Debate, and discuss, just dont Bore me.
Published on September 12, 2010 By Dr Guy In Personal Computing

Five (5) years ago, Katrina devastated the gulf coast.  And in the world of "unintended consequences", the resulting rapid increase in gas prices pushed my wife to start using one of the remote Access software solutions on the market.  The job she used it for was a part time one that required a bit of a commute and with gas over $3/gallon, it was not economically feasible to drive to this job.  But it was very feasible to use one of these products that cost only a few dollars a month to do the job.

I liked what I saw, especially the fact that she was able to set it up herself (she is a paralegal) with minimal help from me.  So I contacted my customers and proposed a mutually agreeable solution for them to also use it (and pay the minimal cost).  They agreed.

And it has been rewarding for me as well.  I can better serve them, and cut their costs (and mine) at the same time.  And so I decided to also use it to help my mother and her sister with their forays into computers.  Although my mother was working on computers before almost anyone reading this was born, she is not very savvy when it comes to the "wee ones".  And since they live 1000 miles away, it has helped me immensely as I do not have the time to run down there for every problem they encounter.

A long way to get to the situation this weekend.  MY mother got infected with that damn malware that wants you to pay THEM for infecting YOU.  How she got infected is immaterial (this year, I have cleaned over a dozen computers, and there is no common factor).

The malware comes in many flavors, so there is no "one way" to follow to clean it.  And of course the more recent version disable everything, so it is not easy to find out what it is by looking at processes (disabled) or services (disabled).  But!  These remote access software solutions allow you to remotely access not only the computer management, but also the running processes and registry!  Sweet!

And so far, they have not deactivated the remote access software (although they claim it is infected).  So I was able to get in, observe the running processes, locate the bad software and then rename it surrepticiously (from my console, not the remote host).  I was able to kill the process, reboot the computer, scan the registry and remove all references to the malware.  It took awhile, mostly because this was my first time using the remote access software for such a purpose.  But it did not take too long and in reality, was a lot quicker than doing the old (and not always working) safe mode de-installation.

I love this remote access software!  I do not mention the brand as I know the assholes are out there tweaking their malware trying to make it harder to kill.  I had one computer that would not allow even a command line to be opened!

But another tip on this malware. It seems that it always installs itself in the user's profile space.  So once you can get into the services/processes/registery, you can do a search on programs running from that directory structure.  They are sure to be the infection.  And there is usually more than one avenue opened so that eliminating one program does nothing.  Eliminate them all.


Comments
on Sep 12, 2010

 

How about making the user account that everyone browses the internet from (and for normal daily use stuff) a limited user account?   Keeping the ADMIN account safe and reserved.

*Most* malware (including the types of infections you're describing) can only use the credentials of the currently logged-on user account to install themselves and cause damage.   Limit that and the malware loses it's bite.  I've proven this theory more times than I can count over the years and now whenever I set up an new business (set up the systems, network structure, any servers etc.) I always make the users limited accounts and only the exec's (or office managers) and myself are privey to the ADMIN credentials.  Any issues that crop up with software (some devs don't code properly for limited accounts) can easily be corrected via scripts or other parameters so there is (at least in my opinion) NEVER a reason why a user should RUN their daily tasks using and admin account.  Running an internet browser (and all then-loaded addon's etc.) with admin credentials is just asking to have your butt smacked. 

Using that strategy I've saved my clients countless issues over the years (of course that also means less money for me......but hey......that's just me.) 

the Monk

on Sep 13, 2010

How about making the user account that everyone browses the internet from (and for normal daily use stuff) a limited user account? Keeping the ADMIN account safe and reserved.

I tried that with my wife.  She bitched so much at me (not being able to add simple add-ins, or upgrade flash players and such), I finally relented and gave her the full admin.  But your idea is a good one.  Then they could only infect their profile, and not the entire computer.

Using that strategy I've saved my clients countless issues over the years (of course that also means less money for me......but hey......that's just me.)

If you can get away with it - Great!  I guess that is the real "don't ask, don't tell".

on Sep 14, 2010

I use 2 of the programs. 1 gives me free use of the basic version, the other was a 30 day trial. While the trial one was pretty cool because all it took was to install a small file on the computer you are connecting too after sending the receiver an email, it did not have a free version and is not exactly cheap, monthly payments are not usually my thing when it comes to software.

The other option does have a free version although it has limits such as no sound, the ability to transfer files from on PC to another and no copy paste from one to the other. It also requires to be on the computer you want to connect to, log in to your web account and add that PC to your list before you can remotely access it. Unlike the other one which you can send and email and have the recipient do the install without you having to be at that computer, this one requires to be logged in to your online account and you have to add the computer yourself first. You could have the owner of the computer do it for you but you would have to give them access to your account first and they will also need to be a bit computer savvy to install it and set it up to be accessed.

Otherwise once installed you can access it from any computer with an internet connection so long as the other computer is online as well. It's very comvenient. I have help so many and it also allows me to access sites thru my own computer at home that I can't from work.

on Sep 14, 2010

I think I know of both that you are talking about. The first, the free trial one, was ok, but pricey.  I used it for a year.  The second is much cheaper and I use it now - the pay for version.  So I get all the bells and whistles - which includes the remote registry, processes and services access (plus the file stuff).  And that stuff was what saved my butt (or I should say my mother's).

My wife uses the free version to access her computer at work.  Which is fine.  I would be very afraid if she was monkeying around in a registry!

Meta
Views
» 2133
Comments
» 4
Sponsored Links