• (cs)

    Desktop support doesn't know what "spyware" is?  Hello?

    IT doesn't make them run spyware and anti-virus?  (Or did I miss something?)

    Wasn't necessarily the ninja, either.  If the laptop was plugged into a broadband cable connection and without benefit of a firewall, then any number of mad zombie robot PCs could have been accessing it over the WAN; most people forget that the default shares are unprotected, even on Windows XP.

  • doc0tis (unregistered)

    haha,

    I'm certain that ninja broke into my house too ;-)

     

    --doc0tis 

  • Bryan K (unregistered) in reply to mrprogguy

    Spyware, what is spyware?

     n0rp FTW
     

  • neouser99 (unregistered)

    The best part about this is that after working in University support for the Students, this stuff would happen all the time to the Staff after getting things back from their support teams... Makes it even more of a WTF to see it first hand.

    -neo
     

  • dfunct (unregistered) in reply to mrprogguy

    Surely its worse that they could even install Windows XP properly or save any of the data off the hard drive!? How hard is it to hook the hard-drive up to another machine before you wipe it?

  • (cs)

    They say that sufficiently advanced incompetence is indistinguishable from malice.  Nowhere is this more clear than corporate IT.

  • 3WTF (unregistered)

    Wow, a triple WTF!  Or as I have dubbed it: the 3WTF (like 3DES...).

     

    1) Boss gets spyware from porn surfing son.

    2) Help desk doesn't know what spyware is.

    3) Help desk fudges reinstallation of windows so the boot loader thinks there are 2 OSes installed.

     

    Brillant! 

  • Yaytay (unregistered)

    Whilst I wouldn't want to say that the desktop support folks were anything other than incompetent morons they did do something right.

    Once malware has run on a machine as an Administrator the only safe thing to do is reinstall.
    Unless, of course, you know every bit of your kernel code.

  • (cs) in reply to Yaytay

    Of course if this were pr0n of the bean bag girl, the tech support team was proper for chastising the OP.  Shame on him for wanting all that for himself!

     

  • wyz (unregistered) in reply to 3WTF
    Anonymous:

    Wow, a triple WTF!  Or as I have dubbed it: the 3WTF (like 3DES...).

     

    1) Boss gets spyware from porn surfing son.

    2) Help desk doesn't know what spyware is.

    3) Help desk fudges reinstallation of windows so the boot loader thinks there are 2 OSes installed.

     

    Brillant! 

    4) Help desk doesn't know about boot.ini. (They could edit it to come up to XP2 and shorten display time to choose.)

  • (cs) in reply to doc0tis

    The clear moral of the story is this: only surf prOn sites that don't install spyware.

    That'd probably keep you off them entirely!

  • Dave (unregistered)

    The best part about this WTF is the picture of the little boy.

     

    What is THAT? 

  • 3WTF (unregistered) in reply to Dave
    Anonymous:

    The best part about this WTF is the picture of the little boy.

     

    What is THAT? 

    It looks like he's seeing goatse for the first time... 

  • (cs)

    As someone who worked in IT throughout school and college, it's more common than you'd think to see the straight-laced professor with porn in his browsing history.  Like, a lot of it.  The less computer-savvy ones don't even know how to cover their tracks either.  Granted, the fact that this was a woman with a 14-year-old son makes it less likely that it was her but I've seen stranger things.

     As an aside, fixing infected computers was a daily occurrence for us in IT at my college.  Nothing but stupid undergrads that click every banner saying "will you be my friend?  Click here!" that they ever see and wonder why their machines have viruses and spyware on them.  Seriously, I have the click-through routine for Ad-Aware and similar programs down to where I can do it with my eyes closed.  Sigh.

     Glad I'm out of college and have a non-tech-support job, now, though.

  • (cs) in reply to Yaytay
    Anonymous:

    Once malware has run on a machine as an Administrator the only safe thing to do is reinstall.
    Unless, of course, you know every bit of your kernel code.

    Its usually enough to know what the malware is doing. A virtualization software with XP (or W2K, whatever was infected), an undo function and knowledge of "how stuff works" helps in analysis and prevents from reinstalling everything after each "harmless" infection.

    If you don't have the knowledge, reinstall. But you have to reinstall every Windows machine in your network to be sure that there are no leftovers.

    Sixtus

     

  • jacob (unregistered)

    This seems more like a post for Shark Tank than TDWTF.  This isn't a WTF; incompetent support staff is a daily ritual over there.

  • (cs) in reply to wyz
    Anonymous:
    Anonymous:

    Wow, a triple WTF!  Or as I have dubbed it: the 3WTF (like 3DES...).

    4) Help desk doesn't know about boot.ini. (They could edit it to come up to XP2 and shorten display time to choose.)

     Actually, if you're going to go to the trouble of editing boot.ini, take out the extraneous menu item.

     

  • (cs) in reply to Yaytay
    Anonymous:

    Whilst I wouldn't want to say that the desktop support folks were anything other than incompetent morons they did do something right.

    Once malware has run on a machine as an Administrator the only safe thing to do is reinstall.
    Unless, of course, you know every bit of your kernel code.

     

    not necessarily... you can usually clean them out pretty well. besides, nothing was said about her being logged on as an admin (though, with an IT staff that installs windows like that, it wouldn't surprise me).

     

    haha, and of course her son is an angel... why would a 14 year old boy brought up in a strict home ever wonder what pr0n is, or want to look at it... =P 

  • Jesse (unregistered) in reply to 3WTF

    I have to insert a 0th WTF:

     

    Anonymous:

    Wow, a triple WTF!  Or as I have dubbed it: the 3WTF (like 3DES...).

    0) Boss runs Windows XP as Administrator

    1) Boss gets spyware from porn surfing son.

    2) Help desk doesn't know what spyware is.

    3) Help desk fudges reinstallation of windows so the boot loader thinks there are 2 OSes installed.

     

    Brillant! 

     Captcha: ZORK!

  • (cs)

    This is so similar to most places, that I guess it qualifies more for a sidebar column than a WTF post of the day.

  • (cs) in reply to FrostCat
    FrostCat:
    Anonymous:
    Anonymous:

    Wow, a triple WTF!  Or as I have dubbed it: the 3WTF (like 3DES...).

    4) Help desk doesn't know about boot.ini. (They could edit it to come up to XP2 and shorten display time to choose.)

     Actually, if you're going to go to the trouble of editing boot.ini, take out the extraneous menu item.

     

     

    if you know how to go through the trouble of editing boot.ini, why screw up the install inthe first place? hehe 

  • Spungey (unregistered) in reply to Saladin

    Saladin:

    ...

    Seriously, I have the click-through routine for Ad-Aware and similar programs down to where I can do it with my eyes closed.  Sigh.

     

    Do you do house calls?  :-) 

  • (cs)

    When turning on your computer, you will be prompted if you want to run "Windows XP" or "Windows XP 2." It is essential that you run "Windows XP 2" -- the first choice will not work.

     

    (God, I hate this editor)

     

    IF I get it correctly, the Windows installer thought that Windows was already installed and created a 2nd entry in BOOT.INI. The entry for the old Windows could safely be deleted.

     

    After some Linux experiments, I ended with a similar event on my box: my data partition went from E: to C:, and Windows now boots from D:. Windows' installer also thinks that there is an OS in C: (which makes sense, since the partition is mark as bootable, and I don't want to tinker with this partition, it has ~50GB of music/video/pictures which I don't want to lose) and created repeated entries on boot.ini. However, the mess works OK (except for braindead software which WANTS to install to C:).
     

     

     

  • Tanta (unregistered) in reply to H3SO5

    Being the IT department for a small company (7 machines) I see this sort of thing way to often, thankfully none of them are admin.

     

    H3SO5: Best name and sig. ever!  

  • l1fel1ne (unregistered)

    He should have known better than to merely bandaid the damages caused by the evil porn ninjas, and consulted the proper guide to solving this problem: http://www.askaninja.com/news/2006/03/24/ask-a-ninja-question-16-how-to-kill-a-ninja

  • (cs)

    This is why nobody ever touches my laptop without me watching. I had a guy remoted in to my laptop to fix a firewall problem, and he started uninstalling my VPN client! Why? It's a so-called "security risk". (Firefox is also a security risk here, so it's blacklisted. Only IE6 is allowed.)

    Us nerds know better than to let somebody have free reign on our equipment. I'm far from being a Windows expert or MCSE, but I know better than anybody else how I need my laptop set up.

  • shaggz (unregistered) in reply to H3SO5

    I would bet money that the 'wiping' the disks really meant going into windows explorer and deleting tons of folders.  However, they deleted some system files, and windows wouldn't boot correctly.  So, they did the 2nd install, and thus the 2nd boot.ini entry.  

    Think about it, if you are savvy enough to format the drive, then, after a failed OS install, wouldn't you just format AGAIN? 

    Following this scenerio.....what is worse?:

    a)  tech support who knows nothing of boot.ini

    b) tech support whose idea of 'wiping the disks' involves a mass delete and emptying the recycle bin. 

     

     

  • Joe (unregistered)

    I'm printing this out, giving it to my boss, and asking for a raise.

     

    /I am the IT department here...

    //get plenty of "my wife's laptop won't work, can you take a look?"
     

  • Ak (unregistered)

    When I was working as a student technical assistant at my school during the summer, I had to investigate a case of a teacher's computer "not working properly". As soon as I logged in, I could see the whole desktop was cluttered with movies. Porno movies to be exact. Not to mention tons of porn spyware and dialers! And this was in an open office where his computer was facing the inside of the room!

    I was at a loss as to what to do, so I cleaned up his computer, moved his porn into a separate folder and told him he needed to do something about it. He was kind of embarrassed but agreed to delete them.  As soon as I left I promptly washed my hands as I noticed his mouse was kind of sticky! :-\



     

     

  • UltimApe (unregistered)
    Whoever needs to reinstall windows because of spyware, doesn't know what they are doing.
    She prolly had a root-kit, so a standard spybot check didn't turn anything up.
  • Devin R. (unregistered) in reply to neouser99

    Hate to say - but having been in the IT business for over 10 years I've seen this sort of thing too much. Way too many ppl doing 'support' work need support themselves. I've talked to MCSE's who couldn't find their way out of a paper bag let alone a recursive corrupt-driver problem on windows startup...

    There's absolutely NO way a competent support technician would have had to install xp twice onto two partitions or directories or whatever the hell they did to make that mess happen. Obviously they don't know how to format a disk drive or re-partition it. The 2 copies of XP is only WTF #1...

    The worst is the fact that all the original fellow probably needed the disc for was to reload some XP core files that had been damaged. That's all support would have had to do, also, replace the damaged files by doing the 'repair' functionality, then re-download any service updates that might have been lost as a result. This is WTF #2 - spending who knows how long re-installing windows twice when a simple fix would have solved it. That's like taking the engine out of a car just to change the oil...

    Too many idiots in the industry...I recall my own college days (early 90's), when we brought a printed F-Prot report showing all the virus-infested files on the college's LAN to the computer support room - since they ran no antivirus software at all. Their response? "That software must be a piece of crap. There's no way there could be any viruses on our network. All the student shares are read-only so they couldn't possibly write to anything". Right. Then explain why every desktop in the library and all the computer labs had Stoned, Monkey, and a few other common viruses on them, and as soon as you inserted your floppy into the drive, you were now guaranteed the floppy was infected too. WTB computer staff who know actually know more about computers than the students in the college...

    Made it really annoying to work on said files at home - I'd have to first make sure my anti-virus was up to date, then set it up to prepare to scan the disk upon insertion, and sure enough, as soon as the disk was inserted, each and every single time it found and cleaned the same three viruses.

    Of course, going back to the original WTF...this woman needs to more properly observe her sons behaviour on the laptop at home, maybe by tracking the history and URLs before and after each of his 'sessions', or if it's her - she needs to invest in some good anti-spyware, anti-virus, firewall, and proper browser software so it doesn't get infested the moment the laptop arrives at one of these "obscene" websites... 

  • (cs) in reply to UltimApe

    Anonymous:
    Whoever needs to reinstall windows because of spyware, doesn't know what they are doing.

    There are lots of situations (mainly on older OSes; Mac OS 8, Windows 95/98/ME) where things can just get so fubared that there's no other recourse than to reinstall the operating system.  If the computer won't even boot in Safe Mode (or crashes immediately on loading even in Safe Mode) then there's something more damaging going on than a rootkit.

    It's also sometimes necessary when you look at the time tradeoff -- 30 minutes spent backing up and restoring the user's data, 30 minutes for a reinstall.  That's an hour's work and the user has their computer back (almost) exactly the way it was before it stopped working.  If you try to get down into the registry or deeper to try to really clean out things manually (I've tried doing this on a machine infected with more than 50 different spyware applications; sometimes it's not even possible to do that X_x) it can take you orders of magnitude longer when the user just wants their computer back so they can write their term paper.  Especially if you're trying to go all MacGyver on the thing and trying to repair the registry from the recovery console or something like that.

  • ~kate (unregistered) in reply to H3SO5
    H3SO5:

    When turning on your computer, you will be prompted if you want to run "Windows XP" or "Windows XP 2." It is essential that you run "Windows XP 2" -- the first choice will not work.

     

    (God, I hate this editor)

     

    IF I get it correctly, the Windows installer thought that Windows was already installed and created a 2nd entry in BOOT.INI. The entry for the old Windows could safely be deleted.

     

    After some Linux experiments, I ended with a similar event on my box: my data partition went from E: to C:, and Windows now boots from D:. Windows' installer also thinks that there is an OS in C: (which makes sense, since the partition is mark as bootable, and I don't want to tinker with this partition, it has ~50GB of music/video/pictures which I don't want to lose) and created repeated entries on boot.ini. However, the mess works OK (except for braindead software which WANTS to install to C:).
     

     

     

     

     

    Here is an idea go and buy a external HD copy all of your music, pics,ect… Then take the time and install the O.S. properly.  Because one day your O.S. is going to shit out on you and then you can kiss your pics goodbye. 

  • Skinner (unregistered) in reply to savar

    Yet you were relying on someone for remote support?

    Your right "you know better than anybody else"

  • (cs)

    I vote that it was the woman herself. Southern Baptist my ass. It's always the prudish ones who are the biggest perverts. Look at your Repulican christian congressmen!!!!

     

     

     

     

  • Quincy5 (unregistered) in reply to l1fel1ne

    Anonymous:
    He should have known better than to merely bandaid the damages caused by the evil porn ninjas, and consulted the proper guide to solving this problem: http://www.askaninja.com/news/2006/03/24/ask-a-ninja-question-16-how-to-kill-a-ninja

    Just to warn everyone: this link crashed my Firefox pretty badly (it was locked up for five minutes before I could shut it down). Works fine in IE though... I wonder what WTFery on that site causes this.

     On-topic: I am surprised at the bad quality of so many help desks.
     

  • (cs)

    For some reason, this reminds me of a client I had at a former job.

    One of the things we did at my previous place of business was web hosting. It never made us much money, possibly because we never really bothered to put any resources into it: it was the kind of thing where the boss had said, "Hey, we have computers, we have a decent network connection, why don't we host some sites?"  For some reason, back-assward arrangements like this one are the ones that seem to attract the kookiest clients.

    One such client ran a shopping cart application on our web server... at least, it was nominally a shopping cart application. He did so without the benefit of SSL, or even a back-end database.  His staff (read: some college kids he had hired) had to hand-edit each individual page to update prices or products. None of the site was dynamically generated. There was no actual cart per se: when you wanted to purchase something, you filled out a form with item numbers and prices, like an order-by-mail catalog.  Your order, along with your credit card number, was then e-mailed to his fulfillment staff in the clear.

    After operating like this for god knows how long, he asked if we'd set him up with something which would automate it for him a little bit. His single design constraint: he didn't want to junk any of the site structure or pages he already had. And since there was no pattern to the names of pages, or how many products might appear on a page, or how they were selected, there was no way to generate them programattically.  So we did the best we could do at the time: we wrote him a Perl script which dynamically generated a bitmap of the numbers representing the price of a given item, and drove it with a CSV file he dumped from his database. And he was annoyed that his staff would have to edit each of his pages - by hand - to insert the appropriate image tag.

    I am not proud.

    Anyway, the story is this: one day, the lead web geek (read: college kid) for this company calls me. Pretend his name is Steve, and that his psycho boss' name is Pete.  After exchanging pleasantries, he says:

    "So... we were having this problem, and Pete told me to call. He wants to know if you think the web server may have been hacked."

    "Huh? Well, no, I don't have any reason to think so. I haven't seen any unusual activity..." (checking log files, as if I'm going to see something in /var/log/messages that reads "13:45:44: I'M IN UR SERVER, PWNING UR SITE") "...why?"

    "Well... see, we have these pictures on our site. They're shots of the products, right?"

    "Sure."

    "And there are a bunch that are supposed to be in color, but they're all coming up as black and white."

    (pause)

    "Steve, are you suggesting that someone broke into your site and replaced all your color images with black and white ones?"

    (pause. then, sounding agonized) "I told you. He told me to call."

    Steve is, as far as I know, still working for Pete.

  • (cs)

    It's always amusing seeing parents who are completely oblivious to their offspring's salacious intent.

    Back when I worked for a WTF-oriffic ISP/Telecomms company we had dealings with many people who ran *ahem* Premium Rate phone services. We got a call one day from a lovely couple concerned with a £10+ (GBP) phonecall on their latest bill, and they had managed to trace the number back to one of our 'stash'. The conversation went something like "Why is this phone number so expensive?" "It's a.. erm.. premium rate line. Companies run expensive phone services over it and recoup the costs through your phone bill." "What sort of services?" "Porn, mostly." "Oh my that's disgraceful! But there's nobody here who would use those sorts of numbers. There's only us and our son..."

    It's surprisingly difficult to tell someone so naive that their son has been getting an improper education at their expense.

    Bless 'em.

  • Chris (unregistered) in reply to Quincy5
    Anonymous:

    Anonymous:
    He should have known better than to merely bandaid the damages caused by the evil porn ninjas, and consulted the proper guide to solving this problem: http://www.askaninja.com/news/2006/03/24/ask-a-ninja-question-16-how-to-kill-a-ninja

    Just to warn everyone: this link crashed my Firefox pretty badly (it was locked up for five minutes before I could shut it down). Works fine in IE though... I wonder what WTFery on that site causes this.

    Askaninja works just fine in Firefox for me.

  • SagetFan (unregistered)

    Reminds me of a story I heard waay back in the day when I worked for customer support at a satellite TV provider.

    Some lady called complaining that she was being charged for pay-per-view porn movies she claimed nobody ordered.  The rep explained that you can't really "accidentally" order a movie, and offered to help her turn on content blocking.  Also, to be nice, he refunded the amount of the movies.

    The next month, she called back.  She was insistent that nobody in her house could be ordering these movies.  She was given another refund.

    The third month, she explained the reason why it was impossible that anyone could have ordered the movies, "These are all ordered in the afternoon.  I'm at work then, and so is my husband.  The only person in the house is our 15-year old son."

    That's when they stopped giving her refunds.

  • (cs)

    Hahahaha... that is awesome. Well written article, I got a good laugh from it.

  • (cs) in reply to Chris

    Me too... perhaps you better call IT support ;-)

     

    /* If you can read this it's not too late for you */

  • Jack (unregistered) in reply to savar
    savar:

    This is why nobody ever touches my laptop without me watching. I had a guy remoted in to my laptop to fix a firewall problem, and he started uninstalling my VPN client! Why? It's a so-called "security risk". (Firefox is also a security risk here, so it's blacklisted. Only IE6 is allowed.)

    Us nerds know better than to let somebody have free reign on our equipment. I'm far from being a Windows expert or MCSE, but I know better than anybody else how I need my laptop set up.

     

    If the I.T. guy, labels Firefox as a security risk, then tells you only IE6 is allowed, then you are in for a whole heap o trouble!  You couldn't pay me to run IE6 as my default browser! yikes, not a chance!

     

    captcha = knowhutimean! 

  • Rudolf (unregistered)

    Hehe, I would probably have called the 'supposed' ninja, and instruct him/her on the 'more correct' way of downloading  and viewing adult orientated material from websites :)

    Also; captcha : stfu
     

  • (cs) in reply to Skinner
    Anonymous:

    Yet you were relying on someone for remote support?

    Your right "you know better than anybody else"

    If it was a company PC, sometimes you get forced into these things. I work for a government school as what is really an all-in-one complete IT expert. I get to deal with almost everything here that contains more than 3 transistors. I have to plan network designs and other things like that.

    Yet in their wisdom, the government department decides to send people to "fix" things sometimes, and I have no choice. They often know about as much about the computers they are about to "fix" as what I know about cars... You can press some buttons and get things to happen. If you do the right things, you get somewhere.

  • mouseover (unregistered)

    On XP there's a non-destructive way to kill all the IE related hacker stuff (most of the time).

    1. Right-click the IE icon and dump all the temp files plus all the offline content:
      [image]

    2. Run whatever anti-virus software is installed.
    3. Right-click the MyComputer icon, select properties, and go to the System Restore tab. Check the 'Turn Off System Restore' checkbox and click OK.
      [image]

    4. Reboot.
    5. Go back to the System Restore tab in MyComputer properties, uncheck 'Turn Off System Restore', click OK.
    6. Reboot.

    Killing and reenabling System Restore erases all the files most hacker trojans push onto the machine. These are files that can't be deleted manually. You have to modify several desktop.ini files even to be able to see them.

  • (cs) in reply to Quincy5
    Anonymous:

     On-topic: I am surprised at the bad quality of so many help desks.


    Never ask a help desk to deal with a problem outside their core competency.  That means that if the monitor is on fire, or you forgot your password, or the janitor unplugged your computer, call them.  Otherwise, solve the problem yourself.
  • (cs) in reply to tin
    tin:
    Anonymous:

    Yet you were relying on someone for remote support?

    Your right "you know better than anybody else"

    If it was a company PC, sometimes you get forced into these things. I work for a government school as what is really an all-in-one complete IT expert. I get to deal with almost everything here that contains more than 3 transistors. I have to plan network designs and other things like that.

    Yet in their wisdom, the government department decides to send people to "fix" things sometimes, and I have no choice. They often know about as much about the computers they are about to "fix" as what I know about cars... You can press some buttons and get things to happen. If you do the right things, you get somewhere.


    My abacus stopped working.  Can you fix it?

  • zid (unregistered)

    And we all know the best browser to chose if you want websites to be able to install things without your permission don't we?

    Firefox for life. 

  • phx (who forgot to login) (unregistered) in reply to mouseover

    Anonymous:
    Killing and reenabling System Restore erases all the files most hacker trojans push onto the machine. These are files that can't be deleted manually. You have to modify several desktop.ini files even to be able to see them.

     ...?

     Whiskey *ksssshk* Tango *ksssssshk* Foxtrot *kssshk* Over.

Leave a comment on “I've Been Hacked!”

Log In or post as a guest

Replying to comment #105234:

« Return to Article