ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Fraudulent Tech Support Call

    Scheduled Pinned Locked Moved IT Discussion
    89 Posts 14 Posters 13.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      An important difference with the "reinstall and go" approach is that it is highly reliable. We can pretty much predict how much time it will take to get back up and running. The margin of error is very small. Cleaning a system is "well... you know... thirty minutes to a week, give or take." The "known" is small so the ability to estimate time is very poor.

      1 Reply Last reply Reply Quote 1
      • DashrenderD
        Dashrender @DustinB3403
        last edited by

        @DustinB3403 said:

        @scottalanmiller said:

        @BRRABill said:

        Do you do the same thing with a virus? If WebRoot (hi @nic) finds a virus on your machine and deletes it. Do you also do a total reinstall?

        If it finds one that infected me, absolutely. Every time, no question. I feel like we've asked this before 😉

        That seems like a lot of overkill if your AV has caught the virus and stopped it before doing any harm...

        I'll agree if the AV sees the virus in a file that hasn't been allowed to execute, I won't bother reinstalling, but if the AV scan finds it in some random file that wasn't in the process of being executed for the first time (and I know because only I can install things), then it's nuking time.

        1 Reply Last reply Reply Quote 2
        • scottalanmillerS
          scottalanmiller
          last edited by

          Yeah, finding malware "somewhere" is not the same as being infected. Just having something downloaded to a cache or stored on a mapped drive doesn't indicate an infection. Downloading a file and executing a file are very different things.

          DashrenderD 1 Reply Last reply Reply Quote 1
          • dafyreD
            dafyre
            last edited by

            I am beginning to see some of the benefits of the "unLAN" setup like what @NTG is doing. If one of them gets a virus, they just wipe the device, change passwords from a trusted device, and work from another device while their bugged one is being reimaged.

            No need for user-backups because everything should be stored in OneDrive, etc. Right?

            DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 2
            • DashrenderD
              Dashrender @scottalanmiller
              last edited by

              @scottalanmiller said:

              Yeah, finding malware "somewhere" is not the same as being infected. Just having something downloaded to a cache or stored on a mapped drive doesn't indicate an infection. Downloading a file and executing a file are very different things.

              So here's a question - do you wipe a computer that catches a virus during install?

              scottalanmillerS 1 Reply Last reply Reply Quote 0
              • DashrenderD
                Dashrender @dafyre
                last edited by

                @dafyre said:

                I am beginning to see some of the benefits of the "unLAN" setup like what @NTG is doing. If one of them gets a virus, they just wipe the device, change passwords from a trusted device, and work from another device while their bugged one is being reimaged.

                No need for user-backups because everything should be stored in OneDrive, etc. Right?

                Yep.

                1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @dafyre
                  last edited by

                  @dafyre said:

                  No need for user-backups because everything should be stored in OneDrive, etc. Right?

                  Exactly. And effectively no chance of cross contamination.

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @Dashrender
                    last edited by

                    @Dashrender said:

                    @scottalanmiller said:

                    Yeah, finding malware "somewhere" is not the same as being infected. Just having something downloaded to a cache or stored on a mapped drive doesn't indicate an infection. Downloading a file and executing a file are very different things.

                    So here's a question - do you wipe a computer that catches a virus during install?

                    Seems like you would do it especially then.

                    DashrenderD 1 Reply Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender @scottalanmiller
                      last edited by

                      @scottalanmiller said:

                      @Dashrender said:

                      @scottalanmiller said:

                      Yeah, finding malware "somewhere" is not the same as being infected. Just having something downloaded to a cache or stored on a mapped drive doesn't indicate an infection. Downloading a file and executing a file are very different things.

                      So here's a question - do you wipe a computer that catches a virus during install?

                      Seems like you would do it especially then.

                      This was a time that I've always questioned. The assumption is that the compression of the installer obfuscated the virus until installation was attempted, then the AV catches it during install, during decompression (I'm assuming).

                      I can see the desire to wipe or not going either way. I know it's happened to me in the past, but probably been more than a decade since I've seen that happen.

                      1 Reply Last reply Reply Quote 0
                      • dafyreD
                        dafyre
                        last edited by

                        If my AV catches something while I'm trying to install an app, then my AV did its job. I"ll let it kill off the files, and then I'll run another scan, just to be safe. I've only been bitten by that once or twice, methinks.

                        1 Reply Last reply Reply Quote 1
                        • Reid CooperR
                          Reid Cooper
                          last edited by

                          As long as the AV is catching something that hasn't run yet, you've been protected.

                          1 Reply Last reply Reply Quote 2
                          • BRRABillB
                            BRRABill
                            last edited by

                            But from reading into this, the concept is that once you've seen something, or caught something, there's a chance there is more that isn't being seen or caught.

                            Not a concept I 100% agree with, but the general feeling, I am getting.

                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @BRRABill
                              last edited by

                              @BRRABill said:

                              But from reading into this, the concept is that once you've seen something, or caught something, there's a chance there is more that isn't being seen or caught.

                              Sort of. It's that once you are breached you no longer control the system and you can never know....

                              • If anything you see is real. (Think "Total Recall"... once someone controls what you see, they can make you see anything that they want. You cannot tell reality from perception.)
                              • How deep the infection went. What you "catch" might be a decoy to make you feel like you fixed things.
                              • If that infection opened things up for other things. Often the malware is only an installer and not the thread itself.
                              1 Reply Last reply Reply Quote 0
                              • Reid CooperR
                                Reid Cooper
                                last edited by

                                It is important to differentiate between infection and just having a file downloaded.

                                1 Reply Last reply Reply Quote 0
                                • IRJI
                                  IRJ
                                  last edited by

                                  In the business world, you image for sure. No questions asked. Especially since every good IT department has images and packages they should be able to push out right away.

                                  In this case we are talking about a co-worker's parent. I just don't believe the hassle is worth making $50-100.

                                  1 Reply Last reply Reply Quote 2
                                  • StrongBadS
                                    StrongBad
                                    last edited by

                                    I agree, business world needs to just image and be done with it.

                                    1 Reply Last reply Reply Quote 0
                                    • 1
                                    • 2
                                    • 3
                                    • 4
                                    • 5
                                    • 5 / 5
                                    • First post
                                      Last post