To the asshats responsible for "Antivirus 2009"

Sep. 3rd, 2008 09:54 am
[identity profile] laptop-mechanic.livejournal.com posting in [community profile] techrecovery
I hope you all die in a fire. I have enough broken machines to fix this week without having to deal with silly assed spyware/malware crap on student's machines as well. FOAD, the lot of you.

The first canidate to declare spammers & spyware authors/distributors a game species with no bag limit will get my vote. Any takers?
  • Current Mood: angry
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2008-09-03 02:01 pm (UTC)
From: [identity profile] gholam.livejournal.com
In the old good times, they used to boil counterfeiters in oil. I say this qualifies...

Date: 2008-09-03 02:04 pm (UTC)
From: [identity profile] laptop-mechanic.livejournal.com
I'd prefer feeding them feet first into an industrial wood chipper on national television.

Date: 2008-09-03 02:05 pm (UTC)
falnfenix: A dark purple horse with a pale purple mane snorts ice crystals into the air. The background is dark blue. Beneath the horse's head is the word SKYDANCER. (Default)
From: [personal profile] falnfenix
i agree completely. we've just taken to reimaging any machine with the problem, rather than trying to troubleshoot. it takes less time and creates fewer headaches.

Date: 2008-09-03 02:08 pm (UTC)
From: [identity profile] laptop-mechanic.livejournal.com
That's what I'll likely end up doing. The student will flip out about her data, but this is her own damned fault for letting it into the machine in the first place. "I have no idea how this got on here." "Wait, you mean it came in from my LimeWire!?"

Date: 2008-09-03 02:10 pm (UTC)
falnfenix: A dark purple horse with a pale purple mane snorts ice crystals into the air. The background is dark blue. Beneath the horse's head is the word SKYDANCER. (Default)
From: [personal profile] falnfenix
lol, seriously.

fortunately all the machines we touch are departmental boxes, and all our users' "my docs" folders link directly to their network shares...so if they keep data on their desktops, like they know they're not supposed to do, we don't care. anything they saved properly is safe.

Date: 2008-09-03 02:14 pm (UTC)
From: [identity profile] laptop-mechanic.livejournal.com
Yeah, thats easy to do in a corporate environment. When you have students who are allowed to bring in whatever equipment they want, you simply cannot maintain images for all of it.

I'd love to be able to say "You will all be buying ThinkPads this year" so we can support them easier, but it'll never fly.

Date: 2008-09-03 02:17 pm (UTC)
falnfenix: A dark purple horse with a pale purple mane snorts ice crystals into the air. The background is dark blue. Beneath the horse's head is the word SKYDANCER. (Default)
From: [personal profile] falnfenix
oh i understand...'tis why i won't work around students or the public. thank goodness for standardization!

Date: 2008-09-03 03:54 pm (UTC)
From: [identity profile] the-s-guy.livejournal.com
Ya. Although even with corporate setups, you have to assume that any given machine that boots up on a corporate network port may not necessarily be a clean local build.

I'm reminded of salesweasels from all over who wander onsite and plug their virus-factory laptops into the LAN, or the dim-bulb employee/manager who brings in their home machine, or even an actual corporate PC which has been infected/compromised in any one of a number of ways. One place I worked, an employee unplugged a business desktop, took it home sans peripherals, screwed around with it there, and then brought it back to work. They only got caught because for three days afterwards they couldn't work out how to plug any of the peripherals or network back in and eventually called tech support.

I swear, corporate computing environments need to be frickin' ultrathin-clients ONLY. No C: drive hassles, no pilfering of components, no unauthorised software installation, no attaching of extra networking components, no unauthorised access to portable media, no unauthorised wireless devices, and network lock-out for anything which doesn't give the right thin-client challenge-response.

Date: 2008-09-04 02:32 am (UTC)
From: [identity profile] docskurlock.livejournal.com
You are so fricking right. One place I worked at, the users bitched if they couldn't play a cd in their optical drive and listen to music. My boss told me, "So? They aren't here to listen to music, it's not a priority." I was like, hell yeah.

Date: 2008-09-04 02:31 pm (UTC)
From: [identity profile] the-s-guy.livejournal.com
If people want to listen to music at work, they can buy personal music players. There's precious few jobs where it's expected an employer will cough up equipment just to let people fiddle with personal stuff.

Date: 2008-09-03 02:20 pm (UTC)
From: [identity profile] pehteyemdjehuty.livejournal.com
Certainly not among students since most of them want gaming machines!
I swear there should be some sort of mandatory 'Internet Driving Licence' test before anyone is allowed online.

Date: 2008-09-03 03:06 pm (UTC)
From: [identity profile] agmlego.livejournal.com
Hear, hear. That, and a Breeding Licence.

--
"Memento Mori Ergo Carpe Diem"

Date: 2008-09-04 05:25 pm (UTC)
From: [identity profile] mattcaron.livejournal.com
I actually like thinkpads, so that wouldn't have been an issue.

My main gripe would have been "you want me to run windows? What are you, insane?"

But then again, I usually am my own techsupport anyway, so I wouldn't bring it in.

Date: 2008-09-04 06:27 pm (UTC)
From: [identity profile] laptop-mechanic.livejournal.com
Well, if Apple could build machines that I could consider "enterprise grade" without laughing myself silly in the process...

The OS is nifty, but they need to rethink their whole design mantra when it comes to how they build notebooks. The design and quality just isnt there. Having seen first hand how MacBooks and MacBook Pros are put together, there is no way in hell I'd ever buy one for myself.


I've seen OSX running on a ThinkPad....illegally, of course. It was the strongest statement I've ever seen for Apple licensing the OS. =)

Date: 2008-09-04 06:45 pm (UTC)
From: [identity profile] mattcaron.livejournal.com
Really? My feelings are the opposite. I hate the OS (okay, the base OS is fine, but the WM drives me right up the wall. Of course, I use heavily configured XFce and anything else drives me nuts...) but I've not had a problem with the build quality. I don't have one (I'm rocking the T60p), but my wife's TiBook and the assorted MacBooks which friends have had have been just fine. I'm actually fairly hard on laptops (2 dells lost their screens with me, and an R50p developed a huge crack on the bottom...), so well constructed laptops are of interest to me.

Date: 2008-09-04 07:26 pm (UTC)
From: [identity profile] laptop-mechanic.livejournal.com
I can rant for days about the build quality of machines. I've been doing the computer repair gig for 10 years now, and I've been dealing almost exclusively with laptops for the last 5. We service most of the major manufacturers here in our shop (Dell, Lenovo, Toshiba, Apple, Sony, HP). The machines I deal with mostly belong to students. They're used hard, and often not well cared for. So I see all the issues with machines, the good, the bad, and the ugly. We average something around 5000 repairs a year between 4 bench techs. That's a lot of machines.

Here's a few high points (or low points, depending on how you want to view it):

Apple does not design their laptops to be serviceable. The MacBook Pro and their Powerbook predecessors are particularly vexing. Getting to the most failure prone component (hard drive) requires removing 25+ screws and pulling off the whole palmrest, which takes a minimum of 20 minutes to do if you're VERY fast. The same procedure on a ThinkPad requires removing 1 screw and can be done in under a minute unless you're particularly ham-handed. They like to use internal cables that are very easy to damage in places they really shouldnt (SATA data cable for the MacBook Pro, I'm looking at YOU here). There have been numerous instances of the plastic palmrests of the MacBook splintering because they did not design the things to be strong enough to deal with the stress of handling.

The MacBook Pro aluminum casings are also pretty fragile as well. Very easy to dent, especially around the never to be sufficiently accursed slot loading optical drives they favor...which is a whole 'nother Apple issue. Their damned optical drives. There is no manual ejection system that WORKS on these drives. Especially not once you have a mechanical failure of the device. The Official Apple Way of getting a stuck disk out of a drive is:

- Crack open the machine
- Remove the optical drive
- Take the drive apart
- Take the disc out
- put the drive back together
- put the machine back together

If they're going to used these damned drives, they need to make them easy to remove like the Ultrabay on the ThinkPad. Its asinine in the extreme to require the whole machine to be taken apart just to get to the optical drive.

The last thing I dislike about the way Apple builds machines is the way they use screws. Apple is in love with #0 Phillips head screws. Its damned near all they use (except for the ones in the MacBook Air, which are even smaller). #0 screws are insanely easy to strip, and once they are, they are very difficult to extract. Screws that ought to be captive arent. That sort of thing. I'm working on a notebook here guys, not a fscking swiss watch.

It seems to me like they design them to look pretty first and foremost, and somewhere around 10th on the list they might think about how it will actually be used if they remember to.

Anyway, rant over. Carry on about your business, citizens.

Date: 2008-09-05 12:21 am (UTC)
From: [identity profile] mattcaron.livejournal.com
Ah, see, that was not what I meant by "build quality". When you say all the above (certainly valid, because it is a royal PITA to change the hard disk even on the TiBook. I know - I got the missus a 120GB HDD for Christmas), I think "ease of serviceability"

Date: 2008-09-05 12:34 am (UTC)
From: [identity profile] laptop-mechanic.livejournal.com
Well, since I have to do it for a living, to me "build quality" is the whole picture. How well a machine is designed, how well it is constructed, and how easy it is to service. Your milage may vary.

Date: 2008-09-03 03:37 pm (UTC)
From: [identity profile] the-s-guy.livejournal.com
It can be useful sometimes to add a section to the corporate wipe-and-rebuild script which rummages through a PC's hard disk, ignores any file which is corporate software or in a known cache/temp directory, and backs up N megabytes of everything else starting from the smallest remaining file (thus videos and other huge files are unlikely to be backed up).

The backed-up files then sit in a hidden location on one of the file servers and are automatically deleted after a month to free up space. However, it does occasionally allow techs to perform seemingly magical feats of document restoration after a disk wipe... or have a record of things that a user may not wish known >:)

Date: 2008-09-03 03:39 pm (UTC)
falnfenix: A dark purple horse with a pale purple mane snorts ice crystals into the air. The background is dark blue. Beneath the horse's head is the word SKYDANCER. (Default)
From: [personal profile] falnfenix
our users are too dumb to hide things...like the guy with bestiality porn on his iTunes list.

which gets broadcast to any nearby iTunes client.


...yeah. it was fun when one of our faculty members discovered it on his computer, thinking he'd been hacked. the poor man was mortified to find it on his work computer.

Date: 2008-09-04 05:57 am (UTC)
From: [identity profile] billysapphire.livejournal.com
We do the same. It takes 10 mins to reimage, days to clean it up.

Date: 2008-09-03 02:41 pm (UTC)
From: [identity profile] bamatone.livejournal.com
Yeah, I've had quite a few Antivirus 2009 headaches the past few weeks. Meh.

Date: 2008-09-03 02:58 pm (UTC)
From: [identity profile] toxico.livejournal.com
Same here. We usually have the main infection caught and removed before it can write the majority of its registry values, but the detection happens over and over again.

Date: 2008-09-03 03:07 pm (UTC)
From: [identity profile] firon.livejournal.com
I completely feel you pain! I've so far only had two users who fell for installing that crap, one who got the "Ad" and nearly installed it, but thankfully asked me first.

FYI, I've found one anti-spyware that was able to remove it and was free.

malwarebytes.org

Date: 2008-09-03 03:09 pm (UTC)
From: [identity profile] barbituratecat.livejournal.com
Uuuggh, I HATE AV'09. Mainly because people will get it on their systems and then expect us to remove it for them. Uhm, no, I'm not rooting around in your registry files, I'm an ISP tech. Get thee to a PC tech who specializes in virus removal, although they'll probably just wipe your system and reinstall everything, anyways...

Date: 2008-09-03 03:17 pm (UTC)
From: [identity profile] toxico.livejournal.com
Sadly, around here I'm that guy. At least I get to close the door and refuse all other requests when I'm working on someone's system.

Date: 2008-09-03 03:55 pm (UTC)
From: [identity profile] barbituratecat.livejournal.com
See, if I had to do it with the actual system in front of me, that would be fine.

But I work over the phone, it just doesn't work. We can send them a link with manual removal instructions or a removal program, but that's as far as we go. Some of these people don't even know what a 'Start' button is, I wouldn't trust them not to delete key files once they get in to the registry :(

Date: 2008-09-03 03:57 pm (UTC)
From: [identity profile] mouser.livejournal.com
Spybot S&D (1.6) has killed both hits I've had to deal with.


My personal hatred is Smit-C. If I ever find THAT author, we're going to reenact some scenes from the various "Saw" movies.

Date: 2008-09-03 05:36 pm (UTC)
From: [identity profile] firon.livejournal.com
Oddly, Spybot was the first thing I tried and, while it fully detected the infections and said it was going to remove them, on a reboot the infection was still there.

Same result on a user's personal machine he tried it on at home.

Date: 2008-09-03 07:34 pm (UTC)
ext_130371: (lose an eye)
From: [identity profile] ravenofdreams.livejournal.com
As much as I generally love Spybot, I have to agree here. Even with the latest updates, Spybot just says that it's getting rid of it, and does nothing really.

Date: 2008-09-03 08:41 pm (UTC)
From: [identity profile] yanni85.livejournal.com
The automated removal is alright in spybot. What I use it for is the advanced features. Remove the startup item and if that doesn't work, root through the running processes for the specific file and kill it, or even just the module using the file. Great stuff.

Date: 2008-09-03 10:46 pm (UTC)
From: [identity profile] mouser.livejournal.com
I recall deleting the directories Spybot found and fixing the background display manually while it was running. Might have been why - I did a search for things that were close too...

Date: 2008-09-03 11:25 pm (UTC)
From: [identity profile] ace-brickman.livejournal.com
heh, AV09 told me it was malware and was preventing SB from loading. It then directed me to its website

Date: 2008-09-03 04:40 pm (UTC)
From: [identity profile] emerald-embers.livejournal.com
Sods law, second I read this, my first helldesk call is from someone who's caught Antivirus 2009 :).

Date: 2008-09-03 06:37 pm (UTC)
From: [identity profile] misfit4leaf.livejournal.com
I work with corporate lusers, and when I ask them if they've installed anything new recently, they swear up and down "just stuff they got from www.$corporatesite.com!" *stabby*

But, it's not my job at this level to remove it, so I just transfer away. I hated spyware removal at my old job.

Date: 2008-09-03 11:26 pm (UTC)
From: [identity profile] ace-brickman.livejournal.com
Log & escalate FTW!!
Our company just decided to go that route with our tier, but not soon enough for me to hurt my head on a couple attempts at cleanup

Date: 2008-09-03 11:34 pm (UTC)
From: [identity profile] misfit4leaf.livejournal.com
:D

Sometimes the stuff I have to escalate makes me want to hurt myself (I'm paid to be a tier 2 agent but I do tier 1 support...go figure), but the spyware removal is definetely not missed.

Date: 2008-09-03 07:32 pm (UTC)
ext_130371: (lose an eye)
From: [identity profile] ravenofdreams.livejournal.com
oooh, yeah, I could do some truly terrible things to those bastards. I get new ideas every time cleaning it off effs the recycle bin.

On the plus side - MalwareBytes' Anti-Malware kills it, and faster than nuking from orbit.
Edited Date: 2008-09-03 07:33 pm (UTC)

Date: 2008-09-03 10:34 pm (UTC)
From: [identity profile] pixilated-serra.livejournal.com
oh man I've had to deal with this one enough lately! So I got annoyed and sent out a Corp wide email telling people not to click INSTALL if anything pops up and that we are managing the AV and to email Helpdesk if they get the popup. And I think people even read my email!

Date: 2008-09-04 02:01 am (UTC)
From: [identity profile] freezer.livejournal.com
ComboFix will get rid of it a treat. It'll take a couple of other settings with it, but still...

Date: 2008-09-04 09:23 am (UTC)
From: [identity profile] xjems.livejournal.com
ooooh hot Kasumi =)

Date: 2008-09-04 02:13 am (UTC)
ext_23563: (deleted)
From: [identity profile] vampireborg.livejournal.com
I get to try to fix that one over the phone. With 13 year-old who just got a BRAND NEW SCHOOL ISSUED LAPPY to do their online classes. And not actually active yet McAfee because $MEGA_CORP_EDU didn't get the product keys until after the laptops had shipped. It's awesome only not.

Date: 2008-09-04 02:29 am (UTC)
From: [identity profile] laptop-mechanic.livejournal.com
Heh. the .EDU I work for has a site license for the corporate version of McAfee, which is thankfully key-less. Students wanting to use it have to be smart enough to remove their existing AV software first tho. Guess how often THAT happens.

Date: 2008-09-04 02:40 am (UTC)
ext_23563: (Default)
From: [identity profile] vampireborg.livejournal.com
Um, my guess is NEVER? At least they have the key.

But I had the cutest baby!geek earlier on the phone today -- "I hit ctl-alt-del and kill the
process but it STILL crashes!" His IE was crashing, got him to go to 7 and it seems to work now. :D Kid was about 13. It gives me home for the future of geekdom.

Date: 2008-09-04 02:37 am (UTC)
From: [identity profile] docskurlock.livejournal.com
I've successfully used ComboFix to remove this, but it does mess with the profile. Ran it one time and it removed the virus alright, but it completely clobbered the user's profile (home user). Had to create a new profile and go from there. Spybot does a pretty decent job too. If you get permissions errors, use Dial-A-Fix to correct those.

Date: 2008-09-04 11:50 am (UTC)
From: [identity profile] jenaiabird.livejournal.com
concurring w/ [livejournal.com profile] ravenofdreams we've been getting hit with AV 2009 and its related bastard relatives (AV XP AV Vista AV 2008, etc) on a somewhat regular basis the last month or so... probably about 3 or 4 reports a week. MalwareBytes Anti-Malware clears out all instances of it in one fell swoop; tho we scan a 2nd time to be safe. No registry hacks, running in safemode, no profile alterations, etc required. We've downloaded the "trial" install; copy it from network onto infected machine, run the install and let it pull updates from the web; then scan and purge.

it seems to be spreading via email attachments being sent back and forth; but who knows? users see flashy things and click on them *facepalm*

the worst part, tho? I read a few Yahoo Groups and for about 2 weeks they had banner ads advertising "Virus Scaner Antivirus XP 2008" made me want to claw my eyes out!

Date: 2008-09-04 01:02 pm (UTC)
From: [identity profile] wignersfriend.livejournal.com
We had a string of these, even through an e-mail that pointed to an installer. We got a lot of people whose computers got into rebooting pretty badly, we had to go into recovery console and repair their boot sector.

I've found that Malware Bytes's Anti-Malware took care of this particular problem very quickly and otherwise painlessly for those who don't get borked boot sectors.
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only
Page generated Mar. 20th, 2026 07:18 pm
Powered by Dreamwidth Studios