How do you bill / charge for malware removal and computer updates?

Hey Folks,

I have some questions for those of you that provide consulting services and bill clients for your work.

The questions are geared towards the time consuming process of malware cleaning and overall system protection and updating. So let's get to it...

Let's say I have a client with a personal computer. They have 80GB of actual data all on the same drive as the OS, they have very little protection in place, their OS is multiple service packs behind, and they have multiple unknown pieces of malware on the system.

Now that I think about this I could have questions dealing with billing as well as questions on how you would handle a situation in the fastest possible manner, but I'll put those second set of questions in a different forum category. Here is the second set of questions: http://forums.techguy.org/general-security/918359-how-would-you-go-about.html#post7342586

So let's say you go through the normal process of running the 2 to x number of tools you normally would run to clear of malware. You also go through your own personal investigation to catch things not found by the anti-malware tools. You then proceed with installing your recommended tools (paid or free)... like anti-virus, anti-spyware, firewall, innoculation programs and so forth. You also go through the process of patching the OS with the latest service packs and patches that the user hasn't done. You also update all the applications that have been waiting to be updated that the client never did. You clean up all the crap toolbars, because they now only see 1" of browser screen due to the 6 toolbars installed, you start uninstalling all unneeded programs, removing items form startup, and so forth.

So basically at this point you could easily have 5 to 6 hours of time into the computer.

Now I personally charge between $65 and $95 per hour depending on the services. For this sort of thing it is normally $65 an hour.

Now if I have 6 hours into the system you are looking at $390 for the time. What I normally end up doing is cutting the time in half and charging $195. Partly because there are times I am simply waiting for scans to complete (although it at times is hard to walk away from some of these as it may need intervention)... and partly because if I was in there shoes I would think $390 was a tough pill to swallow. But now that I think about it the auto mechanics in our area charge between $65 and $75 an hour and the NEVER cut me a break. I can't get out of there without spending $300 bucks... but that's another story.

Anyway... what I am grappling with here is fairly billing the customer, but at the same time not screwing myself over in the process. I personally would not make the living I wanted if I was only collecting half my hourly rate.

I know there may be some responses where you want to describe how you avoid spending 6 hours on a computer and I DEFINITELY want to hear it, but I'll make another post for that and provide a link shortly. Here is that post: http://forums.techguy.org/general-security/918359-how-would-you-go-about.html#post7342586

I know there are some folks who may do this sort of thing on the cheap... $15 or $20 an hour, but for that I might as well go work down at the local tire manufacturer and throw away my 20+ years in the IT Industry.

So those of you who do IT work as a business and to generate a meaningful living how do you deal with situations like this?

Do you simply do the bare minimum (just clean it) and then give the customer links to deal with protecting themselves and have them spend all that time getting protected?

Do you just make no money on malware removal and protection services?

What say ye?

Thanks in advance for your thoughts on the matter.

Greg

ps. I'll reply to this with a situation I had recently that ended up with 18 hours of time.

 

I recently had a nightmare repair for a business client that had a somewhat slower notebook, massive amount of business applications installed and a huge amount of data on the drive.

He did not want to blow the unit away and start from scratch... even if we did it is a 6 to 8 hour process to get everything he has back on the system (if he doesn't have an image) and he didn't.

He started with several of the major fake anti-spyware packages installed and multiple other malware pieces. Here the process I sort of went through:

- Made full backup/image of system so data could be recovered if need be. So many applications the data isn't always in my documents. (80GB of actual data on drive). Actually connected SATA notebook drive into system to get fastest SATA to SATA transfer and not via USB. Still took 1.5 hours.

- Started removal process of all the malware. Had to manually do some repairs just to be able to run some tools as well as use CD bootable based tools. This took several hours.

- His system started locking up intermittently so obviously something was whacked. After a fair amount of examination my only option was to restore to an older image I made 3 months earlier. Restore took and hour and 15 minutes.

- I then started took the latest image and started restoring data files (that would be scanned for issues) and stored all the current data. This took almost an hour.

- I then started updating the system as it is now 3 months behind on updates.

- Somewhere along the way something become corrupt on the hard drive and a disk scan found the FAT totally messed up and was not easily recoverable.

- So I began the restore process again, but this time checked disk very frequently in case there was a certain step causing the problem. This time now problems occurred. So now we are multiple more hours into this thing.

- Now I am back to the point of configuring all of the anti-malware tools for the computer... avast, malwarebytes, spybot, spywarelbaster, OnlineArmor, and other defense techniques.

- I then had to meet customer on site and get computer back online to the network and get the computer account back in sync with the domain as the computer account password had expired.

So... in the end this was an all night affair and close to 18 hours of total time from start to finish.

Now granted I didn't sit at the thing for 18 complete hours as during the scans and restores I did step away, but I also didn't just stay away... I checked the unit every 5 minutes to make sure it wasn't hung or having issues as he needed this computer back the next day.

Again... I know some of you will probably want to give some explanation on how you may have done things differently so it wouldn't have taken so long... let's save that for the new post I'll start. But for now... when you have had these nightmare types of repairs or even just ones that take 6 hours like my first post... how would you bill them?

Thanks again for your thoughts.