Malware

General discussion

Locked

A new record !

By gbrownlee ·
I worked on the most infected system I have ever seen yesterday. The user called and stated that the pc had the following problem: Only while connected to the internet, between 5 and 15 minutes later, a window would pop up similar to sasser, but not quite and would say the system will reboot in 30 seconds. Which it did.

This system is 2 years old and running xp home. During this time, it has never had virus protection, no windows updates were installed and the HDD had never been defragged.

I ran ad-aware SE. spybot S&D, spyware blaster and AVG 7.0 free version. There was lots of spyware, but the astouding thing was, on its first pass, AVG picked out a who's who list of viruses, trojans and worms. There was 1246 infected files!

Greg

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Thats alot

by gbrownlee In reply to A New Record

This could turn into a contest. So far, you are in the lead. You gotta like user ineptitude, keeps the $ rollin' in; and best of all, very few actually follow through on the advice I give them. Repeat business!

Collapse -

Rats

by awfernald In reply to Thats alot

I never got above 1200 with my dads computer, and never more than 6 different strains

Guess I'll have to go from a cleanup of his computer every 6 months to every year to come close to competing.

Collapse -

Thats nothing!!

by jason In reply to A new record !

Recently i had a japanese lad come in with his laptop complaining of it being slow, here we use etrust and avg just to make sure everything is caught.
So i loaded up avg, updated the definitions and started the scan, to my suprise the number of viruses was increasing with every file scanned.. in the end there was 11,146 files infected of a total 61,120 files scanned most of them were those pesky netsky britneyspearspron.exe type files but there was a good selection of different viruses. i have the screenshot also, but no way to post it here..

Collapse -

Nothing New

by steve In reply to A new record !

I used to have my own business, and now work for a former client. I would have to say he and his twin sons, 14 are the best at getting infected.

One son had 5 extra toolbars, gain, mybar, something I can't remember, dash, yahoo, google installed there was no screen area for the explorer pages. The other one had something that would pop up a window if the connection failed, I finally did a hard reboot after 35 windows opened. I clean the machines about every three months and use a sickle approach. If I don't recognize the entry it is out of the registry, only then can I do any other work on the systems. Kazaa, Wether bug, Rebates after rebates(for people who don't shop online I find this fascinating).

They never complain, just reload and start all over, I tried to firewall, but they complianed too much and didn't "NEED" that protection.

Oh well the 7 year old just got a machine so I am assured of this job. I coud get them 386 machines with firefox and they would be just as fast as what they have a week after my visit.

Collapse -

sympathies

by apotheon In reply to Nothing New

I feel your pain. I remember a client I dealt with about eighteen months ago that had seven toolbars showing on Internet Explorer. It turns out that there were actually twelve toolbars installed, but they conflicted with each other, and only seven ended up showing. That just blows my mind.

People just see some link that says "this will help" and they click on it. There's no thought. It's like some kind of Pavlovian conditioning response. They react as though seeing it on the Web must make it true.

End users need to begin to realize that everything on the Internet should be viewed with a bit of initial skepticism. The fact that it appears on the screen of your computer monitor doesn't make it trustworthy.

Collapse -

Egads - You just discovered the biggest hole in IE:

by dafe2 In reply to sympathies

"End users need to begin to realize that everything on the Internet should be viewed with a LOT of initial skepticism. The fact that it appears on the screen of your computer monitor doesn't make it trustworthy."

Best advice ever.........bare none. I've been trying to articulate this forever. My problem -> Everytime I tried to say this very thing it turned into a thesis or some convoluted something or other.

Hope you don't mind, I took the liberty of changing one word though.

Hats off to you mon ami.............very well said.

Collapse -

thanks

by apotheon In reply to Egads - You just discover ...

I appreciate the kudos. It's true: The Internet can be a dangerous place, and one shouldn't wander around in it with eyes closed.

Collapse -

Re: your original comment

by house In reply to thanks

...and some other comments posted as well. I've tried everything in my power to convince these users of the security threats that are flying around on the net. I got fed up with somebody one day and explained to them the concept of social engineering. I got pretty rude with them because they were insisting that when I serviced their computer, I wasn't doing a proper job.

I know that when I leave, their computer is "tip-top". How can I ensure that they follow best practices when I am not there? I think that the best solution would be for me to shove their heads through the monitor and the mouse up their...

Sorry, these people **** me off. The same kind of people that were identified by another tech on this thread regarding the Kazaa issues.

Collapse -

you can't

by apotheon In reply to Re: your original comment

Sometimes, there just isn't any way to ensure best practices in your clients. I actually have to get in a car in an hour or so and drive to a client site to replace an IE icon on the desktop, make IE the primary browser again, and remove a bunch of security configurations I added to the computer on a previous visit. The user just doesn't like it. He'd rather deal with a computer that gets overrun with malware than some very simple secure practices, I guess.

Sometimes, you just have to give in to the client. Sometimes, you just have to assume that the client's stupidity is no longer your responsibility. There are people who are innately computer security failures. There's nothing you can do about it.

It's sad but true.

I don't even get to charge for this trip, if I want to keep this client in the future. With the security measures dismantled, there will be a lot of money in tending to this client's system cleanup needs in the future, so I just look at it as an investment in the future.

This wouldn't be nearly as annoying if the guy wasn't also a friend of the family.

Collapse -

Give an inch

by house In reply to you can't

...take a mile. We have to watch out for these people. I always have trouble shaking a client with whom I have issues.

Listen to this; we are an ISP. Right now, I can count about 6 computers sitting on the floor beside me. When somebody gets wind that you're a tech, they will take it for granted that you can help them everytime they muck up the computer. I've got drives with no jumpers, dead RamBus, 9x, smoking mobos, etc. Another thing... for some reason, nobody's floppy drive seems to work anymore... I always have to give it the traditional huff and puff.

PS - do you think the 'head through the monitor' thing would work? :)

Related Discussions

Related Forums