News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

My Nightmare !

Started by hutch--, September 04, 2011, 07:47:14 AM

Previous topic - Next topic

hutch--

I have just spent 5 and a half hours fixing an XP  SP3 machine for an old fella I know. He originall chased me up yesterday because his printer had stopped working so i rode my bike over to his place today to have a quick look and found the usual mess. Try to re-install the printer and the print spooler was not running. Re-run the driver and it required RPC which would not start. Tried to get some software using his browser and it was redirecting to some other crap and all I could get to run was the ESET online AV scanner.

That cleanup up some of the mess then I deleted Adware which had allowed the mess in the first place. No matter what I tried i could not get Malwarebytes to download so I gave up and downloaded AVG which then found two trojans hidden in a screensaver, an ASK toobar that was doing the redirects and also deleted a few thousand cookies and it seemed to be running almost well again. Installed AVG to provide some temporary protection and told him to BUY (for money) the ESET Nod32.

Mutter, now I remember why I don't configure computers for other people any longer. :(

Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

sinsi

Welcome to my world (although I get paid for it).
But really, that's an hour's worth of work  :P
Light travels faster than sound, that's why some people seem bright until you hear them.

Bill Cravener

Quote from: hutch-- on September 04, 2011, 07:47:14 AM
Mutter, now I remember why I don't configure computers for other people any longer. :(

I now refer folks to Staples to get their computers fixed. Fixing other peoples computer messes, ugh, I no longer have the patients. I'll stick to the solitude of web development and the trade taught to me by my father. Much less frustrating! :bg
My MASM32 Examples.

"Prejudice does not arise from low intelligence it arises from conservative ideals to which people of low intelligence are drawn." ~ Isaidthat

hutch--

Sinsi,

It certainly would have been a lot faster if I had have known what the original problem was but what I got was a couple of days of frenzied phone calls about a printer that was not working so I went over to his place without any of the stuff to delouse an infected machine. After doing the normal diagnostics on his printer (cable OK and printer turned on OK) you then start looking for what else was wrong. print spooler that was not working because something was disabling the RPC service. tried to use his copy of Firefox but it was being subjected to redirects but I managed to download Google Chrome and install it.

Ran the ESET online scanner which cleaned up some of the mess. Took about 35 minutes just to run the online scanner. Ran SFC with the /SCANNOW option to replace any damaged system files (another 30 minutes or so). Deleted AdAware. Set his Explorer so i could find hidden and system files then tracked down all of the cookies in all of the profiles and deleted some thousands of them. Multiple reboots inbetween and got it so it did not appear to be replicating anything on reboot then downloaded AVG as I could not get it to download Malwarebytes and installed it After another 40 minutes of disk scanning it found a screen saver with a trojan in it and the program that dropped it in the first place.

Ran SFC for the last time then configured AVG so he had some protection and told him to BUY ESET Nod32.

The only computer I configure now are for a few friends in the country and they are all multipartition machines that I built myself and they go into place complete with a working disk image on a second drive. This is a good option as if they PHUK it up they get the original disk image and have to set up all of their own bits and pieces again which motivates them not to piss around with things they don't understand.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

anunitu

I have had to deal with this as well. Once someone thinks you are a computer person,you become their go to guy,only without getting paid to be their tech. Worst part is when you "Try" to explain to them what is wrong and how to fix it,they suddenly doubt your knowledge,and argue about things they know nothing about. I quit doing favors for people with computers that probably never should have been allowed to have one in the first place. Some people are dangerous and have no idea what firewalls are for,or AV programs and how to administer them. Also if I warn them about malicious sites,they still keep going even after I have cleaned their machine from the droppers these sites hit them with.


vanjast

If regularly fix my Father-in-Laws PC, a fairly old 'office type' PC, that he mainly uses for emails and minor things (he's 'IT challenged').

The problem is that his son puts on every sort of virus 'protection' goodies available and other sh'1t, which has the effect of turning a pentium into a 8086,
eventually leading to meltdown. So I reinstalled and gave him a minimum system with no AV, Firewall... etc. Set up win services and disabled a load of crud.
It flew like a bomb (maybe I shouldn't say that on the net - WE HAVE YOU SURROUNDED !!! - GEEZ that didn't take long  :green2)

My reason to him is that he's going to blow it anyway, just back up your important stuff - OK he said  :dazzled:.
He tried it and was happy.. then we had a family function and his son came around and ....reinstalled all that cra.p. back again, and he was back to square one.
I walked away from it, such that my mother-in-law accused me of being 'disrespectfull'. On hearing this, her daughter let rip at them :bg...

All quiet on the western front.
:8)

hutch--

Van,

There is a trick that fixes this, get it all up and going once then make a disk image for the boot partition. If anyone messes it up again, just overwrite it with the disk image.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

vanjast

Ja.. I thought of that just after I posted.... and true's nuts, he has a problem right at this very moment, but I 'haven't come home from work yet'  :wink

baltoro

This is an interesting subject. A common scenario,...
Whenever someone asks me if I know anything about computers,...I respond, "Yeah,...but, I usually lie about that."
Most of these people have gone through this kind of thing repeatedly,...and, they know what I mean,...and, they just stare off into space,...
...You guys are good at what you're doing,...too bad all that knowledge can't be distilled into some kind of advanced expert system,...
Of course, you'd constantly be embroiled in protracted litigation,...

By the way, HUTCH, that multi-partition idea is great. I had an IBM laptop that came with the Windows OS loaded on a hidden partition,...and, whenever, too much crap accumulated on the disc,...rather, than scan through everything,...you could just re-install the entire operating system at the push of a button (took about an hour).
Baltoro

carlos

One of the "perks" of being a computer guy, is that you get to know a lot of ladies, I NEVER charge a cent from my services (computer services, of course!!!),  and offten get another type of "reward"  :toothy  :toothy  :toothy

and yes, disk imaging saves a lot of labor, specially on the second or third time you had to fix a computer
This message was made with 100% recycled bytes; No bits where harmed in the making of this message

dedndave

come to think of it, that's how i met Zara   :P
she was having troubles - i helped her out a bit
she had never used windows explorer - at all - lol
so, i taught her to get around on her hard drive with it and showed her all the little tricks
one thing led to another   :bg
she gets around like an old pro, now

baltoro

This is great intel,... :eek
Unfortunately,...if I tried to use my vast 'knowledge' of cumputer OS internals to further my romantic aspirations,...I'd probably inadvertently make any installed malware way more effective,...
Love is blind,...
Baltoro

dedndave

i have to admit; with Zara, i dragged my feet a little   :P
i probably could have been done in an hour

baltoro

...If it was me,...I'd have done something incredibly embarrassing, like stop breathing,...and, she would have had to call 911,...
You'd have read about me in an issue of the Darwin Awards,... :eek
Baltoro

vanjast

Quote from: dedndave on September 07, 2011, 04:21:10 AM
so, i taught her to get around on her hard drive with it and showed her all the little tricks
Her parents warned her about people like you....  :green2
:bg