An epic battle against ignorance.
GHoosdum
Icrontian
Last night, a friend of mine came over with his buddy's fiancee's notebook. He had already taken out many hundreds of spyware items using Adaware/Spybot together. When he showed up (about 8:00PM) I was expecting a half-hour or so of removal tasks, and then done.
Not so.
We began by applying the latest definition file for Adaware (there was still too much spyware to actually make it worthwhile to connect the PC to the web to make Adaware auto-update). We got a few hundred more spyware instances this way.
Then it was on to Hijack This. After careful researching of each item in the log, we basically cut down the log length by half. Then I went in and manually quarantined the offending .exe files from the HJT log.
Then I manually installed the update for NAV; the definitions hadn't been updated since December of 2003. Apparently whatever item fubared the hosts file got in over six months ago. While a full virus scan was running, I took all the loop-backs for AV sites out of the hosts file.
The full scan located the Gaobot virus, found in the soundman.exe file, but NAV could not repair it. By this point, I was capable of connecting the PC to the internet without zillions of popups, so I downloaded and ran Symantec's Gaobot removal tool. It did not work. I had to follow Symantec's manual removal instructions to eradicate Gaobot from the PC.
Then I updated Windows. There were 18 Critical Updates that the owner of the PC had neglected to install.
All told, we finished around midnight.
After an epic battle against the spyware, viruses, and exploits on the girl's notebook, I have come to the conclusion that what my friend and I were really fighting against was ignorance: the ignorance of the typical PC user who simply does not know enough to keep their PC updated with Critical Updates and AV definitions... the typical PC user who waits until the spyware has crippled her PC until an XP-M 2400+ operates at a snail's pace...
I just wish these typical users would pay me for these services, then I wouldn't need to rant about their ignorance, merely profit from it.
Not so.
We began by applying the latest definition file for Adaware (there was still too much spyware to actually make it worthwhile to connect the PC to the web to make Adaware auto-update). We got a few hundred more spyware instances this way.
Then it was on to Hijack This. After careful researching of each item in the log, we basically cut down the log length by half. Then I went in and manually quarantined the offending .exe files from the HJT log.
Then I manually installed the update for NAV; the definitions hadn't been updated since December of 2003. Apparently whatever item fubared the hosts file got in over six months ago. While a full virus scan was running, I took all the loop-backs for AV sites out of the hosts file.
The full scan located the Gaobot virus, found in the soundman.exe file, but NAV could not repair it. By this point, I was capable of connecting the PC to the internet without zillions of popups, so I downloaded and ran Symantec's Gaobot removal tool. It did not work. I had to follow Symantec's manual removal instructions to eradicate Gaobot from the PC.
Then I updated Windows. There were 18 Critical Updates that the owner of the PC had neglected to install.
All told, we finished around midnight.
After an epic battle against the spyware, viruses, and exploits on the girl's notebook, I have come to the conclusion that what my friend and I were really fighting against was ignorance: the ignorance of the typical PC user who simply does not know enough to keep their PC updated with Critical Updates and AV definitions... the typical PC user who waits until the spyware has crippled her PC until an XP-M 2400+ operates at a snail's pace...
I just wish these typical users would pay me for these services, then I wouldn't need to rant about their ignorance, merely profit from it.
0
Comments
the result? my siblings no longer have admin rights to that machine, and everything that could possibly be offensive has been removed (Kazaa, other P2P clients)
Life isnt fair lol
Possibly he was doing something without expecting anything in return.
who does THAT nowadays ...
Note, by Hands-on, I do not count TOTAL bench time machine runs, just what I spend actually using box. I have a mini-KVM with two free ports here and a router with a spare port here. So I play or post or research while box is cleaning itself, and charge when KVM is showing box being worked on, otherwise not.
Friends of friends get charged when I work for them, too.