Call Search
     

New to Ham Radio?
My Profile

Community
Articles
Forums
News
Reviews
Friends Remembered
Strays
Survey Question

Operating
Contesting
DX Cluster Spots
Propagation

Resources
Calendar
Classifieds
Ham Exams
Ham Links
List Archives
News Articles
Product Reviews
QSL Managers

Site Info
eHam Help (FAQ)
Support the site
The eHam Team
Advertising Info
Vision Statement
About eHam.net

   Home   Help Search  
Pages: Prev 1 2 [3]   Go Down
  Print  
Author Topic: Windows 7 SP1  (Read 7045 times)
KB0ASQ
Member

Posts: 102


WWW

Ignore
« Reply #30 on: May 19, 2011, 06:12:40 AM »

It's not a matter of accepting defeat or not.  When our billing rate is $85.00 an hour for a tech, at some point we have to do a cost/benefit analysis for the client.  If it takes and hour or two to reinstall, but it takes 4 hours to track down the problem, the client is going to take the former, not the later.
Logged

Allen KBØASQ
http://kb0asq.com
W8JX
Member

Posts: 6083




Ignore
« Reply #31 on: May 19, 2011, 08:05:59 AM »

It's not a matter of accepting defeat or not.  When our billing rate is $85.00 an hour for a tech, at some point we have to do a cost/benefit analysis for the client.  If it takes and hour or two to reinstall, but it takes 4 hours to track down the problem, the client is going to take the former, not the later.

If it takes four hours to trace problem down you are going about it wrong way. First thing I do is mount drive in a server to scan and repair infections This is far more effective than trying to repair it while booted from it. Then I use a tool to clean registry and rebuild boot info. You can usually fix/find problem and effect repair or declare it toast within a hour or less (Have not declared one toast for a while). While server is scanning drive I can do something else.
Logged

--------------------------------------
All posted wireless using Win 8.1 RT, a Android tablet using 4G/LTE/WiFi or Sprint Note 3.
KB0ASQ
Member

Posts: 102


WWW

Ignore
« Reply #32 on: May 19, 2011, 11:31:11 AM »

Yes, we have a pretty good procedure setup for virus removal.  I took a look at our tickets and over the last 2 years, we have had just shy of 400 machines that we had to remove malware/virus's from.  Out of those we only had to reload 4 machines.  That is a pretty good track record.  It usually only takes less than an hour of tech time to run through the procedure.

About 2 months ago, one came in and it had some malware that encrypted all word, excel and other common files.  We of course didn't have the cipher, so it was better to just reload and restore from a backup.

The current hot one is the "Windows Recovery" malware that changes all the common files in the programs directory to hidden.  Took an hour or two on the first one to come up with the recovery procedure.

We are always learning new ways to work on and prevent the infections, but I know better to say that I will always be able to remove a virus on a PC.
Logged

Allen KBØASQ
http://kb0asq.com
W8JX
Member

Posts: 6083




Ignore
« Reply #33 on: May 19, 2011, 04:17:57 PM »

It is a battle for sure but in a lot of ways the tools are better for that fight than 5 years ago. Some of this is because of evolution of software and other is hardware is much faster at processing virus scans and repairs.
Logged

--------------------------------------
All posted wireless using Win 8.1 RT, a Android tablet using 4G/LTE/WiFi or Sprint Note 3.
KB0ASQ
Member

Posts: 102


WWW

Ignore
« Reply #34 on: May 20, 2011, 06:12:18 AM »

Yes, I remember the first time I had to remove a virus.  Spent about 8 hours on it.  Don't remember which one it was, but it was a boot sector virus.  At that time Norton AV had just come out, so no one was running anything on their machines.  I had to remove it myself, no tools.

This week we had a 6 year old laptop and a 6 month old netbook come in from the same client.  He went to a website and infected the laptop, then went back to it with the netbook.  Go figure.  Anyway the netbook took about 15 minutes to clean.  The scans on the old laptop took 6 hours.  Just goes to prove your point that the new faster machines take less to clean up.

The latest "Windows Recovery" Malware can be a real bear to get rid of.  I don't know if it's different variants or how far it progresses, but on some of them it is not just marking files as hidden, it is moving them or deleting them.
Logged

Allen KBØASQ
http://kb0asq.com
W8JX
Member

Posts: 6083




Ignore
« Reply #35 on: May 20, 2011, 06:41:23 PM »

This week we had a 6 year old laptop and a 6 month old netbook come in from the same client.  He went to a website and infected the laptop, then went back to it with the netbook.  Go figure. 

I am not surprised. My wife infected a computer bad as a seemly generic site then went back to SAME SITE with another machine and got it hit too.

Anyway the netbook took about 15 minutes to clean.  The scans on the old laptop took 6 hours.  Just goes to prove your point that the new faster machines take less to clean up.

This is why I pull drives and mount them in a fast server to scan them as scan is only limited by drive speed rather than system.

The latest "Windows Recovery" Malware can be a real bear to get rid of.  I don't know if it's different variants or how far it progresses, but on some of them it is not just marking files as hidden, it is moving them or deleting them.

I had one. You must scan drive un-booted and then you need to wipe and repair boot info.
Logged

--------------------------------------
All posted wireless using Win 8.1 RT, a Android tablet using 4G/LTE/WiFi or Sprint Note 3.
W0BTU
Member

Posts: 1719


WWW

Ignore
« Reply #36 on: May 21, 2011, 11:11:33 AM »

My wife infected a computer bad as a seemly generic site then went back to SAME SITE with another machine and got it hit too.

What (if any) security software was installed on your wife's machine?
Logged

W8JX
Member

Posts: 6083




Ignore
« Reply #37 on: May 21, 2011, 05:57:24 PM »

AVG. When we cleaned it out we found it came in via a Java. I forget the name of it but it was nasty. She nuked another machine surfing for a TV series to watch and clicked on a "install view movie".
Logged

--------------------------------------
All posted wireless using Win 8.1 RT, a Android tablet using 4G/LTE/WiFi or Sprint Note 3.
W0BTU
Member

Posts: 1719


WWW

Ignore
« Reply #38 on: May 21, 2011, 06:07:21 PM »

Twice in the last month, Norton Internet Security (not free) has blocked malware web sites I tried to visit. Does the free version of AVG do that?

Regardless, I suggest you use Firefox with the NoScript plugin. That would help prevent what occurred.
Logged

W8JX
Member

Posts: 6083




Ignore
« Reply #39 on: May 21, 2011, 06:25:19 PM »

Twice in the last month, Norton Internet Security (not free) has blocked malware web sites I tried to visit. Does the free version of AVG do that?

Regardless, I suggest you use Firefox with the NoScript plugin. That would help prevent what occurred.

I have never had it happen to me and I use FireFox and have used NoScript plug in for a few years now. Wife used to use IE all the time but after last scare she is using FireFox now.
Logged

--------------------------------------
All posted wireless using Win 8.1 RT, a Android tablet using 4G/LTE/WiFi or Sprint Note 3.
KB0ASQ
Member

Posts: 102


WWW

Ignore
« Reply #40 on: May 26, 2011, 08:03:01 AM »

Had a nasty one come in this week.  It started with the "Windows Recovery" malware, which we cleaned off with no problem.

But apparently, that one downloaded another one.  When we got the initial malware cleaned, after about 15 minutes of being up, a Internet Explorer session would start using the -Embeded option.  You couldn't see it running unless you ran process explorer.  It would then go to some site that had audio ads.  All of a sudden your pc would start talking to you.

I think we have it cleaned up now, but I have it on the bench watching it just to be sure.
Logged

Allen KBØASQ
http://kb0asq.com
W8JX
Member

Posts: 6083




Ignore
« Reply #41 on: May 26, 2011, 08:13:04 AM »

IE it seem is more susceptible to attacks by design since it is deeply rooted in OS and by nature hackers tend to go after the biggest players too for most impact. I only use IE at a few business sites that require IE because of .net programming. That aside I use FireFox on 32 bit machine or Nightly on 64 bit ones (nightly is FireFox's 64 bit beta)
Logged

--------------------------------------
All posted wireless using Win 8.1 RT, a Android tablet using 4G/LTE/WiFi or Sprint Note 3.
Pages: Prev 1 2 [3]   Go Up
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!