Reply to: Rootkits

Agreed. Or a temporary server could be built quickly to take the strain while a "proper" job was done.
Another model is this ...

Viruses mmmm, ok well I can spend 2 hours removing them @ £60 or reinstall the OS for £30

To be honest in an enterprise environment, if a server is riddled with malware; I'd recommend it was decommissioned and restarted from scratch. Especially if rootkits are suspected...

Thanks for the insight

I'll often turn jobs like this down these days, as everyone knows a geeky teenager nearby who'll offer to do it for a tenner, so when I say it's likely to cost (even a modest) £50 these sort customers tend to turn green and go elsewhere. If they don't, and the job turns into a nightmare, then I could end up spending a hell of a lot of time for practically zilch return.

It was a batch of 'black screen of death' (vista boot), blue screen on boot and boot-loop jobs that put me off

I rarely found the 'charge an hour, spend 20 minutes' jobs!

Anyway, I'm glad this model is working for you.

Only an hour. Not really fair to ask the customer to pay for the time I spent fixing my equipment (monitor blew up, PC died etc etc. Had a day of it. Also this virus had me stumped so spent quite a bit of time googling.

The thinking is this. By attracting this sort of work I am making connections locally and picking up bigger jobs (this is actually working, I picked up a big server upgrade job after doing a good job for someone removing a virus)

Also, it does keep you current. Imagine if I was called out to de-ming a server riddled with viruses, experience counts.

Major loss on this job financially speaking, but knowledge gained and also a feeling of job satisfaction. Also the chap was well chuffed, understood it had been a sod and said there may well be further jobs in the pipeline from other family and friends (I beleive this, I try and see the good in people)

Other jobs go smoothly and what is billed as an hour can sometimes be done in 20 minutes, if things go your way. Comme si comme ca. It's when you stop trying you have real problems.

May I ask, how much did you charge local customer for this?

I find these sorts of jobs very time-consuming, so charging even £25 per hour can make for a hefty bill.

Fixed it for you...

Fixed. Came close to reinstalling the OS, but persevered.
I used the latest Ultimate Boot CD with XP slipstreamed into it to give a lightweight OS to allow me to run the tools. The machine itself has one of those annoying NVidia all in one chipsets so windows did not pick up the network. I switched to a laptop and put Clients HDD in an IcyBox (well Maplins equivalent)

I ran superantispyware and cleaned up all the crap. Then I let malware bytes and avg free take a peek. Also sophos anti rootkit and blacklight.

All clean.

I rebooted the machine, and the same problem occured.

I checked again the browser addons, all disabled.
I ran process explorer and there was a google updater service running (part of the google toolbar I had disabled)

I uninstalled google toolbar, then blitzed the machine again in the icybox.
Then rebooted. Problem has gone away, and after some heavy surfing it is still all good.

I then patched it, defragged it and fixed the DVD codec issues.

What a flaming palaver.

Them rootkits look horrid. What is stop any viruses using same techniques to hide processes, change bootstrap, sit in bios etc?

That's a very dangerous claim to make...

(Unless of course we're talking full wipes etc, and even then...)

eh? How can adding extra memory 'push it over the edge' ?

Are you saying it can't power the new memory?

Hi,
take the disk out of said machine or boot from a live disk distribution of linux with avgfree added. Now you are protected from the crap that has owned the box, and you can scan the disk to your hearts content knowing no wintel code can run. The story I hear from a number of guys is that most of the good stuff these days will own your AV software in order to hide itself. So once the machine is owned anything loaded to try and sort it out is compromised before it loads. spyware guard and spyware blaster are also very good

good luck

My dear old 75 Year old mum has just had one of these work from home pc defenders come to her aid.

She complained that her machine was slow
so he investigated. Said her Norton was out of date, uninstalled it and stuck on Bitdefender. He then took a couple of apps off and said she needed additional memory. So he's upgraded that. Not expensive but £80.

She's on the phone saying it's getting really hot and now cutting out.

Frankly the guy who did it is a ******* idiot.

The reason. The laptop is at least around 10-12 years old. She's recently added skype and the spec is
low. Adding extra memory has pushed it over the edge.

I would have got her to buy a new laptop, because now
she's spent 80 and is heading back tomorrow. He won't get it fixed.

That's the problem with these stay at home PC vigilantes, they'll keep on struggling to fix stuff, charging away when in truth the best option would be to
flog them a new laptop and make cash that way.

Might be useful too.

Just spotted another thing to try - ComboFix

Thanks HAB, will look into that one.