http://mtupyro.livejournal.com/ ([identity profile] mtupyro.livejournal.com) wrote in [community profile] techrecovery2008-02-15 09:38 am
  • Add Memory
  • Share This Entry

(no subject)

We don't service personal computers. If it's the department chair or an important professor, we may work on a personal laptop. But we don't touch student's personal machines. Ever. So why have I spent the last 2 days clearing spyware infections off of an undergrad's personal machine?

$BOSS: "His mom called, and I felt bad."

Grrrrrrrrr.

He had limewire installed and running under an admin account. Along with Norton. *gazes into the heavens* NORTON!!

It's getting a fresh format and install after I backed up what documents I could find. I fought the spyware, and the spyware won.

I'm really tempted to contact his mother and show her just what I found when cleaning out her little boy's computer. Still think he needs his computer for school mommy?
Flat | Top-Level Comments Only

[identity profile] jimbojones.livejournal.com 2008-02-15 03:53 pm (UTC)(link)
The malware is getting ROUGH these days. There's a strain going around right now that digs itself in deeper with, literally, every freaking hour it's on there - a machine that I get to the same day, I can generally fix; but one that's been infected for a week will have installed so many bogus services, hidden processes, winlogon notify keys, BHO's, search hooks... that, yeah, fuck, I just can't get it all.

Protip that really won't help you in these situations, but might be helpful if you ARE responsible for a certain set of computers that some goddamn monkey might malware up: ERUNT is a free registry backer-upper that produces byte-perfect copies of the registry, hot. So you have the option of booting from a Linux liveCD and literally just cp'ing the backed up copies from a week/month/whatever ago on top of the live registry, then booting back into Windows and *poof* Bob's your uncle.

I'm starting to make that shit a default part of new machine installs now, along with scheduled tasks to make weekly backups and rotate 'em.

[identity profile] mtupyro.livejournal.com 2008-02-15 04:11 pm (UTC)(link)
I carry a thumb drive that is basically my portable computer repair kit. ERUNT is on there and I keep a copy of what our image's registry is supposed to look like on it.

I also use Ultimate Boot CD 4 Win. With that you can load registry hives, edit them by hand and save them back. Useful if you dont have a backup or you think you know which key has gone bad.

[identity profile] phrogg.livejournal.com 2008-02-15 04:20 pm (UTC)(link)
UBCD ftw! That disk saved my ass on a number of occasions.

[identity profile] wxgeek.livejournal.com 2008-02-15 04:24 pm (UTC)(link)
That's pretty cool. I gave up on the war on malware, and if it gets to interfere with usability, I just format and reload. You did have backups, right?

[identity profile] jimbojones.livejournal.com 2008-02-15 04:26 pm (UTC)(link)
Nope. Not my machine, customer machine. He's too busy for a nuke-from-orbit reinstall right now, so he's living with the remnant of the malware I couldn't fix (popups that only occur if IE is running - can't find the source for the fucking life of me). He's scheduled for a true nuke-from-orbit reinstall - which WILL include scheduled ERUNT jobs - sometime a week or so from now.

The hell of it is, he's actually a very technically savvy guy, for a customer, and not at all inclined to do stupid shit. I honestly think he got bit by a normally-legit website somewhere that had been compromised by the Storm worm or something.

[identity profile] wxgeek.livejournal.com 2008-02-15 04:49 pm (UTC)(link)
Y'know, it's things like malware that make me long for the days of thin clients. Give 'em a 20MB directory on the server, a monitor, keyboard, and a mouse. that's all anyone -really- needs. :)

[identity profile] jimbojones.livejournal.com 2008-02-15 04:50 pm (UTC)(link)
Clearly you aren't supporting any civil engineers. The server hasn't been hatched that can handle several of these guys running Civil3D and generating models of miles and miles of coastline all at once. =)

[identity profile] wxgeek.livejournal.com 2008-02-15 04:53 pm (UTC)(link)
No, but a cluster has! :D

You make a great point for hardcore engineering types to have their own computers. :) But Joe Random's secretary Executive Assistant doesn't need web cache. She doesn't need a place to store all those cute little pictures of her dogs. She doesn't need anything but bookmarks, a working Exchange setup, and a Mydocs that gets stored on the server (substitute appropriate Linux analogs if you prefer to keep your soul).

*sigh.* It'd solve so many problems.

[identity profile] jimbojones.livejournal.com 2008-02-15 04:56 pm (UTC)(link)
I'm strongly considering starting to offer a program where direct internet access is restricted from ALL workstations, and web browsing must be done by remote X session on a Linux or BSD server that lives for no other reason than exactly that: to host web browsing sessions. Now THAT would solve a lot of fucking problems.

In theory I could do the same with a Terminal Server, but I'd have to drop the bitch and cold-copy ERUNT backups onto it fucking daily.

[identity profile] wxgeek.livejournal.com 2008-02-15 06:07 pm (UTC)(link)
Oddly, blocking Myspace has about the same effect on IT workload. :)

[identity profile] mtupyro.livejournal.com 2008-02-15 06:33 pm (UTC)(link)
If you think Civils are bad try Mechanicals ;)

[identity profile] jimbojones.livejournal.com 2008-02-15 09:05 pm (UTC)(link)
I support MEs as well. Trust me, the ME drawing hasn't been born that can hold a candle to a coastal CE model representing 5 miles of coastline in 3-D on top of 580MB of orthorectified TIFF background.
Flat | Top-Level Comments Only