Trashed Brand New PC

G

GreatestOne

Limp Gawd
Joined
May 15, 2005
Messages
488
Wow once of my clients really did it now... got them a brand new Asus desktop, was all setup and perfect. 5 day later, they talked about its acting weird etc etc.... well when I got there, it was obvious it was infected. At first she refused to admit she did anything wrong. then like half an hour later she said she caught her hubby watching the nasty on it, LMAO!!!

Well anyways, whatever he downloaded/let in, it has done stuff I have never seen before.

• The Program listings to add/remove only list about 1/4 of the programs that are actually active and working in the PC
• The restore point I made when it was perfect is gone, no restore available
• Spyware scans detected few hundred threats, cleaned, but the AV did not detect any virus, but think they were compromised anyways
• Not only did they install weatherbug, PC backup and all this other crap, she installed a copy of Avast on top of AVG
• When I do an F9 advanced recovery option, it wont let you do anything... even the system wipe/recovery to factory state says the recovery partition is missing

Short of getting recovery disks (unless it lets me burn them), anyone see anything like this?
 
Only reason thats my last resort is I have to deal with all the disorganized drivers on the manufacturer sites... they usually have like 4 different drivers for network and sound etc....
 
I wouldn't bother saving that. Format is in order. Always make a system image before you send it out. And keep the drivers.
 
Ya usually I have Acronis for the image but recent versions sucked so I was planning on trying the Windows 8 backup/image but was first wanting to get the command for scheduling it right before activation it.

But what the heck ASUS.... no Win8 product code on the case???
 
GreatestOne said:
• The Program listings to add/remove only list about 1/4 of the programs that are actually active and working in the PC
Click to expand...

I've seen that. Also seen apps that "delete" a bunch of stuff and say you need to pay up to get them back.

(Aside from Cryptolocker this is BS because all they do is set attrib -h on everything)

If you feel like wasting hours, start rebooting in Safe Mode and run all your scanning tools.

I'm with everyone else - reformat, reinstall, update, and definitely image once you're done.

And yeah - Win8 boxes do not have COA's on them....just a little "Windows 8" sticker.
 
this is why the first thing you do is make a backup disc. take it out the box and do it for them. they always say they will do it and never get around to it. i recommend macqurium reflect
 
If it's five days old, then wipe it. It doesn't take me long to clean up a computer, but if it's five days I would just wipe it. If they like Avast, then install Avast instead. Although I wouldn't use WeatherBug, it isn't malware. You can try a weather gadget/widget/whatever after a wipe. MyPC Backup is junk, and needs to be removed. I think just about every PC I've come across has that crap on it. It sounds like you're just being lazy about the drivers? Reason there's multiple drivers is different versions or hardware for that model computer. Imaging everything after you're done seems in order if the husband is looking at the nasty. She didn't mind it?
 
shade91 said:
FIFY
Click to expand...

Well the problem with setting not as admin is that the lady actually thinks she knows computers because she used to use them a lot in the 70's... in fact, she has told me many times "I know how to use a computer but...." So if I disable admin privileges and she tries some things, guaranteed I will get a lot more calls for that than if I just left it. In her defense, he personal laptop has been fine for a long time, although now she says her Outlook is not starting anymore, LMAO.

zero2dash said:
I've seen that. Also seen apps that "delete" a bunch of stuff and say you need to pay up to get them back.

If you feel like wasting hours, start rebooting in Safe Mode and run all your scanning tools.

I'm with everyone else - reformat, reinstall, update, and definitely image once you're done.

And yeah - Win8 boxes do not have COA's on them....just a little "Windows 8" sticker.
Click to expand...

Yea m bad on Win 8, I been fighting that just like all new OS's so ya, a quick Google search resulted in no more codes. Just makes me wonder on a clean Windows install then, does it auto-recognize the serial # in the motherboard or something, how does it confirm valid ownership?

Ya no wasting time here, just trying to find a valid Win8 DVD.. downloaded one but not sure if its the Microsoft original, checking today.

Ryokurin said:
this is why the first thing you do is make a backup disc. take it out the box and do it for them. they always say they will do it and never get around to it. i recommend macqurium reflect
Click to expand...

Thats why I always had them on Acronis, which did the image backup perfectly every day on their external, hands off. now that Acronis sucks, makes things more difficult. I'll check into macqurium, altho I still havent heard why the built in Win8 imaging option is bad if u add the code for auto-run every day.

r-486 said:
If it's five days old, then wipe it. It doesn't take me long to clean up a computer, but if it's five days I would just wipe it. If they like Avast, then install Avast instead. Although I wouldn't use WeatherBug, it isn't malware. You can try a weather gadget/widget/whatever after a wipe. MyPC Backup is junk, and needs to be removed. I think just about every PC I've come across has that crap on it. It sounds like you're just being lazy about the drivers? Reason there's multiple drivers is different versions or hardware for that model computer. Imaging everything after you're done seems in order if the husband is looking at the nasty. She didn't mind it?
Click to expand...

I hate people who use WB, just dumb really. I dont leave any of that crap in there, they did it again and then tell me "we didnt install anything." Thats the best response ever, I feel like I am in a prison talking to convicts. And I dont know about you, but I dont enjoy going through installing 2-3 different drivers for 2-3 different components for one PC, not my idea of a good time or efficiency. If the first one hits, I feel like I won the lotto. The worst part is when one "sorta" works and you not sure if it will work going forward or if the other one is better. I've had that with some WAN drivers which "worked" at first, then inconsistently, and then I decide to try the other one and it works perfectly. That would suck if I did it for a remote client and they complained about the wireless... so no, I dont categorize that as "laziness."

Of course she minds LOL, you shoulda seen her face when she said it, but the most amazing part is, she ONLY DECIDED to tell me about that after we talked about why their PC was infected again after 5 days with all other excuses and how they didnt do anything etc etc.... I was like, wow really. Then he tried to defend it by saying why would a porn site want to hurt you? SMH So just yesterday I had him call me privately and said I would offer him a clean stash of material on a flash drive that will take him years to go through and "enjoy" but he said no thats ok, "I just wont go to those sites anymore."

S
M
H

Yea like thats credible.
 
GreatestOne said:
Well the problem with setting not as admin is that the lady actually thinks she knows computers because she used to use them a lot in the 70's... in fact, she has told me many times "I know how to use a computer but...."
Click to expand...

:D:D:D

LOL @ you offering her husband your pr0n stash.
 
magnetik said:
:D:D:D

LOL @ you offering her husband your pr0n stash.
Click to expand...

HEY MAN... I'm full service, know what I mean? Whatever makes my clients happy... they all have needs.

But honestly, like 90% are not even mine, they been "collected" over the years from my old clients' computers, LMAO. Who needs torrents when I myself havent even gone through 1/10 of my own drive yet. I know they'll come in handy someday.
 
BTW how do I know which version of Win 8 is valid with this PC? There still seems to be a regular, Pro and something else, or does it not matter in this case.
 
You are dead on about WeatherBug, but no matter how many times I tell them, to just stay
away from installing WeatherBug. Every time I go back to repair their pc, there it is. Just
sitting there, in the taskbar, making me money. I have gotten to the point where I want
mention it any more. They want listen, so I want tell them.
 
Ya true that, freakin people get obsessed about having all this dumb "freeware" and browser toolbars and crappy little games.
 
Auburn_Tigers said:
You are dead on about WeatherBug, but no matter how many times I tell them, to just stay
away from installing WeatherBug. Every time I go back to repair their pc, there it is. Just
sitting there, in the taskbar, making me money. I have gotten to the point where I want
mention it any more. They want listen, so I want tell them.
Click to expand...

How did you manage to typo "wont" 3 times? :D And are you sure they are installing it intentionally or even know it's there? I cleaned it up on a system recently and it was because it was bundled with some other adware from one of those Google ad links someone clicked on.
 
People never think the things they install matter, I always find it amusing when I run across a problem PC with a bunch of tool bars, coupon finders, "media players", and multiple AV clients installed.

Oce: "You really need to just click No anytime something tries to install and you are surfing the internet"
"Oh that just happened automatically when I was online, said I needed an update"
Oce: "There is no way this all happened automatically, you had to have clicked on a few installers"
"Well some of those are from clicking links on Facebook so they should be fine!"

:D

I have my mom and a few other people on non-admin accounts and trained fairly well now. I write down the admin password on a piece of paper and tape it under the keyboard so they have it in case they actually need it.
 
Last edited:
Rattle said:
wipe
reinstall OS

done
Click to expand...
and before giving back to user, use Acronis True Image Premium to make an image of the machine.

Happens next time again? Reload the Acronis image to the HDD, reactivate Windows, done.

One time I disinfected, cleaned up, and did a few things to improve performance on a netbook. Before I gave it back to the customer I did a VERY thorough test and run through. I did at least a handful of hard boots with testing Internet Explorer, browsing around, leaving the laptop running for a couple days, repeat the hard boots with testing. I even made an Acronis image for before and also for after (before giving to customer of course). Before I worked on the laptop, it was severely infected to the point the laptop was almost pretty much unusable. I think I cleaned out a couple rootkits too. Customer also had a bunch of toolbars and garbage installed from agreeing and clicking through everything and not caring.

I give laptop back to customer after super thorough testing. A day later he comes back to me complaining that I made everything worse. I briefly check out his laptop and it's infected all over again, give him a refund and he leaves with his laptop.

One or two of customer's co-workers came to me later to say they're 100% he had to have done something because it was working fine for the rest of the day after I gave the laptop back and then next day he came in differently and that he was known previously for slacking off at work Facebook'ing and YouTube'ing and MySpace'ing. Owner of company customer worked for came to me and apologized, let me know that employee was fired for his malice and deceit, and reimbursed me.
 
Last edited:
I'd suggest making a image of the machine at its full installed state (Windows installed, updates, software they like, etc) that way if anything happens again you can restore the image and you're back to a fresh install minus any updates that have been released since. Should save you a ton of time.
 
If your clients like weatherbug so much I would just install Rainmeter' edited stock weather skin.


Set it for their area and give them directions of how to edit the weather code for a different location. If they want more details they can click the title and their browser will open up a weather site.
 
Dude nice wallpaper. +1 Internets for you. Seriously though, you should ask this user to consider paying for MalwareBytes Premium in addition to whatever AV is already on there. Not fool-proof, but it should zap most malware. Throw AdBlock plus and OpenDNS filtering on there as well, and you should mitigate a decent number of threats that way.
 
I stumbled upon some Win8 laptops with OEM licenses that the owner wanted a clean install. Some tips:

1)If it came with Win8.0, the key will be automatically recognized by the installer ONLY if you install it with the correct 8.0 media. The laptops in question used a version called "single language".

2) Win8.1 media will NOT recognize keys from PCs that came with vanilla 8.0. To install using a 8.1 media you will have to get a dummy key, and change the key after installing - it activates without issue using vanilla 8 keys, but only after being installed.

3) usually there are no stickers with the key on win8(.1) OEM machines. There is an utility that enables you to get the key from SLIC, I don't recall the name riht now. If anyone needs it shoot me a PM so I remember editing this thread after I get home.
 
cdr_74_premium said:
I stumbled upon some Win8 laptops with OEM licenses that the owner wanted a clean install. Some tips:

1)If it came with Win8.0, the key will be automatically recognized by the installer ONLY if you install it with the correct 8.0 media. The laptops in question used a version called "single language".

2) Win8.1 media will NOT recognize keys from PCs that came with vanilla 8.0. To install using a 8.1 media you will have to get a dummy key, and change the key after installing - it activates without issue using vanilla 8 keys, but only after being installed.

3) usually there are no stickers with the key on win8(.1) OEM machines. There is an utility that enables you to get the key from SLIC, I don't recall the name riht now. If anyone needs it shoot me a PM so I remember editing this thread after I get home.
Click to expand...

I ran into that nonsense with a new Samsung Win8 laptop. Retail Win7 would not install/register. The BIOS was hard-coded for some OEM version. I just wiped the disk and put Linux Mint.
 
You didn't make an image of the disk = IT failure.
 
I hope you are charging them out the ass for this work. The dumber they are... the more they should pay.

Stupidity taxes are a great thing... i don't care what you say.

on a personal level - I'd be somewhat offended if I got a machine running super lean and clean for someone, and to have them crap all over it and then try to play the 'dumb' card.

Make an image next time... and when it happens again (it will) restore the image, but charge them for multiple hours of work anyway. I take the approach that it's really not worth my time to deal with that level of stupid, unless they are willing to pay quite a premium they can take their porn infected computer and shove it up their ass.
 
You must log in or register to reply here.
Back
Top