Doctor Micro
New Member
- Reaction score
- 0
- Location
- Champaign, Illinois
He shoots! He scores! He wins! The crowd goes berserk!
Okay, here's the story. (nb: a small group of you may have already heard about this story) Go to my local watering hole for an adult beverage at the end of the day (they're also a customer and I installed their wireless network). Guy sees me getting out of my Doctor Micro Jeep and asks do I work on laptops. "Sure," I tell him, "What's the problem with yours?"
He proceeds to tell me that his laptop was infected with "a virus or something" and that all his business data, email and quickbooks financial data is on it, has no backup, and took it to the Geek Squad. They tried and failed to fix it and tried to tell him he needed a new hard drive and a new motherboard.
Well, the guy might be dumb for not having any backups, but he wasn't THAT dumb, so he told Geek Squad just to give him his laptop back. They charged him $70 diagnostic fee, he paid and left.
I tell him I would be glad to take a look at it and asked his address so I could stop by. He says, "It's in the car, I just left Best Buy a half-hour ago."
He brings it in, I fire it up (offline, on battery) and sure enough... there's Antivirus Pro 2009, hijacked wallpaper, scary warnings and all. Task manager disabled, attempts to run ANY program results in a popup saying that whatever was selected (even from the run line, like regedit or services.msc) is infected and nothing happens except to try to get you to log on to their site to buy their software so cleaning can proceed. Yeah, right.
I take the laptop back to the shop. Hit the boot menu and fire up my trusty UBCD4Win CD. Load the hives, clean out everything obvious, do the same with directories and files. Finally get it to start working a little so I can get into Control Panel. Check Local Policies and sure enough, found about 16 restrictions that shouldn't be there. Clear those. Offline again and do a file search for any file created or modified on or about the same date and time as the bogus ones I'd already found. Found a bunch more, many of which were read-only, hidden and system. Blew those away, but in the process, discovered he also was infected with Spy Sheriff and several other trojan downloaders.
Anyway, long story short and after some more work and finally getting a good antivirus and antispyware installed and working (he originally had Avast! but never got the activation code, so it had expired and was waaay out of date). Cleaned out a few more that those programs (Vipre and Prevx) found and finally had a clean working laptop. Went to Microsoft Update (it had been turned off), downloaded and installed 42 updates, re-installed and re-enabled System Restore (also turned off and not working). Updated Adobe, Java, Firefox (was version 2.0 before), backed up his .PST files, My Documents, Desktop and QuickBooks files to my network, then burned them to a DVD, just in case he got stupid again.
Called him up and before I could say anything beyond identifying myself, he interrupts and says, with a long sigh, "Okay, give me the bad news."
"The bad news is your checking account is going to be $239 lighter," I tell him, "The good news is your laptop is completely clean, working, updated and I have a backup of all your critical data."
Long pause on his end. "You're serious? You fixed it?"
"Serious as a heart attack, and yes."
When I meet up with him to demo his laptop and give him the bill and the after-action report, I thought he was going to kiss me (glad he didn't... lol).
Result: One happy new customer, who will never go to Geek Squad again, and now has a stack of my business cards to hand out.
Oh, and the kicker? I saw his receipt from the Geek Squad and realized that at least one of the infections occurred while his laptop was in their hands!
late add: I just realized as I was posting this, that I forgot to check his hosts file. whoops.
Okay, here's the story. (nb: a small group of you may have already heard about this story) Go to my local watering hole for an adult beverage at the end of the day (they're also a customer and I installed their wireless network). Guy sees me getting out of my Doctor Micro Jeep and asks do I work on laptops. "Sure," I tell him, "What's the problem with yours?"
He proceeds to tell me that his laptop was infected with "a virus or something" and that all his business data, email and quickbooks financial data is on it, has no backup, and took it to the Geek Squad. They tried and failed to fix it and tried to tell him he needed a new hard drive and a new motherboard.
Well, the guy might be dumb for not having any backups, but he wasn't THAT dumb, so he told Geek Squad just to give him his laptop back. They charged him $70 diagnostic fee, he paid and left.
I tell him I would be glad to take a look at it and asked his address so I could stop by. He says, "It's in the car, I just left Best Buy a half-hour ago."
He brings it in, I fire it up (offline, on battery) and sure enough... there's Antivirus Pro 2009, hijacked wallpaper, scary warnings and all. Task manager disabled, attempts to run ANY program results in a popup saying that whatever was selected (even from the run line, like regedit or services.msc) is infected and nothing happens except to try to get you to log on to their site to buy their software so cleaning can proceed. Yeah, right.
I take the laptop back to the shop. Hit the boot menu and fire up my trusty UBCD4Win CD. Load the hives, clean out everything obvious, do the same with directories and files. Finally get it to start working a little so I can get into Control Panel. Check Local Policies and sure enough, found about 16 restrictions that shouldn't be there. Clear those. Offline again and do a file search for any file created or modified on or about the same date and time as the bogus ones I'd already found. Found a bunch more, many of which were read-only, hidden and system. Blew those away, but in the process, discovered he also was infected with Spy Sheriff and several other trojan downloaders.
Anyway, long story short and after some more work and finally getting a good antivirus and antispyware installed and working (he originally had Avast! but never got the activation code, so it had expired and was waaay out of date). Cleaned out a few more that those programs (Vipre and Prevx) found and finally had a clean working laptop. Went to Microsoft Update (it had been turned off), downloaded and installed 42 updates, re-installed and re-enabled System Restore (also turned off and not working). Updated Adobe, Java, Firefox (was version 2.0 before), backed up his .PST files, My Documents, Desktop and QuickBooks files to my network, then burned them to a DVD, just in case he got stupid again.
Called him up and before I could say anything beyond identifying myself, he interrupts and says, with a long sigh, "Okay, give me the bad news."
"The bad news is your checking account is going to be $239 lighter," I tell him, "The good news is your laptop is completely clean, working, updated and I have a backup of all your critical data."
Long pause on his end. "You're serious? You fixed it?"
"Serious as a heart attack, and yes."
When I meet up with him to demo his laptop and give him the bill and the after-action report, I thought he was going to kiss me (glad he didn't... lol).
Result: One happy new customer, who will never go to Geek Squad again, and now has a stack of my business cards to hand out.
Oh, and the kicker? I saw his receipt from the Geek Squad and realized that at least one of the infections occurred while his laptop was in their hands!
late add: I just realized as I was posting this, that I forgot to check his hosts file. whoops.
