Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

I'm Baaack!

Status
Not open for further replies.

mlack

IS-IT--Management
Oct 8, 2001
44
US
So what then? I have cleaned out numerous PC's that were infected, using all said tools and then some. After numerous reboots and checks to make sure the system was clean (including registry cleaning), I still receive the occasional call in 2 weeks saying "It's Baaack!" Why is this so? Could it be the hackers know the users public IP and will continue to use it for hacking? Are there remnants of malware still resident in the system that re-infect that I am missing? Is a reformat the only answer? Maybe it's the surfing habits of the user and the sites he goes to? Why does this happen all over again after no malware activity for a few weeks or so? I would love to hear some comments on why this seems to happen on occasion....
 
I feel your pain! I myself have received the very same phone calls. I've followed recommended procedures, cleaning tips and tricks, I've even had a few innovations of my own. I operate about three PC's here at work and can honestly say that NONE of them have one tenth of one percent of the problems that I've resolved for other people. Which leads me to latter half of your post. I DO DEFINITELY believe it is the surfing habits of the user. It has to be. If it is working fine after you're done with the cleaning process and you can see this with your own eyes then it is my belief that the problems come about from carelessness. But hey, it keeps me busy and makes me a few dollars so they can be careless all they want! Hope this rant helps.
 
Of course it's the users. Once you've been to a site that puts malware on your system YOU CAN'T GOT THERE AGAIN!. Try telling that to a clueless user though.

Look at their PC a few days after you give it back. You'll find KaZaA, 14 IM clients, coupon networks and 1 hundred other kinds of garbage right back on it. Look in their history and they've been back to the online casinos and porn sites they claim they never visit.

Cleanup is simply that - cleanup. If you can't change their surfing habits, you have repeat business.


Jeff
The future is already here - it's just not widely distributed yet...
 
Good posts guys (or girls). Is there a site somewhere out there on the web that lists known malware sites, etc. besides the obvious porn/kazaa issues? Of course, noone minds the repeat customers ;) but it almost seems to be a bad reflection on you (or your business) that they have paid YOU money to rid them of these malware issues, and weeks later they call back with the old "I've been doing what you said (Adaware, Spybot, etc.), but they're back again". Great discussion though. Some ideas as far as educating the customer maybe? Or should you go back the second time, research their surfing habits, and be "Point Blank" on where not to go. To me, this might tick a customer off as a sort of "privacy" issue.
 
I'm not quite sure of a site that may warn you ahead of time about browsing threats. I agree whole heartedly with you, mlack, about how this sort of thing can degrade your reputation as far as your skills go. I've learned to let it roll off of my back and just do it again thus far. I think as long as your confident of your work in your own mind that's really all that matters. If the user won't change the habits then they can expect the same result. If you put your hand on a hot stove you learn not to do it again right? Education is a good idea for repeat customers. The level of education and the "point blankness" should be on a case by case basis. My dad for instance. He never uses the computer but always is the one asking me to look at it. He has no idea what anyone is looking at or using it for. In that case it might be a good idea to be up front about it. It might stop the problem and save them some money as well. Privacy is another touchy issue. If asked to snoop, hey the customer is always right, right? As long as the consent was there and maybe there presence as well.
 
I agree wholeheartedly with all that has been said above but educating the customer can be a tricky business, especially when you KNOW they frequent porn sites etc. I have a customer whose machine I see at least once a month and I got so fed up that I decided to be blunt and told him quite frankly that if he continued to visit these sites then he might as well set up a standing order from his bank to mine! Did this make a difference? Nope.... there are times when it's like banging your head against a wall and it is frustrating for me as well as the user.. I am at the point with this user that I would love to find a way to tie his machine up so tight, he CAN'T go to the sites that get him infected..

Also I find that lots of customers don't believe that it their own fault and seem to suspect that you have deliberately infected them, especially if we have provided the hardware, even though it is our practice to show them how to use the anti-virus, adaware etc that we install and tell them how important it is for thier security.... sigh...

My own rant to add to the equation.. thanks guys..

Kes
 
1) been there done that
2) go back to 1)

the best way i have found is to (if they don't already have it) put Zone Alarm on it and lock out certain sites before i give it back.

in order to do this i review their history and favorites and if i see some known, suspect or sleazy urls i block them.

sometimes the owner is not the one doing the bad surfing but another member of the family or organization. believe it or not after returning the box with the blocked sites the guilty party usually lets you know "hey, something is wrong with this PC it can't find some of my favorite sites"

the next call i get is a thank you and a referral[bigcheeks]
 
HeeHee...great posts all of you. Maybe a blocking with Zone Alarm IS a good idea. But what known sites are there (besides the usual porn). Anyone know of a list? Keep the ideas and opinions coming. this one's going on my wall! :)
 
I put Zone Alarm on my customers machines as standard but like mlack says, known sites...? And there is so much out there that even if you go off thier history, they find others.... oh the computing public are such a joy... I guess we could try collating a list of our own on the forum, there are so many that surely we could come up with a huge one - just print off the history of the worst offenders....

hehehe

Kes:)
 
that list would include some of the Fortune 1000[bigcheeks]

so i would think twice about listing those Big Boys, especially the ones with entertainment holdings.[bigglasses]
 
Trying to get them to use FireFox will help, SpyBot S&D's tea Timer option helps also.
 
Our company now has customers sign a disclaimer form whenever we remove spyware. It gives a brief description of what it is, where it comes from and states that we cannot guarantee we removed 100%, nor can we warranty against it coming back. That way they can't call back a week later and expect us to clean it up again for free.
 
Good idea bygeek. Do you have a sample of your form or a little verbage? I would like to institute that in all my work for viruses, adware, spyware, etc.
 
Ahhh, sounds like PAC file filtering is in order. For IE, you can even scold your users via an alert box (if you want to).

A good source for examples and documentation is;


Although this site's slated towards blocking adds, it contains the best overall PAC implementation methodology I've found to date.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top