Pretty BAD Viruses and Spyware. Please Help Choose

[Leythos]

He thinks everything needs
certification and proof and he thinks it should be given to him of all
people.

One other thing - as you missed the entire point - I didn't ask for
ANYONE to give me ANYTHING. I said if you don't stand behind your work
enough to sign a document stating that it's clean, then you don't really
believe that you've done the job properly.

I don't expect you to see the difference as you don't see the difference
between stealing code, changing the text in it and calling it your own,
and being the rightful author of the code.

 

[Leythos]

It depends upon rework I think.

Get paid for rework = take the software route.

Don't get paid for rework = put a new hard disk in

No, what it depends on is two things, one is subjective, one is known.

If you "Feel" that you can clean the computer "Good Enough", then you
remove the traces of the virus that you can and live with what's left.
While you may get all of the malware many times, meaning you may remove
all traces of it many times, you may miss malware at some point.

If you want a machine that you could be "100% Certain" was free of
malware, then you would have to wipe the drive completely, reboot on a
known infection free disk (like a Windows XP CD) and then install again,
from scratch.

I'm not saying that a machine can't be cleaned, as I've done it many
times, but there is a difference between cleaning a machine and
monitoring it for something you might have missed, when you are a good
tech, and cleaning a machine for a client and them requesting that you
certify that it's 100% clear of malware. When you have to provide
certification that the machine is clear are you willing to bet the farm
on the tools you use?

 

[Aquafina]

Stalker!

Nice post BUTTS - We all already know you don't stand by anything you
post, that you are unethical, hide all the time, steal other people's
code, and host files against the wishes of the vendors.

If you want it to go away, prove that you didn't steal that application
and that you have permission to host the files that the vendors have
posted that you don't have permission.

 

[Aquafina]

Obsessed Stalker!!!!!!!!!!

One other thing - as you missed the entire point - I didn't ask for
ANYONE to give me ANYTHING. I said if you don't stand behind your work
enough to sign a document stating that it's clean, then you don't really
believe that you've done the job properly.

I don't expect you to see the difference as you don't see the difference
between stealing code, changing the text in it and calling it your own,
and being the rightful author of the code.

 

[Leythos]

Stalker!

You are the one that butted into this thread PBCUTTS1, so that would
make you the stalker now.

Oh, still not posting as PCBUTTS1 with your real email address I see.

Oh, and do you really think that people don't know your posts - you
always post the same drivel, so it's easy to tell it's you, even without
looking at the headers.

Where is the proof that you're not a thief?

 

[Leythos]

Obsessed Stalker!!!!!!!!!!

Replying to your post about me is not stalking you, but it does show
your actual intelligence level and complete failure to understand
anything.

 

[Frank]

I had to reply to this:
"Leythos" said:

I said if you don't stand behind your work
enough to sign a document stating that it's clean, then you don't really
believe that you've done the job properly.

Just because I do not sign a document putting up my first born as collateral
does not mean I do not believe I have done the job properly. I would never
take any payment for a job if I thought I didn't complete what I set out to
do. Who the hell are you to judge me and tell me how I feel?
I have enough of a GOOD SOLID reputation, I do not and my customers do not
ask for me to sign a worthless piece of paper.
You live in your make believe world and I will live in the REAL computer
world. You are stuck on this one stupid irrelevant issue, get over it. If
you don't like my replies then do not post telling others what I think,
because you do not have a clue about what I think and feel.
Please go away, and I would like that in writing please!
Frank L
MCSA, MCDST, MCP

 

[Leythos]

I had to reply to this:
"Leythos" said:
Just because I do not sign a document putting up my first born as collateral
does not mean I do not believe I have done the job properly. I would never
take any payment for a job if I thought I didn't complete what I set out to
do.

I never said that you didn't do the job, that you didn't clean the
malware. I have specifically said, how can you be sure you got it all?
If you are not willing to sign a document stating that the machine is
free of malware of this time, then you can posture all you want, but it
means you don't really believe you've done the job properly.

Who the hell are you to judge me and tell me how I feel?

I'm not stating you specifically, it was/is not personal -it's a broad
reaching issue in the community. If a tech is not willing to sign their
name that they've done the job as requested, then they don't have enough
faith in their work.

I have enough of a GOOD SOLID reputation, I do not and my customers do not
ask for me to sign a worthless piece of paper.

If your customers were to ask, that's the question, would you provide
them with a certificate stating that you cleaned their computer of all
malware, known and unknown, before returning it to them?

This is the real question, not your skills, how you FEEL, how they FEEL,
it's about doing the job completely and accurately or doing it at a
level you "FEEL" is good enough.

You live in your make believe world and I will live in the REAL computer
world. You are stuck on this one stupid irrelevant issue, get over it.

I work on systems all day, every day, across the US, so I very much live
in the real world and work on real-world use system. I also design
secure networks for medical facilities, so I have a little experience in
this area.

The topic comes up here a LOT, clean vs wipe/restore, and there are two
answers that get posted a lot - run cleaners and you'll be OK,
wipe/reinstall and you'll be clean.

If
you don't like my replies then do not post telling others what I think,
because you do not have a clue about what I think and feel.

Again, it's not about you personally, it's about the issue and
misconceptions that people spread about malware removal.

In the thousands of systems I've seen over the last year, I would never
"clean" a machine and tell the customer that I "certify" the machine as
clean. I would tell them that I've removed all traces that I can
find/know about of the malware and that I don't see any signs of it at
this time, but that without a complete wipe/reinstall I will not certify
that the machine is perfectly clean. I then leave it up to them as to
how they want things to proceed - clean or wipe/reinstall.

Don't get me wrong in this, we do systems at a couple Sororities every
year, all except a few are compromised, only one or two are
wiped/reinstalled - most are cleaned. The big difference is that we tell
the clients that we've cleaned their systems of all known viruses to the
best of our ability, but we do not warrant that the system is clean of
malware that we were unable to detect - notice the "that we were unable
to detect" part.

You've still not answered the question:

For all clients who's machines you clean, would you provide a
"certificate" stating the machine is 100% clean of malware, known and
unknown, when cleaning malware from a machine without use of a
wipe/reinstall?

Don't waffle on this, it's a simple question and is clearly worded, it
only needs a yes/no answer from you.

Please go away

Answer the question then.

 

[Frank]

Once again you tell ME that if I am not willing to sign a piece of paper
that I have no faith in my work and ability.

If you are not willing to sign a document stating that the machine is
free of malware of this time, then you can posture all you want, but it
means you don't really believe you've done the job properly.

I most certainly would sign that paper if I felt I had gotten it all. If I
felt I didn't do my job I would tell the customer so and leave it at that.
Problem is, you originally started this "insinuating" that it is a "feat for
God only" (not your words, just making a point) to remove a virus or malware
and get it all.
That simply is not true. Any novice reading your responses would probably
believe that the only way to remove this crap is to reformat. That was and
is my point.
If someone asked me to uninstall Adobe acrobat reader, would I accept
payment and say I have removed the product from your PC.? Yes, I would. Did
I search the register and remove every key installed by Adobe acrobat
reader? No, only the normal keys in the user & machine software sections. If
you cannot see that you are nit picking, for lack of a better term, than I
can only assume that you just wish to argue and debate, which is not the
issue.
Frank L

 

[Leythos]

Once again you tell ME that if I am not willing to sign a piece of paper
that I have no faith in my work and ability.

No, what I said has nothing to do with you specifically, but all tech's
of all types - so, yes, it does have to do with you, but it's not
personal like you seem to feel it is.

Again, if a person won't stand behind their work, by putting it in
writing, then they have something to hide/fear from their work. If a
person stands behind their work they don't have any issues putting it in
writing, at least not when it comes to customer relations and quality.

I most certainly would sign that paper if I felt I had gotten it all. If I
felt I didn't do my job I would tell the customer so and leave it at that.

To say "if I had felt I had gotten it all" is the same as saying "sort
of" as the answer. If you don't feel that you can always clean a machine
100%, then why bother, wasting the time when it may still be there, or
other malware that you didn't know about is still there?

Problem is, you originally started this "insinuating" that it is a "feat for
God only" (not your words, just making a point) to remove a virus or malware
and get it all.
That simply is not true. Any novice reading your responses would probably
believe that the only way to remove this crap is to reformat. That was and
is my point.

I stand by this statement - if you have a compromised machine, the only
way to ensure that it's clean of malware/compromise is to wipe it,
reboot it, reinstall from a known clean disk(s) in a clean environment.

You can run all the cleaners you want, and as every one of us with any
sense of self-resepct will admit, there is no one cleaner that gets
everything off of every machine all the time. That means that you really
don't know if these "reactionary" tools are cleaning the compromised
systems of all known/unknown malware all the time.

While I "Feel" very confident that I can remove anything I can detect,
even using tools, I would never certify a machine as clean unless I
flattened it.

If someone asked me to uninstall Adobe acrobat reader, would I accept
payment and say I have removed the product from your PC.? Yes, I would.

So would I, but Acrobat is not malware, and is a known product.

Did I search the register and remove every key installed by Adobe acrobat
reader? No, only the normal keys in the user & machine software sections.

And I would not even remove the keys, the automated uninstall of Acrobat
and then it's update tools are all that's needed. If they asked me clean
all traces of Acrobat, that would be another task entirely, not like
"uninstall Adobe Acrobat reader".

If
you cannot see that you are nit picking, for lack of a better term, than I
can only assume that you just wish to argue and debate, which is not the
issue.

Sorry Frank, I'm 1000% serious about this. You keep taking the
discussion down diversionary paths "Acrobat". We're talking about
removing malware from compromised machines, Acrobat is not malware and
is a product that even comes with an uninstaller and doesn't TRY and
hide from the users.

If you believe that this discussion is the same as asking to remove
Acrobat (or any other non-malware product) then I suspect that you're
just trolling.

You danced around the question about feeling confident enough to remove
malware and certify the machine with your sort-of statement. Either you
feel that you can remove all malware, known and unknown, 100% clean, and
certify (by signed statement) that machine was/is clean at time of
return to the customer, or you don't - if you don't feel you can do this
100% of the time, then you have to ask why - and it comes down to skill.

So, what's relative in this group is the ignorant home users, the people
with no technical skills at all, that have compromised machines and how
they can remove the malware - are you saying that they should trust that
these tools we all use will completely clean their machines of all
known/unknown malware without and chance that they missed something?

Again, this is not a argument, it's a discussion, it's not personal,
it's about real-world malware removal and if it can be done 100% of the
time to a level that could be certified.

 

[Aquafina]

OH MY GOD!!! I feel sorry for your kids. You are a sad man who uses the
internet to feel good about yourself. People who format to fix simple
problems are not techs.

 

[Leythos]

OH MY GOD!!! I feel sorry for your kids. You are a sad man who uses the
internet to feel good about yourself. People who format to fix simple
problems are not techs.

If you understood anything about security you would know that nothing
you have in your batch of stolen software will remove 100% of all
malware 100% of the time.

 

[Aquafina]

Wrong stalker. You don't know what I have. You know nothing about
malware/spyware, security or viruses. Just because YOU can't be sure does
not mean everybody else cant be sure. You are not GOD you don't know
everything.

 

[Leythos]

Wrong stalker. You don't know what I have. You know nothing about
malware/spyware, security or viruses. Just because YOU can't be sure does
not mean everybody else cant be sure. You are not GOD you don't know
everything.

I know that I personally feel, as do many others, that you're a troll,
unskilled in any technical ability, thief (and we've got proof of that)
and that you have to hide your actions now because you've been exposed
to the world for what you really are.

 

[Frank]

I have the knowledge and the confidence. I take offense to your reference to
trolling(although I am not up on NG jargon, I suspect it is not good). I can
only hope that you are a minority in your thinking. Just as you state that
their is no need to search out each reg key of acrobat, the same applies for
someone with the knowledge, will and confidence with respect to malware.
While a few keys may remain, If I do my job correctly and am as thorough as
humanly possible, I will most certainly state to the customer that I have
removed the THREAT from the PC. Mind you, not every little artifact,
although that certainly is my goal ALL the time. But, if rendered harmless,
the end result is the same. That is all I have been saying all along. If you
cannot see that, than you are just here for the debate (trolling, if that's
what it means). Because if you actually possess the knowledge you claim you
do (and I believe you do) you must be able to see the logic. I have never,
ever seen a piece of paper that "made me swear" that every bit of a threat
is removed, the point is to render the offensive program harmless and remove
as much or all, if possible. This may not apply for the Pentagon or CIA, but
I thought we were here to try and help if we can. And, yes, I have
wiped/reinstalled probably as many times as I have removed the threat to MY
level of expectation, feeling confident the clients best interests have been
served and the threat no longer exists. That is the goal. I will most
certainly sign on the dotted line.
Frank L

 

[Leythos]

I thought we were here to try and help if we can. And, yes, I have
wiped/reinstalled probably as many times as I have removed the threat to MY
level of expectation, feeling confident the clients best interests have been
served and the threat no longer exists. That is the goal. I will most
certainly sign on the dotted line.

Frank, if you're not a troll then accept my apology for thinking that
you might be.

The discussion is a simple based concept, and that's what we're talking
about here - if you read the other thread that I started, asking about
100% clean, you will see that not one person claims they can remove 100%
of the malware 100% of the time.

So, as you've said a number of times, you feel that your level of
malware removal is "acceptable to you" and that you feel that should be
good enough for your clients.

My position is that it's not my call do determine what is acceptable to
the client, only to educate them on two things:

1) Malware removal tools/processes are not 100% effective at removing
100% of known and unknown malware.

2) We can remove the known malware from their systems, but can not say
that 100% of all known/unknown malware has been removed to the point
that the system could be "Certified" as clean by any standard that would
meet certification.

If you work with people that handle banking records, accounts, medical
information, etc... Many home users fall into this category, if they
were presented with the two items above (which are 100% factual), they
would most likely choose to save data, then wipe/reinstall the system.

I've never had a customer tell me to "remove the malware so that it's
just good enough, even if you leave something behind that you don't
detect yet, it'll be OK".