As someone that worked in a PC shop, all we ever did for a solution was run a virus scan, format then reinstall Windows. It usually fixed 99% of the problems and you payed us a nice, fat sum for it.
The lazy fuck ran a virus scan just to show the customer that there was a virus. You missed the point of his post - he just flat out told you how he would intentionally screw customers and get paid.
I'll bet the "PC shop" he worked for was Geek Squad. So yes, someone likely did explain the basic concepts to him: do as little work as possible, charge as much as possible, rinse, repeat.
So, that guy seems like a douche, but I did basically the same when working at a repair shop. Run scan to find proof of virus infection. Format & reinstall for 100% reliable malware removal. Anything less than format was about a 50/50 as to whether you really removed ALL of the malware. Nuke it from orbit. It's the only way to be sure.
To be fair, it's less work for everyone involved to format and re-install, even if you can manually fix something major. And with a Windows box you'll probably have to re-install sometime in the next 5 years anyways.
Reinstall? I think it would probably take me months to re-install all my programs, fight with the companies that have "activation" while attempting to explain why I need to re-active the old program, maybe $100's or $1000's to re-purchase the software where I was unsuccessful at fighting with the companies that have the "activation" nonsense, re-install stuff, and just generally get my computer back to the way it was. I have LOTS of stuff on my computer - my backup file is around 800 Gb, and it doesn't
Reinstall? I'd rather buy a whole new computer and start from scratch, and that's saying something since this one is high-end and cost near $4K to build 3 years ago.
This Winlink [winlink.org]? It looks like there are plenty of options. Even so, slapping it in a vm that you can snapshot and maintain would be way less work then maintaining your behemoth pc.
The client software absolutely has to do Winmore and Ardop, and you can see that the only one that does is the Windows software.
Then of course there is the other Windows-only stuff like my Nikon camera utilities, Photoshop Elements, Office 365 (did they make it Linux yet? Maybe... don't want to lose VBA), and so forth.
Since I have a mortally wounded computer from the last Wi
When you decide to throw away your $4,000 computer to solve your Windows glitch, can I have it? I'll actually come to your house and pick it up, if you live in North America.
I'll have both the crippled computer & the new linux computer simultaneously. If I can get the new linux computer to do what I want, I'll likely convert the old one to linux too, except it'd likely be several years of learning and experimentation to get the windows software to cooperate so the old computer might really be obsolete by then anyway. Anyway, I'd find a way to sell it as parts... 850 watt PS, 32Gb ram, core i7, blue ray burner, etc.
by Anonymous Coward writes:
on Friday June 29, 2018 @04:03AM (#56863988)
Security Program Manager, Microsoft Corporation
I Got Hacked, What Do I Do? https://technet.microsoft.com/en-us/library/cc700813.aspx
So the parent was modded up before, suddenly it gets modded down. Really slashdot moderation has been trashed recently. It's worth saying why this was the money post. The only post in the whole thread which really mattersL:
The key quote you have to follow is:
The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications). Alternatively, you could of course work on your resume instead, but I don’t want to see you doing that.
But it's the bit before that which really matters:
You can’t clean a compromised system by using a virus scanner. To tell you the truth, a fully compromised system can’t be trusted. Even virus scanners must at some level rely on the system to not lie to them. If they ask whether a particular file is present, the attacker may simply have a tool in place that lies about it. Note that if you can guarantee that the only thing that compromised the system was a particular virus or worm and you know that this virus has no back doors associated with it, and the vulnerability used by the virus was not available remotely, then a virus scanner can be used to clean the system. For example, the vast majority of e-mail worms rely on a user opening an attachment. In this particular case, it is possible that the only infection on the system is the one that came from the attachment containing the worm. However, if the vulnerability used by the worm was available remotely without user action, then you can’t guarantee that the worm was the only thing that used that vulnerability. It is entirely possible that something else used the same vulnerability. In this case, you can’t just patch the system.
Below there are people proposing reverse engineering the malware and then, if you know what it does, you can clean it up by reversing that. However, one thing most malware does is open up to the network and let the malware authors do what they want, so even if you know what this malware does you don't know what all malware does. Anything more could have happened to your system.
Reinstall from original installation media and pray to god that your system's onboard firmware is not compromised.
Reinstall from original installation media and pray to god that your system's onboard firmware is not compromised.
Sadly today that last part is also very significant. Thanks to the mess of modern infrastructure like UEFI, everybody's device having embedded functionality that can be updated, and processors-within-processors, it's basically impossible to ever fully trust a system that has been compromised now, no matter how drastic your recovery procedures might be. Of course, for similar reasons it's also basically impossible to trust a system that you don't know has been compromised either. Security in modern tech is broken, and the tech industry and security services broke it.
But it's the bit before that which really matters:
You can’t clean a compromised system by using a virus scanner. To tell you the truth, a fully compromised system can’t be trusted. Even virus scanners must at some level rely on the system to not lie to them. If they ask whether a particular file is present, the attacker may simply have a tool in place that lies about it.
That why you don't try anything from within the compromised system. Either you try all your effort from a known clean bootdisk (CD, USB stick, etc), or even better, you disconnect the drive and connect it to a known clean machine.
A non compromised OS will not lie about what is on the disk of another system, even if that other (non-currently running system) happens to be compromised.
(The sole exception being malware like ransomware that encrypt your data. Then nobody except the hacker holding the decryption key can read that disk).
Reinstall from original installation media and pray to god that your system's onboard firmware is not compromised.
Well, the attack of firmware (UEFI) or "management chips" running their own firmware (Intel ME engine and co) is indeed an entirely different level of scary.
And given the almost total disappearance of socketed flashchips to hold these firmwares, any chance to recover from that becomes bleak.
Even virus scanners must at some level rely on the system to not lie to them.
Kaspersky provides a Live CD rescue disk. I have had luck with it in the past. But even with a live CD, you have to know a good deal about both the target system and the malware.
All great discoveries are made by mistake.
-- Young
Nuke & Pave (Score:0)
How about you *don't* go to their forum and instead format everything and start again.
Re: Nuke & Pave (Score:1)
Security Program Manager, Microsoft Corporation
I Got Hacked, What Do I Do?
https://technet.microsoft.com/en-us/library/cc700813.aspx
Re: (Score:2)
I'm amazed at how they still haven't managed to load antivirus software before the viruses.
It's what, 2018 now?
(and also amazed that Windows "safe" mode still loads everything in the "run at startup" registry key... safe or otherwise)
Re: (Score:2)
As someone that worked in a PC shop, all we ever did for a solution was run a virus scan, format then reinstall Windows. It usually fixed 99% of the problems and you payed us a nice, fat sum for it.
Re: (Score:2)
Why bother with a virus scan if you're going to format? Did nobody explain even the basic concepts to you?
Re: (Score:2)
The lazy fuck ran a virus scan just to show the customer that there was a virus. You missed the point of his post - he just flat out told you how he would intentionally screw customers and get paid.
I'll bet the "PC shop" he worked for was Geek Squad. So yes, someone likely did explain the basic concepts to him: do as little work as possible, charge as much as possible, rinse, repeat.
Re: (Score:3)
Re: (Score:3)
To be fair, it's less work for everyone involved to format and re-install, even if you can manually fix something major. And with a Windows box you'll probably have to re-install sometime in the next 5 years anyways.
Re: (Score:2)
Reinstall? I think it would probably take me months to re-install all my programs, fight with the companies that have "activation" while attempting to explain why I need to re-active the old program, maybe $100's or $1000's to re-purchase the software where I was unsuccessful at fighting with the companies that have the "activation" nonsense, re-install stuff, and just generally get my computer back to the way it was. I have LOTS of stuff on my computer - my backup file is around 800 Gb, and it doesn't
where do you find the time? (Score:1)
Your reply seemed like an incredible hassle.
Re: (Score:1)
Reinstall? I'd rather buy a whole new computer and start from scratch, and that's saying something since this one is high-end and cost near $4K to build 3 years ago.
A fool and his money are soon parted.
Re: (Score:2)
Re: (Score:2)
No, not that one, that's gateway software. I need client software. These are the available clients:
https://www.winlink.org/Client... [winlink.org]
The client software absolutely has to do Winmore and Ardop, and you can see that the only one that does is the Windows software.
Then of course there is the other Windows-only stuff like my Nikon camera utilities, Photoshop Elements, Office 365 (did they make it Linux yet? Maybe... don't want to lose VBA), and so forth.
Since I have a mortally wounded computer from the last Wi
Re: (Score:2)
Re: Nuke & Pave (Score:2)
I'll have both the crippled computer & the new linux computer simultaneously. If I can get the new linux computer to do what I want, I'll likely convert the old one to linux too, except it'd likely be several years of learning and experimentation to get the windows software to cooperate so the old computer might really be obsolete by then anyway. Anyway, I'd find a way to sell it as parts... 850 watt PS, 32Gb ram, core i7, blue ray burner, etc.
Re: Nuke & Pave (Score:2)
Re: Nuke & Pave (Score:5, Informative)
Security Program Manager, Microsoft Corporation
I Got Hacked, What Do I Do?
https://technet.microsoft.com/en-us/library/cc700813.aspx
So the parent was modded up before, suddenly it gets modded down. Really slashdot moderation has been trashed recently. It's worth saying why this was the money post. The only post in the whole thread which really mattersL:
The key quote you have to follow is:
But it's the bit before that which really matters:
Below there are people proposing reverse engineering the malware and then, if you know what it does, you can clean it up by reversing that. However, one thing most malware does is open up to the network and let the malware authors do what they want, so even if you know what this malware does you don't know what all malware does. Anything more could have happened to your system.
Reinstall from original installation media and pray to god that your system's onboard firmware is not compromised.
Re: Nuke & Pave (Score:5, Interesting)
Reinstall from original installation media and pray to god that your system's onboard firmware is not compromised.
Sadly today that last part is also very significant. Thanks to the mess of modern infrastructure like UEFI, everybody's device having embedded functionality that can be updated, and processors-within-processors, it's basically impossible to ever fully trust a system that has been compromised now, no matter how drastic your recovery procedures might be. Of course, for similar reasons it's also basically impossible to trust a system that you don't know has been compromised either. Security in modern tech is broken, and the tech industry and security services broke it.
Re: (Score:2)
What happened to bootdisks ?! (Score:4, Interesting)
But it's the bit before that which really matters:
That why you don't try anything from within the compromised system.
Either you try all your effort from a known clean bootdisk (CD, USB stick, etc),
or even better, you disconnect the drive and connect it to a known clean machine.
A non compromised OS will not lie about what is on the disk of another system, even if that other (non-currently running system) happens to be compromised.
(The sole exception being malware like ransomware that encrypt your data. Then nobody except the hacker holding the decryption key can read that disk).
Reinstall from original installation media and pray to god that your system's onboard firmware is not compromised.
Well, the attack of firmware (UEFI) or "management chips" running their own firmware (Intel ME engine and co) is indeed an entirely different level of scary.
And given the almost total disappearance of socketed flashchips to hold these firmwares, any chance to recover from that becomes bleak.
Re: (Score:2)
Kaspersky provides a Live CD rescue disk. I have had luck with it in the past. But even with a live CD, you have to know a good deal about both the target system and the malware.