«

I had a customer that needed help setting up a Notebook for internet and E-
Mail.

While working on it I saw a disconnect just after getting it to connect to
the internet, something about RPC. I became suspicious and ran Symantec’s
fix blaster tool, blaster found and removed. So I ran the Symantec Fix
Welchia tool, welchia found and removed. I also installed the MS Security
patch.

The Notebook was a Compaq purchased from Bond and Bond.

The customer had a talk to Bond and Bond about the lack of security patch
and the extremely high likelihood that they purchase a new computer with 2
viruses already on it. Apparently I should have left the viruses on the
machine so they could have fixed it at no charge, but since I had already
sorted out the problem that is the end of the matter. No compensation, no
apology.

I can’t help wondering how many computers are being sold today without the
MS security patch installed and how many have viruses when shipped. In
most cases the seller can say the virus must have got onto the computer
after the purchase.




--
Mark Heyes (New Zealand)
See my pics at http://homepages.ihug.co.nz/~markh/
"There are 10 types of people, those that
understand binary and those that don't"

"MarkH" <> wrote in message
news:br1kfe$9tp$...
> I can't help wondering how many computers are being sold today without the
> MS security patch installed and how many have viruses when shipped. In
> most cases the seller can say the virus must have got onto the computer
> after the purchase.

Its not the sellers job to make sure the OS is up to date else theyll be
selling ex-demo/opened units instead of new unopened units.
Sounds like the one your customer got had either been used as a demo
model/taken home by staff or the virii did indeed get on the unit when the
customer started using it. WHich wouldnt surprise me as many stores sell
opened units as new to unaware customers....

On Mon, 8 Dec 2003 10:40:46 +0000 (UTC), MarkH <>
wrote:

>I had a customer that needed help setting up a Notebook for internet and E-
>Mail.
>
>While working on it I saw a disconnect just after getting it to connect to
>the internet, something about RPC. I became suspicious and ran Symantec’s
>fix blaster tool, blaster found and removed. So I ran the Symantec Fix
>Welchia tool, welchia found and removed. I also installed the MS Security
>patch.
>
>The Notebook was a Compaq purchased from Bond and Bond.
>
>The customer had a talk to Bond and Bond about the lack of security patch
>and the extremely high likelihood that they purchase a new computer with 2
>viruses already on it. Apparently I should have left the viruses on the
>machine so they could have fixed it at no charge, but since I had already
>sorted out the problem that is the end of the matter. No compensation, no
>apology.
>
>I can’t help wondering how many computers are being sold today without the
>MS security patch installed and how many have viruses when shipped. In
>most cases the seller can say the virus must have got onto the computer
>after the purchase.

--

The complete lack of evidence is the surest sign
that the conspiracy is working.

On Mon, 8 Dec 2003 10:40:46 +0000 (UTC), MarkH <>
wrote:

>I had a customer that needed help setting up a Notebook for internet and E-
>Mail.
>
>The customer had a talk to Bond and Bond about the lack of security patch
>and the extremely high likelihood that they purchase a new computer with 2
>viruses already on it.
>
It's unlikely that the machine had a virus on it out of the box. Bulk
build boxes are built from an image, sometimes one that is installed
on the HDD by the HDD manufacturer. Staff at B&B would probably not
have unpacked the machine at all.

Cheers,

Cliff
--

The complete lack of evidence is the surest sign
that the conspiracy is working.

MarkH wrote:
> I had a customer that needed help setting up a Notebook for internet
> and E- Mail.
>
> While working on it I saw a disconnect just after getting it to
> connect to the internet, something about RPC.

Was it connected through a firewall? I recently reinstalled 2K on a laptop
for a friend and, in the process of downloading an anti-virus update the
machine was compromised by a trojan. I only noticed it by having a proggy on
the machine that monitored upload and download and saw that it was uploading
as fast as it was downloading. This happened within one minute of being
connected via dial-up.
--
~misfit~


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.548 / Virus Database: 341 - Release Date: 5/12/2003

MarkH wrote:
> I can’t help wondering how many computers are being sold today without the
> MS security patch installed and how many have viruses when shipped.

Most of them, this was discussed a few weeks back.

MarkH wrote:

> I had a customer that needed help setting up a Notebook for internet and E-
> Mail.
>
> While working on it I saw a disconnect just after getting it to connect to
> the internet, something about RPC. I became suspicious and ran Symantec’s
> fix blaster tool, blaster found and removed. So I ran the Symantec Fix
> Welchia tool, welchia found and removed. I also installed the MS Security
> patch.

So you connected to the internet, assumibly with no firewall and got compormised
with 2 very widespread internet worms within minutes of connecting?

Where's the surprise in that?

XP has a firewall, USE IT

"Enkidu" <> wrote in message
news:...
> On Mon, 8 Dec 2003 10:40:46 +0000 (UTC), MarkH <>
> wrote:
>
> >I had a customer that needed help setting up a Notebook for internet and
E-
> >Mail.
> >
> >The customer had a talk to Bond and Bond about the lack of security patch
> >and the extremely high likelihood that they purchase a new computer with
2
> >viruses already on it.
> >
> It's unlikely that the machine had a virus on it out of the box. Bulk
> build boxes are built from an image, sometimes one that is installed
> on the HDD by the HDD manufacturer. Staff at B&B would probably not
> have unpacked the machine at all.
>
> Cheers,
>
> Cliff

Quite right. It's very unlikely that they're sold new with a virus already
on it. They should point out that people need to go to MS for the latest
upgrades as soon as they get on line. XP may want to do that anyway, it
should still be pointed out by the sales staff though.

E. Scrooge

On Mon, 8 Dec 2003 10:40:46 +0000 (UTC), MarkH <>
wrote:

>I had a customer that needed help setting up a Notebook for internet and E-
>Mail.
>
>While working on it I saw a disconnect just after getting it to connect to
>the internet, something about RPC. I became suspicious and ran Symantec’s
>fix blaster tool, blaster found and removed. So I ran the Symantec Fix
>Welchia tool, welchia found and removed. I also installed the MS Security
>patch.
>
>The Notebook was a Compaq purchased from Bond and Bond.
>

I'd think it unlikely to have got on a machine there Mark, surely
they'd be behind a NAT router if they're connecting machines to the
'net for demonstration etc in the shop......?

>The customer had a talk to Bond and Bond about the lack of security patch
>and the extremely high likelihood that they purchase a new computer with 2
>viruses already on it. Apparently I should have left the viruses on the
>machine so they could have fixed it at no charge, but since I had already
>sorted out the problem that is the end of the matter. No compensation, no
>apology.
>
>I can’t help wondering how many computers are being sold today without the
>MS security patch installed and how many have viruses when shipped. In
>most cases the seller can say the virus must have got onto the computer
>after the purchase.

I wonder the same, especially from the retail shops like Harvey
Norman, Dick Smith, Warehouse etc. It doesn't sit well with me that
users are left to fend for themselves in situations like that. It's
one thing for users to run attachments when they shouldn't, but
turning on a new machine that's going to get infected straight out of
the box without user intervention is a bit rough IMO. What's
everyone's views, should they be going out the door unpatched?

Cheers

Gavin

On Wed, 10 Dec 2003 02:32:07 GMT, (Gavin Tunney)
wrote:
>
>I wonder the same, especially from the retail shops like Harvey
>Norman, Dick Smith, Warehouse etc. It doesn't sit well with me that
>users are left to fend for themselves in situations like that. It's
>one thing for users to run attachments when they shouldn't, but
>turning on a new machine that's going to get infected straight out of
>the box without user intervention is a bit rough IMO. What's
>everyone's views, should they be going out the door unpatched?
>
I don't think that there is any option. The machines were probably
built from an image pre-installed on the HDD.

The only *possible* way around it is for all computer sellers to
provide a CD with the latest updates when they sell a machine.

Cheers,

Cliff
--

The complete lack of evidence is the surest sign
that the conspiracy is working.