Spyware Horror Story: Once is enough
Published by Aaron; Arlington, Texas
My dad and I run a little tech support place for our neighborhood (we work for food). We have seen some nasty things around this area, but this next story is the worst. One of our family friends came over with her computer, telling us it was a "little" slow. So, we dragged my huge 17-inch CRT monitor with built-in speakers across the house to our little shop (not fun) and turned on the infected computer. We waited and waited until it finally loaded.
She (the family friend) had Ad-Aware loaded at the time, so we ran it, only for it to crash. At this point, we should have given up and just nuked the hard drive with a little Department of Defense-level program that writes zeros to every cell on the drive three times. But we didn't, and rebooted the computer in Safe Mode.
We then took a look at Ad-Aware and noticed that it hadn't been updated in a year, but we ran it anyway. Over 10,000 infections were picked up on an outdated program. At this point, we toyed with the idea of just taking out our gun and putting the PC out of its misery, but figured the owner wouldn't like that very much. So we tried to fix it.
Three days later, we had gotten a little less than halfway through, so we call her and asked if she had her Windows XP disk. She brought it over and we completely nuked the hard drive, reinstalled Windows, installed Spybot - Search and Destroy, the current Ad-Aware version with its up-to-date definitions, and Zone-Alarm. We scheduled Ad-Aware to run every week. Now we refuse to help the lady anymore. Once was more than enough.
Editor's response
First the process, then the politics. Process: Adding a firewall and scheduling scans was a good plan. We hope you also enabled the programs to auto-check for updates (where offered) and warned Mrs. X what to look for in an update notification, lest she ignore it again. We would have swapped Spybot - Search and Destroy for AVG Anti Virus Free Edition's more comprehensive and robust malware shield, however. The real-time protection, antivirus and antispyware engine, and URL link scanning are far more reliable than the classic Spybot, which was buggy in some of our tests. In Spybot's defense, it does possess an ambitious and useful feature set and is recommended as a suitable backup application for spyware removal.
Now the manners: Since good, free computer help is so hard to find, it's a shame that Aaron's family friend charred her bridges. That's a relationship a novice should nurture with everything they've got. I wonder if more planning on her part and a greater show of appreciation might have helped forefend her blacklisting.
In an ideal world where everyone lives by a shared code of computing engagement, Mrs. X would have already assembled her installation and program disks, power cords, and a peace offering (mound of home-made cookies, a favorite libation) into a tidy package for the father-son duo as acknowledgment of her volunteer laborers' valued time.
A more likely scenario is that Mrs. X was unaware of the tacit requirements and solely relied on her helpers for guidance. Aaron and his father could have saved themselves some time by counseling Mrs. X to back up what she could and bring the critical disks along with her PC before dropping off her computer.
While a gift certificate to a restaurant or electronics store is always in order as a thank-you--your friends did just save you hundreds of dollars, after all--it might have also helped weakened some of the pair's prohibition against future help. Perhaps Mrs. X did lavish her repairmen with gifts--Aaron didn't say--and Aaron and his dad are unfairly making her a scapegoat. At the first hint of what the two were up against, they could have--and turns out, should have--pulled the plug on their repair efforts and reinstalled the hard drive, saving themselves untold aggravations until they eventually lit upon that course.
Either way, the world needs more volunteer repairmen like Aaron and his dad, and fewer infections as time-consuming as Mrs. X's.
Jessica Dolcourt reviews the latest and greatest smartphone apps, in addition to a healthy dose of Windows software. E-mail Jessica and follow her on Twitter. 
Also, NEVER expose a system direct to the Internet if you don't have to. A NAT'ed firewall is the minimum setup someone should use for their home network. No point in asking for trouble.
And lastly, look at what appranger does in comparison to most of the "major" AV / AS vendors. White Listing vs Black Listing is the next big leap in AV/AS software.
Hmmm, perhaps they are disgruntled, because she did NOT feed them as they expected? After all they work for food.
Or could it be that she FORGOT to tell them NOT to waste 3 days trying to clean her system!!!
The fact that she knew nothing about computers is NO excuse for NOT giving them such sage advice.
The family friend is still to blame, because Aaron had to carry that heavy monitor across the house to he workspace.
Did the lady have no shame?
Just because she did NOT know Aaron had a heavy CRT monitor.....
just because she did NOT know he would have to lug it across the house to the workspace to work on her computer .......
IS NO EXCUSE for her NOT doing something about those things to help poor, overworked Aaron out.
Talk about a couple of whiners, geez. Oh and why in the world CNET felt this was a horror story is beyond me.
The "family friend" was NOT ungrateful based on what Aaron wrote, rather he and his dad did a terrible disservice to this woman.
First off with that kind of overwhelming infection, rather than trying to "clean" the system and waste 3 days of everyone's time, they should have instead asked th lady to take some time and save the "IMPORTANT DOCS and DATA" to a second drive, before doing a thing.
If she didn't have one, than they could have directed her to the nearest store and told her to buy a 1gig flash drive.
I think I can safely infer from the story that doing this sort of simple back up was within the family friend's ability.
THEY NEED TO ASK HER TO DO THOUGH.
Once that data was isolated, THEN the infected drive could be wiped and the operating re-installed.
A re-install is easy and really involves little work beyond the initial instructions to the computer.
After that the computer does all the work.
Then or while it was being wiped they could scan the flash drive for various malware and clean up her the documents and data she valued.
While doing that, a tech can keep an eye out for any prompt that comes up on the computer while the re-install happens.
Then once the drive was back to its original state, and the flash drive cleaned of malware, they could both be given back to the family friend.
This should have taken no more than few hours, of which the actual working time for Aaron and his dad would probably have been less than an hour. The rest of the time would mostly involve monitoring the re-install for prompts, and clicking yes or no.
IF THEY RESENT PEOPLE ASKING FOR HELP SO MUCH, THEY SHOULD NOT OFFER IT.
THE ONLY ONES TO BLAME ARE AARON AND HIS DAD for being so stupid and pretentious.
They clearly were in over their heads, but decided to try to clean the system, no doubt in an effort to see what they could learn.
3 DAYS LATER THEY REALIZED it was way too much for them, AND shucked their efforts.
What I do NOT get NOR condone is somehow blaming the family friend for their stupid dicision to try doing it the hard way first!!!
The only horror in this story is in regard to the supposed neighborhood tech shop Aaron and his dad run.
They give computer geeks a bad name, and should NEVER offer their expertise to anyone again.
Hmmm, perhaps they are disgruntled, because she did NOT feed them as they expected? After all they work for food.
Or could it be that she FORGOT to tell them NOT to waste 3 days trying to clean her system!!!
The fact that she knew nothing about computers is NO excuse for NOT giving them such sage advice.
The family friend is still to blame, because Aaron had to carry that heavy monitor across the house to he workspace.
Did the lady have no shame?
Just because she did NOT know Aaron had a heavy CRT monitor.....
just because she did NOT know he would have to lug it across the house to the workspace to work on her computer .......
IS NO EXCUSE for her NOT doing something about those things to help poor, overworked Aaron out.
Talk about a couple of whiners, geez. Oh and why in the world CNET felt this was a horror story is beyond me.
The "family friend" was NOT ungrateful based on what Aaron wrote, rather he and his dad did a terrible disservice to this woman.
First off with that kind of overwhelming infection, rather than trying to "clean" the system and waste 3 days of everyone's time, they should have instead asked th lady to take some time and save the "IMPORTANT DOCS and DATA" to a second drive, before doing a thing.
If she didn't have one, than they could have directed her to the nearest store and told her to buy a 1gig flash drive.
I think I can safely infer from the story that doing this sort of simple back up was within the family friend's ability.
THEY NEED TO ASK HER TO DO THOUGH.
Once that data was isolated, THEN the infected drive could be wiped and the operating re-installed.
A re-install is easy and really involves little work beyond the initial instructions to the computer.
After that the computer does all the work.
Then or while it was being wiped they could scan the flash drive for various malware and clean up her the documents and data she valued.
While doing that, a tech can keep an eye out for any prompt that comes up on the computer while the re-install happens.
Then once the drive was back to its original state, and the flash drive cleaned of malware, they could both be given back to the family friend.
This should have taken no more than few hours, of which the actual working time for Aaron and his dad would probably have been less than an hour. The rest of the time would mostly involve monitoring the re-install for prompts, and clicking yes or no.
IF THEY RESENT PEOPLE ASKING FOR HELP SO MUCH, THEY SHOULD NOT OFFER IT.
THE ONLY ONES TO BLAME ARE AARON AND HIS DAD for being so stupid and pretentious.
They clearly were in over their heads, but decided to try to clean the system, no doubt in an effort to see what they could learn.
3 DAYS LATER THEY REALIZED it was way too much for them, AND shucked their efforts.
What I do NOT get NOR condone is somehow blaming the family friend for their stupid dicision to try doing it the hard way first!!!
The only horror in this story is in regard to the supposed neighborhood tech shop Aaron and his dad run.
They give computer geeks a bad name, and should NEVER offer their expertise to anyone again.
In any case, it sounds to me like the people in the horror story accepted a job they weren't prepared for, or that they thought would be easier and quicker than it was - one of the crappy computer shops in my hometown does similar things on a regular basis, and now probably a full third of my best customers are ones he has burned in a similar manner to the story.
What the "tech" guys in the story failed to acknowledge was that no matter how much protection you put on a computer, the uneducated user is the worst enemy, much worse than the worst spyware out there. Often, even a few basic hints on how to be safe and avoid infections is much more effective than the best anti-virus or anti-malware program.
I would like to sidestep the whole argument over which security products are best - each one has different strengths or weaknesses, and may also vary considerably between versions. I have found that usually, the best technique is to know your security products and their strengths and weaknesses, and use the right tool for the job - on a system such as the one described, if I decided it was better to try and clean it than backup, wipe, and reinstall, I would generally use at least two or three, and possible many more security products, taking advantage of what each does best. This also helps make sure that something bad isn't missed by using just one product.
My first step in a situation like this would normally be to use a Linux live CD to boot the system and image the hard drive to an external backup, and also to copy the user's files to a backup medium. This way, you have backups of the user's data in case of either accidental deletion or if a reinstall is determined to be necessary. I prefer a simple distribution called RIP (Rescue Is Possible) Linux, designed especially for rescuing damaged Windows systems, but there are many others available, or your could even use a second hard drive with Windows installed to access and clean/repair the infected installation.
I generally prefer the free security products, such as AVG, AntiVir, or Avast - mostly because most of my customers in this type of situation are home users that can barely afford the computer, never mind the repair bill. Although I usually try to get them to purchase the paid versions of the products if they can. Spybot is one of the better malware removal programs I have used, although it's limited detection set means that it should never be used alone. The immunize feature is very useful for helping prevent future problems. However, even though it has improved with the most recent version, I usually turn off the "Teatimer" system settings protection feature, as it still lacks some necessary functionality.
One more hint - Use spybot's advanced features to disable as many startup programs as possible, clean ALL temporary files from ALL user accounts, disable system restore, and use safe mode to create a new temporary user account to run all your malware removal scans from. Not only will this greatly speed up the scanning process, but will often take many threats with it, as many of the common threats reside in these places.
In any case, I hope this comment helps someone out there better understand spyware removal, and maybe customer service in the home user information technology field too.
Well for my opinion, when i face problems like this before the days of Ubuntu Hardy Heron, i slave the drive, then backup all the required documents and files to a flash drive or CD, then i reformat and replace the documents after scanning them. I think that method is much easier and less time consuming. With Ubuntu 8.04 around now, all i do is install ubuntu in a small partition on the hared drive, so i can easily copy out the required files, then i reformat the hard drive and restore the files after scanning them. I think these steps are much easier. For antivirus on windows machine, i prefer Avast free. I think its less resource hungry and really does a nice job detecting viruses.
I also have been doing PC support for a long time (17+ years), no one tool stands up as the best for long, as the virus and spyware writers adjust their pests far faster than the cleaning tools can be changed.
In the realms of free tools SpyBot and AdAware are ok, as is AVG, but if you want good antiSpyware coverage you have to spend some cash, my preferences are SuperAntiSpyware and the even better SpywareDetector, both about $20 or £12, which is a bargain. Even these fail to find some nasties, the biggest bane is RootKit viruses, for that I use only 1 tool Radix Antirootkit, which is also free, any badly infected PC, or repeate infection, is almost certainly going to have a RootKit installed, this finds and removes them, allowing a proper clean with the normal tools.
Linux boot disks/installs, slaving hard-disks, UBCD are all good fixes, but can be awkward, and can cause as many problems, most certainly they will eat up many hours tedious work. I keep all the above on a CD and USB stick drive, allowing me to carry and access them in any situation, I also have a linux bootable USB drive, but have never needed it.
If you are going to do PC repair, whether for cash, food, favours or just because your nice, be prepared for many frustrating hours of work, but if you have good tools, easily available, you can save yourself alot of sweat and tears.
Don't blame the average PC user, most people are lost beyond running programs, a few know a little (and a harder to deal with as a result), some know alot, but run out of ideas, the truelly good stay calm, professional and see a job through with no bad feelings AND educate the users as to how to try avoiding similar problems in the future
"So, we dragged my huge 17-inch CRT monitor with built-in speakers across the house to our little shop (not fun) and turned on the infected computer."
If he works on computers that much, shouldn't he have a separate monitor set up for the purpose? Are we expected to believe that this computer-guru takes his own computer's monitor for three days to try and fix a friends pc? And if it's not his only monitor, why is it not already set up in his workshop from the last bit of tinkering? Last but certainly not least, why does he find it necessary to whinge about moving a 10kg box a few meters? Jeez, man, lay off the pizzas and do some crunches!
"Now we refuse to help the lady anymore."
Something tells me a whiny little wannabe computer geek wouldn't have the stones to refuse a family friend. He would spend most of his life avoiding confrontations, not starting them.
We must take into account the user lack of software understanding AVG is working on the problem to it defense . A Test would be to take 10 PC with each there own type of anti virus spybot software than effect them with bugs testing each one re ponce to the infection. than report them to tech support of each anti virus company telling them were they failed . Most Customers a think PC should fix and take care of it self.
- by inveritasfindme August 22, 2008 8:47 PM PDT
- Thats anything but an example of the worst infestation of spyware i can imagine. Malware can steal your credit card info, personal info, and anything else on your computer. Mrs X lost her data, but not her identity. That stuff happens and until someone can see that it already might have there is nothing you can do to convince them to start being secure.
- Reply to this comment
-
Showing 1 of 2 pages (30 Comments)