techrecovery | (no subject)

We don't service personal computers. If it's the department chair or an important professor, we may work on a personal laptop. But we don't touch student's personal machines. Ever. So why have I spent the last 2 days clearing spyware infections off of an undergrad's personal machine?

$BOSS: "His mom called, and I felt bad."

Grrrrrrrrr.

He had limewire installed and running under an admin account. Along with Norton. *gazes into the heavens* NORTON!!

It's getting a fresh format and install after I backed up what documents I could find. I fought the spyware, and the spyware won.

I'm really tempted to contact his mother and show her just what I found when cleaning out her little boy's computer. Still think he needs his computer for school mommy?

Flat | Top-Level Comments Only

From:

spazure-archive.livejournal.com

ftl

From:

kageneko.livejournal.com

Since your boss seems to take direction from people's mothers, have your mom call next time you need a day off and he won't give it to you :)

From:

mtupyro.livejournal.com

I said "So if my mom calls and says I need a raise it'll work?"

He said she would need to call $FEARLESS_LEADER, $BOSS's boss. He's not as easy.

From:

fnordx.livejournal.com

"Hello, Mom of $student? Hi, this is $name calling from the University's IT department. I'm just calling to tell you that we're working on $student's computer, and I had a question. Unfortunately I'm not able to get a hold of $student, so I was wondering... See, I've backed up all of the documents I could find, but I've got this 4gb of illegally downloaded music, and 5gb of pr0n, and I wanted to know if I should back that up as well, because it will take a lot longer to get the laptop back to $student for him to use it for, ahem, 'school work'."

From:

sgt-easton.livejournal.com

I was thinking the same thing. "Look, Mom, the computer you spent thousands on won't survive another 'attack' like this. Either keep on your son about keeping the computer clean, or it will die and you'll have to buy a new one."

From:

jimbojones.livejournal.com

The malware is getting ROUGH these days. There's a strain going around right now that digs itself in deeper with, literally, every freaking hour it's on there - a machine that I get to the same day, I can generally fix; but one that's been infected for a week will have installed so many bogus services, hidden processes, winlogon notify keys, BHO's, search hooks... that, yeah, fuck, I just can't get it all.

Protip that really won't help you in these situations, but might be helpful if you ARE responsible for a certain set of computers that some goddamn monkey might malware up: ERUNT is a free registry backer-upper that produces byte-perfect copies of the registry, hot. So you have the option of booting from a Linux liveCD and literally just cp'ing the backed up copies from a week/month/whatever ago on top of the live registry, then booting back into Windows and *poof* Bob's your uncle.

I'm starting to make that shit a default part of new machine installs now, along with scheduled tasks to make weekly backups and rotate 'em.

From:

mtupyro.livejournal.com

I carry a thumb drive that is basically my portable computer repair kit. ERUNT is on there and I keep a copy of what our image's registry is supposed to look like on it.

I also use Ultimate Boot CD 4 Win. With that you can load registry hives, edit them by hand and save them back. Useful if you dont have a backup or you think you know which key has gone bad.

From:

phrogg.livejournal.com

UBCD ftw! That disk saved my ass on a number of occasions.

From:

wxgeek.livejournal.com

That's pretty cool. I gave up on the war on malware, and if it gets to interfere with usability, I just format and reload. You did have backups, right?

From:

jimbojones.livejournal.com

Nope. Not my machine, customer machine. He's too busy for a nuke-from-orbit reinstall right now, so he's living with the remnant of the malware I couldn't fix (popups that only occur if IE is running - can't find the source for the fucking life of me). He's scheduled for a true nuke-from-orbit reinstall - which WILL include scheduled ERUNT jobs - sometime a week or so from now.

The hell of it is, he's actually a very technically savvy guy, for a customer, and not at all inclined to do stupid shit. I honestly think he got bit by a normally-legit website somewhere that had been compromised by the Storm worm or something.

From:

wxgeek.livejournal.com

Y'know, it's things like malware that make me long for the days of thin clients. Give 'em a 20MB directory on the server, a monitor, keyboard, and a mouse. that's all anyone -really- needs. :)

From:

jimbojones.livejournal.com

Clearly you aren't supporting any civil engineers. The server hasn't been hatched that can handle several of these guys running Civil3D and generating models of miles and miles of coastline all at once. =)

From:

wxgeek.livejournal.com

No, but a cluster has! :D

You make a great point for hardcore engineering types to have their own computers. :) But Joe Random's ~~secretary~~ Executive Assistant doesn't need web cache. She doesn't need a place to store all those cute little pictures of her dogs. She doesn't need anything but bookmarks, a working Exchange setup, and a Mydocs that gets stored on the server (substitute appropriate Linux analogs if you prefer to keep your soul).

*sigh.* It'd solve so many problems.

From:

jimbojones.livejournal.com

I'm strongly considering starting to offer a program where direct internet access is restricted from ALL workstations, and web browsing must be done by remote X session on a Linux or BSD server that lives for no other reason than exactly that: to host web browsing sessions. Now THAT would solve a lot of fucking problems.

In theory I could do the same with a Terminal Server, but I'd have to drop the bitch and cold-copy ERUNT backups onto it fucking daily.

From:

wxgeek.livejournal.com

Oddly, blocking Myspace has about the same effect on IT workload. :)

From:

mtupyro.livejournal.com

If you think Civils are bad try Mechanicals ;)

From:

jimbojones.livejournal.com

I support MEs as well. Trust me, the ME drawing hasn't been born that can hold a candle to a coastal CE model representing 5 miles of coastline in 3-D on top of 580MB of orthorectified TIFF background.

From:

10001110101.livejournal.com

My GF's brother destroyed a perfectly good HP laptop in less than two months like that...

$BRO - "Why won't it start up right anymore?"
$ME - "Well, quite literally... because you touch yourself at night."

Of course, being family, i couldn't actually SAY it... but my God, the TEMPTATION...

From:

bekscilla.livejournal.com

Nooo, he's family - you're allowed to say it ;)

From:

syberghost.livejournal.com

Boot Ubuntu install DVD.
Install.
Call student: "your machine is fixed".

For variety, mix it up; FreeBSD, or even OpenBSD. Once word gets out you're doing free UNIX/Linux installs, switch to DR-OpenDOS.