Even the best make f**kups sometimes!

[FreeAVman]

Here's a (vaguely) interesting story.

I've just got back from an "emergency" call-out job to a small Graphic
Design company. Their problem was that none of their twelve networked PC's
would boot into Windows. At first I suspected numerous different causes for
this. I suspected everything from massive virus or trojan infestations, to
power-surges; even to deliberate sabotage. But, after investigating and
eliminating each of these suspected causes, the problem was still there. I
could still not get any of the twelve PC's to boot into Windows.

At this point the Managing Director, (who was almost in tears by this time),
walked in and asked me how I was getting on. So, to conceal the fact that I
still didn't know what the problem was, I told him I was still investigating
a possible virus infestation. He then told me that he didn't think it could
be virus related because, yesterday, his secretary had scanned all twelve
PC's with a "Virus & Worm Removal Tool" she had found on the internet.

"Mmm, could I have a word with her?", I replied.

My chat with his secretary pointed me in the right direction.

Then, after booting one of the PC's with an "ERD Commander" Boot CD and
looking at the log file which the "Virus & Worm Removal Tool" had created;
the cause of the problem became obvious. The twelve PC's were all running
a program called "Desktop Lock", which adds extra security by requiring a
password to be able to boot the PC into Windows. The "Virus & Worm Removal
Tool" had identified one of the "Desktop Lock" boot files as containing a
virus, and had deleted it. After that, the PC would no longer boot at all.

I used the "ERD Commander" Boot CD again to boot all the PC's and remove a
few startup entries and files on each one; then they were all OK again.

I then installed "Desktop Lock" on one of the PC's, and submitted the
"offending" boot file to virustotal.com. It contained no viruses. I then
scanned this PC with the "Virus & Worm Removal Tool", which immediately
found (and deleted) this totally innocent file.

Amazingly, the "Virus & Worm Removal Tool" which effectively "killed" these
twelve PC's, (by deleting a totally innocent file), was "remover.exe
V1.003.0115" from GData Software. GData are licensed to sell eXtendia AVK's
products. And eXtendia AVK, who use both Kaspersky's and BitDefender's
virus definitions, have often been credited as being the "World's Best
Antivirus Company".

I would just like to thank the "World's Best Antivirus Company" for
producing a "Virus Removal Tool" which not only identifies as "infected"
(and deletes) a totally innocent file: it also "kills" the computer in the
process. And, it "kills" the computer to such an extent that it requires
someone like me with expensive specialised software to repair it.

Yes, thank you GData and eXtendia AVK, your f**kup just earned me £640 for
eight hours work.

Well, as I said earlier, even the best make f**kups sometimes!

 

[Jeffrey A. Setaro]

[Big Snip]

Well, as I said earlier, even the best make f**kups sometimes!

I hope you submitted the suspect file and the details of this incident
to GData and eXtendia so they can fix the [apparent] false positive.


Cheers-

Jeff Setaro
jasetaro@SPAM_ME_NOT_mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34

 

[FreeAVman]

[Big Snip]

Well, as I said earlier, even the best make f**kups sometimes!

I hope you submitted the suspect file and the details of this incident
to GData and eXtendia so they can fix the [apparent] false positive.

Yes, I submitted it. But they haven't replied yet.

 

[Mich]

Here's a (vaguely) interesting story.

I've just got back from an "emergency" call-out job to a small Graphic
Design company. Their problem was that none of their twelve networked PC's
would boot into Windows. At first I suspected numerous different causes for
this. I suspected everything from massive virus or trojan infestations, to
power-surges; even to deliberate sabotage. But, after investigating and
eliminating each of these suspected causes, the problem was still there. I
could still not get any of the twelve PC's to boot into Windows.

At this point the Managing Director, (who was almost in tears by this time),
walked in and asked me how I was getting on. So, to conceal the fact that I
still didn't know what the problem was, I told him I was still investigating
a possible virus infestation. He then told me that he didn't think it could
be virus related because, yesterday, his secretary had scanned all twelve
PC's with a "Virus & Worm Removal Tool" she had found on the internet.

"Mmm, could I have a word with her?", I replied.

My chat with his secretary pointed me in the right direction.

Then, after booting one of the PC's with an "ERD Commander" Boot CD and
looking at the log file which the "Virus & Worm Removal Tool" had created;
the cause of the problem became obvious. The twelve PC's were all running
a program called "Desktop Lock", which adds extra security by requiring a
password to be able to boot the PC into Windows. The "Virus & Worm Removal
Tool" had identified one of the "Desktop Lock" boot files as containing a
virus, and had deleted it. After that, the PC would no longer boot at all.

I used the "ERD Commander" Boot CD again to boot all the PC's and remove a
few startup entries and files on each one; then they were all OK again.

I then installed "Desktop Lock" on one of the PC's, and submitted the
"offending" boot file to virustotal.com. It contained no viruses. I then
scanned this PC with the "Virus & Worm Removal Tool", which immediately
found (and deleted) this totally innocent file.

Amazingly, the "Virus & Worm Removal Tool" which effectively "killed" these
twelve PC's, (by deleting a totally innocent file), was "remover.exe
V1.003.0115" from GData Software. GData are licensed to sell eXtendia AVK's
products. And eXtendia AVK, who use both Kaspersky's and BitDefender's
virus definitions, have often been credited as being the "World's Best
Antivirus Company".

I would just like to thank the "World's Best Antivirus Company" for
producing a "Virus Removal Tool" which not only identifies as "infected"
(and deletes) a totally innocent file: it also "kills" the computer in the
process. And, it "kills" the computer to such an extent that it requires
someone like me with expensive specialised software to repair it.

Yes, thank you GData and eXtendia AVK, your f**kup just earned me £640 for
eight hours work.

Well, as I said earlier, even the best make f**kups sometimes!

I deleted a remover.exe from a clients PC today
( in my case it was a virus )
and I only made $180.00 today....

I need a couple of your customers !!
I guess the trip over the big pond would be costly though

Mich...

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[Big Snip]

Well, as I said earlier, even the best make f**kups sometimes!

I hope you submitted the suspect file and the details of this incident
to GData and eXtendia so they can fix the [apparent] false positive.

Submit a false positive and expect a response? Tried that with McAfee as
their Sysclean package detects Microsoft's IntelliPoint software's startup
registry entry as viral and removes it without the ability to restore it or
a backup of it.

At the time I couldn't find a single sodding thing bar an email address on
their web site about reporting false positives. Email to the address gave
the boilerplate "We don't read your email. Call us at $xx/minute or go
away. We have your money, ner ner."

Hence they can stuff their defective product. </rant>

(I do know Sysclean is free and they don't make a buck out of it, but why
supply it if it's borked?)


Adam.

- --
Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFCf+Q97uRVdtPsXDkRAtpOAJ42b0LkjMO63HKCiaUxFO7y2XepWQCgjIOK
hSp+wCmVIKqrNNEKovDTe9k=
=kAet
-----END PGP SIGNATURE-----

 

[null]

I hope you submitted the suspect file and the details of this incident
to GData and eXtendia so they can fix the [apparent] false positive.

Submit a false positive and expect a response? Tried that with McAfee as
their Sysclean package

??? Sysclean is a Trend Micro product, not McAfee.

Art

http://home.epix.net/~artnpeg

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I hope you submitted the suspect file and the details of this incident
to GData and eXtendia so they can fix the [apparent] false positive.

Submit a false positive and expect a response? Tried that with McAfee as
their Sysclean package

??? Sysclean is a Trend Micro product, not McAfee.

Oops. That's what happens when I go off on a tangent. My apologies McAfee,
it is indeed Trend Micro.

If only there was a monopoly on anti-virus software too, I wouldn't have to
remember who's product is who's *sigh* ;-)


Thanks for the correction,


Adam.


- --
Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFCgIIy7uRVdtPsXDkRAgM/AJwN/+scZNdIFal+2VAn2WRzCFL1MQCfWnWh
pQQXixNl7vF9Ecmjv4MijlQ=
=ZBkJ
-----END PGP SIGNATURE-----

 

[jonah]

I deleted a remover.exe from a clients PC today
( in my case it was a virus )
and I only made $180.00 today....

I need a couple of your customers !!
I guess the trip over the big pond would be costly though

Mich...

Trips over the pond cost next to nothing.

When you get to the UK no immigration worth bothering with, free
healthcare for all, don't bother with a work permit nobody cares and
no tax to pay cos nobody knows you exist.

What are you waiting for? Come on over.



Jonah

 

[MF]

I deleted a remover.exe from a clients PC today
( in my case it was a virus )
and I only made $180.00 today....
Mich...

I deleted a virus from a customer's machine about a week ago. As her Norton
AV 2005 was grinding along, through the 150,000 plus files her son had put
on the computer, she complained that it was taking too long. It was an
sdbot variant (opening a potential backdoor) and someone had told her that
it was an easy virus to remove, should take less than an hour.

I said, "Why didn't he do it for you?" "Oh," she says, "he was from my
husbands work." A complete non-sequitor, but adequate: it meant that yet
another obscure genius in an obscure computer room somewhere had piped up.

I only made 95 bucks. FreeAvMan should re-moniker himself as
BigTicketAVMan. 640 pounds, that's ~ a thousand bucks, is it not? Over a
hundred bucks an hour. Maybe he'll ship me one of the Beemers he's got
tired of and replaced with a Rolls....

Mike

 

[Mich]

I deleted a virus from a customer's machine about a week ago. As her Norton
AV 2005 was grinding along, through the 150,000 plus files her son had put
on the computer, she complained that it was taking too long. It was an
sdbot variant (opening a potential backdoor) and someone had told her that
it was an easy virus to remove, should take less than an hour.

I said, "Why didn't he do it for you?" "Oh," she says, "he was from my
husbands work." A complete non-sequitor, but adequate: it meant that yet
another obscure genius in an obscure computer room somewhere had piped up.

I only made 95 bucks. FreeAvMan should re-moniker himself as
BigTicketAVMan. 640 pounds, that's ~ a thousand bucks, is it not? Over a
hundred bucks an hour. Maybe he'll ship me one of the Beemers he's got
tired of and replaced with a Rolls....

Mike

Yup I think it is ...
or how 'bout MillionaireAVMan

Mich...

 

[FreeAVman]

I only made 95 bucks. FreeAvMan should re-moniker himself as
BigTicketAVMan. 640 pounds, that's ~ a thousand bucks, is it not? Over >
a hundred bucks an hour. Maybe he'll ship me one of the Beemers he's
got tired of and replaced with a Rolls....

Mike

I'm surprised at the responses to my (vaguely) interesting story. I would
have thought that the responses would have been more related to the f**kup
that eXtendia AVK made; rather than how much I charged my customer to fix
the f**kup itself.

Perhaps the big Antivirus companies make f**kups more often than I realised;
so this latest eXtendia AVK f**kup is not really that newsworthy. I don't
know.

Anyway, regarding my pricing structure, £80 per hour is an average charge
for where I live in the UK (Cornwall). But, if some people think that £80
per hour is expensive, then they should look at an average Central London
charge. If you call out a Computer Engineer in Central London, then you
could be looking at a £200 call-out charge for the first hour plus £180 for
every subsequent hour. This is well over double my rates, and in Central
London everyone pays these rates quite happily. (Mind you, they have no
choice about it).

The trouble is though; actually living in Central London is a severe and
expensive pain in the arse. So, I am happy with my little seaside cottage
in Cornwall.

By the way, my FreeAVman "nym" is actually a contraction of "free ADVICE
man". I chose this as a sly "dig" at many customers who seem to think
that, because I have repaired their computers for them, they are then
entitled to a "FREE 24/7 Lifetime Technical Support Helpline". I expect
everyone in our line of work gets this though. So I'm not going to moan too
much about it.

If I could be so humble as to offer some free advice to my fellow Computer
Engineers, it would be this: put your prices up!!!

If people want the benefit of our knowledge, our experience and our
thousands of pounds worth of legitimate licensed software, then they should
be prepared to pay for it!

P.S.

By the way mike, you must be partly psychic. I did, in fact, recently trade
in my BMW 5-Series; and I now have a brand new Jaguar XKR. Apart from the
fact that a Rolls Royce is still WAY outside of my price range, the roads in
the part of Cornwall where I live are too twisty and narrow to even consider
owing such a huge beast of a car. (I have test driven one though and, I
must admit, it was f**king excellent).

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm surprised at the responses to my (vaguely) interesting story. I would
have thought that the responses would have been more related to the f**kup
that eXtendia AVK made; rather than how much I charged my customer to fix
the f**kup itself.

Although it's disheartening for one to have to charge because of another
business's incompetence (done it myself) I don't think it's uncommon. I
found your post an interesting one though.

Anyway, regarding my pricing structure, £80 per hour is an average charge
for where I live in the UK (Cornwall). But, if some people think that £80
per hour is expensive, then they should look at an average Central London
charge. If you call out a Computer Engineer in Central London, then you
could be looking at a £200 call-out charge for the first hour plus £180 for
every subsequent hour. This is well over double my rates, and in Central
London everyone pays these rates quite happily. (Mind you, they have no
choice about it).

If your services are professional and thorough then £80/hr isn't an
unreasonable fee IMO.

By the way, my FreeAVman "nym" is actually a contraction of "free ADVICE
man". I chose this as a sly "dig" at many customers who seem to think
that, because I have repaired their computers for them, they are then
entitled to a "FREE 24/7 Lifetime Technical Support Helpline". I expect
everyone in our line of work gets this though. So I'm not going to moan too
much about it.

<g> yep. I politely draw the line if said advice is going to take more than
ten minutes or so. It is a good way to keep in touch with your existing
client base though, and if said client is one who pays on time and is one
of those "reasonable" gems I don't bat an eyelid.

If I could be so humble as to offer some free advice to my fellow Computer
Engineers, it would be this: put your prices up!!!

I feel bad enough as it is charging someone £160 for x hours of what I
really enjoy doing!

If people want the benefit of our knowledge, our experience and our
thousands of pounds worth of legitimate licensed software, then they should
be prepared to pay for it!

That is very true indeed. Knowledge and experience come after a great deal
of time and effort. Clients always tend to acknowledge that you know your
stuff, but I don't know if they appreciate how hard you've worked to get
there *shrug*. I feel appreciated by all of my clients, that much I know.

P.S.

By the way mike, you must be partly psychic. I did, in fact, recently trade
in my BMW 5-Series; and I now have a brand new Jaguar XKR. Apart from the
fact that a Rolls Royce is still WAY outside of my price range, the roads in
the part of Cornwall where I live are too twisty and narrow to even consider
owing such a huge beast of a car. (I have test driven one though and, I
must admit, it was f**king excellent)

Maybe I could put up my prices to afford lessons/tax/insurance/a car ;-)


Adam.

- --
Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFChL5x7uRVdtPsXDkRAgZZAKCDlkFRwPfv/o8x0AzZGv4K2yEFPACfcrCk
8yVfudOvxHxaGdls7iyg7JU=
=+qBz
-----END PGP SIGNATURE-----

 

[null]

Anyway, regarding my pricing structure, £80 per hour is an average charge
for where I live in the UK (Cornwall).

I woinder though if yours is a dying profession in a time when PCs are
practically throw-away items. Around here, you can purchase a new 1.6
ghz AMD cpu machine with Win 2K on it for $180 U.S. ... about the same
money as one hour of your time. Purchases usually include 180 day to
one year warranty.

Seems to me average customers would be primarily concerned with
valuable data recovery. If they had any sense, they'd pay for "safe
hex" instruction, and for someone to help them harden their PCs.
Plus advice on data backup.

I wonder if a new but hardened PC with a backup drive on a removable
tray, plus one "free" hour of instruction ... might be a hot selling
item at, say, $500 to $600 U.S. ? I wonder if anyone has tried this
approach? I suppose one of the problems would be the nature of
the "gaurantee". How to get across to people that they can only
greatly reduce the probability of taking hits and there can be no
100% guarantees? And that they have to take their security into
their own hands without reliance on some magical hardware/software
combo?

Perfect arena for "fly by night" operators with 100% guarantees.
Unfortunately, people will buy that

Art

http://home.epix.net/~artnpeg