items is the second red flag that nuke and pave is the right choice. I don't think the customer should be charged multiple times for the same issue. The tech should have known better. So we charge for virus removal or nuke and pave, not both.

Makes perfect sense. I'm not sure how he charged, hes a reputable enough guy that I would think he would have done the right thing. Out of curiosity, how much do you charge for nuke and pave?

 

[Slaters Kustum Machines]

Makes perfect sense. I'm not sure how he charged, hes a reputable enough guy that I would think he would have done the right thing. Out of curiosity, how much do you charge for nuke and pave?

$129.95

 

[nlinecomputers]

I am addressing this to you the reader because I assume you, for the sake of this discussion, have put yourself into the podcaster's place. For the moment YOU are the podcaster. Ok?

Now it is not your fault the end user got infected. I would charge whatever charge you normally do. If you are flat fee then charge your fee knowing that you might have to eat some of it. That happens. If you charge by the hour then charge by the hour.

Now having said all that.

I assume you want to charge less because you feel that you screwed up and didn't correctly assess that it was a lost cause. That isn't always easy to determine. Your fees should cover some of that testing.

By the same token, I do far less actual virus cleanups for this very reason. End users don't care if you clean the virus or nuke and pave the system and reinstall everything. They just want it to work. Most of the time I can nuke and pave faster then I can clean up. And as pointed out above often with business clients that is the only sure method for returning a clean system.

My point really isn't that you screwed up. It is that it is more effective to change your procedures. I'm a big advocate of just doing a nuke and pave. It saves time and gives the client a better windows system.

 

[therealcrazy8]

I am addressing this to you the reader because I assume you, for the sake of this discussion, have put yourself into the podcaster's place. For the moment YOU are the podcaster. Ok?

Now it is not your fault the end user got infected. I would charge whatever charge you normally do. If you are flat fee then charge your fee knowing that you might have to eat some of it. That happens If you charge by the hour then charge by the hour.

Now having said all that.

I assume you want to charge less because you feel that you screwed up and didn't correctly assess that it was a lost cause. That isn't always easy to determine. Your fees should cover some of that testing.

By the same token, I do far less actual virus cleanups for this very reason. End users don't care if you clean the virus or nuke and pave the system and reinstall everything. They just want it to work. Most of the time I can nuke and pave faster then I can clean up. And as pointed out above often with business clients that is the only sure method for returning a clean system.

My point really isn't that you screwed up. It is that it is more effective to change your procedures. I'm a big advocate of just doing a nuke and pave. It save time and gives the client a better windows system.

This also makes perfect sense to me as well. I guess if I had seen 1000+ infections, that just seems like a complete disaster to me and think that after detecting all of that, nuke and pave is the way to go. You can guarantee a clean system then too.

 

[Markverhyden]

Unless you have actually seen the output I would not take the 1000+ infected files at face value, nothing against the author. All of these tools will also flag any suspect files from questionable search engines, email attachments, etc, etc,. And that has nothing with the severity of the infection. I've seen machines in which only a few dozen malware apps/dll's were detected yet they ended up needing to be nuked due to the pernicious nature of the malware. Others, with 1000's, were simple cleans.

As far as the customer is concerned. Every customer is told that no malware removal is guaranteed, a nuke and pave may be the only option. Given the example in the podcast, trying to do a clean rahter than rebuild the whole machine. Like @Slaters Kustum Machines said, starting out with a nuke and pave would be my first recommendation, which would just be a computer repair. It's bad enough that PHI, etc was exposed but doing a clean and not being able to absolutely guarantee virus free makes it even more sensible. Of course if they do not have the disks, runs only in DOS, whatever you may not have any choice. In that case it's a malware removal then a computer repair.

 

[GTP]

Remember the customer? They are the one with the final say - based on your "expert" recommendation.
You must always involve the customer and let them know exactly what you recommend.
I've had customers, residential and business, with severe malware infections that flatly refused to have the computer wiped!
Others go with whatever I recommend.
Of course they are told that although I can only remove the malware to the best of my tools ability, I cannot guarantee the outcome. If they accept that were good and they are charged accordingly. If the computer becomes reinfected, after my recommendations are ignored, they are charged again.
Of course you will also get the office "know-it-all" that will download the latest "Free Super Windows
Washer Editor Defender Antimalware and Virus Unlocker With Built in Registry Power Eraser and Super Cleanup utility!" and do it themselves!

 

[glennd]

Remember the customer?

Who?

 

[Altster]

Of course you will also get the office "know-it-all" that will download the latest "Free Super Windows
Washer Editor Defender Antimalware and Virus Unlocker With Built in Registry Power Eraser and Super Cleanup utility!" and do it themselves!

Should not that read "and do it TO themselves?"

 

[GTP]

Should not that read "and do it TO themselves?"

Yes, that's right! Lol

 

[MichaelEC]

The customer is always right even when they aren't.

As long as they understand the risk(s), it's their machine, not mine. I'm getting paid.

 

[nlinecomputers]

The customer is always right even when they aren't.

As long as they understand the risk(s), it's their machine, not mine. I'm getting paid.

Not when HIPAA is involved. I run the same risks as they do. They do it the correct way or they stop being my client. Between that and insurance is why I do not handle Doctors at all.

 

[MichaelEC]

If I were doing that sort of work, doctors would be scratched off of my list too.

 

[therealcrazy8]

The customer is always right even when they aren't.

As long as they understand the risk(s), it's their machine, not mine. I'm getting paid.

I suppose the silver lining in this is that their mistakes creates job security...lol

 

[MichaelEC]

Can't argue with that.

 

[cypress]

I heard the Mike Tech Show episode this morning on my way to work as I was catching up on the podcasts. I wanna say I was pretty shocked he spent that many hours on this machine, then I laughed because I remember doing the same thing last year. Not a virus but instead Windows 10 upgrade tried to slip through and was wanting to upgrade. Tried deleting the install files and getting rid of if with no success, mind you this was before GWX Control Panel came out. I spent too much time working on this because I did not want to re-install Windows and have to put the EMR software back on.

I finally relented, spoke with the office and told them it is best to back everything up and re-install and do things properly. Ended up taking me a lot less time to do that then pull my hair out trying to figure out this issue. I lost the most important thing which was time. I did end up getting paid for the job and billing out hours, but having to spend my Friday evening and then Saturday morning getting this back up and running wasn't in my original plans.

 

[MikeLierman]

We need to put together a thread of the best threads based on topic. I know this has been asked before, though I don't mind chiming in. I often learn things the hard way, or did when I was younger. When it comes to corruption, you really have 3 stages:

1. Minor which can be resolved w/ full virus/spyware removal, and tune-up. Then follow-up w/ "SFC /scannow."
2. Medium corruption which can be resolved with above plus "DISM /Online /Cleanup-Image /RestoreHealth" and Tweaking.com Windows Repair.
3. OS Reload / In-place Upgrade

I rarely get to #3, and the important part is assessing the damage and how bad it could be based on what you've seen before. Heavy botnet infections and those from TDSS/TDL-4 days would definitely require a full wipe and reload no matter what you did. Over the years, I have experimented with many different methods, and found the above to be the best. In my spare time, I'll load up test machines with malware and botnet infections and have the employees play with them, and make sure our methods still work well.

The problem you'll sometimes run into is that some clients will have software they cannot replace, they don't have the discs or keys anymore--people misplace stuff all the time. I'll prefer the Tweaking.com tool + in-place upgrade if it's that bad. But to be honest, I just don't see impressive enough botnets and trojans these days. I kinda miss TDSS, ZeroAccess, and Cidox.. they were challenges...