Fraudulent Tech Support Call
-
@Dashrender said:
@scottalanmiller said:
Yeah, finding malware "somewhere" is not the same as being infected. Just having something downloaded to a cache or stored on a mapped drive doesn't indicate an infection. Downloading a file and executing a file are very different things.
So here's a question - do you wipe a computer that catches a virus during install?
Seems like you would do it especially then.
-
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
Yeah, finding malware "somewhere" is not the same as being infected. Just having something downloaded to a cache or stored on a mapped drive doesn't indicate an infection. Downloading a file and executing a file are very different things.
So here's a question - do you wipe a computer that catches a virus during install?
Seems like you would do it especially then.
This was a time that I've always questioned. The assumption is that the compression of the installer obfuscated the virus until installation was attempted, then the AV catches it during install, during decompression (I'm assuming).
I can see the desire to wipe or not going either way. I know it's happened to me in the past, but probably been more than a decade since I've seen that happen.
-
If my AV catches something while I'm trying to install an app, then my AV did its job. I"ll let it kill off the files, and then I'll run another scan, just to be safe. I've only been bitten by that once or twice, methinks.
-
As long as the AV is catching something that hasn't run yet, you've been protected.
-
But from reading into this, the concept is that once you've seen something, or caught something, there's a chance there is more that isn't being seen or caught.
Not a concept I 100% agree with, but the general feeling, I am getting.
-
@BRRABill said:
But from reading into this, the concept is that once you've seen something, or caught something, there's a chance there is more that isn't being seen or caught.
Sort of. It's that once you are breached you no longer control the system and you can never know....
- If anything you see is real. (Think "Total Recall"... once someone controls what you see, they can make you see anything that they want. You cannot tell reality from perception.)
- How deep the infection went. What you "catch" might be a decoy to make you feel like you fixed things.
- If that infection opened things up for other things. Often the malware is only an installer and not the thread itself.
-
It is important to differentiate between infection and just having a file downloaded.
-
In the business world, you image for sure. No questions asked. Especially since every good IT department has images and packages they should be able to push out right away.
In this case we are talking about a co-worker's parent. I just don't believe the hassle is worth making $50-100.
-
I agree, business world needs to just image and be done with it.
