Results 1 to 15 of 15
  1. #1
    Bronze Lounger
    Join Date
    Jan 2001
    Location
    Virginia, USA
    Posts
    1,560
    Thanks
    37
    Thanked 1 Time in 1 Post

    Malware getting thru modem or router?

    Yesterday I was on the phone with an elderly friend who had bought a new laptop computer and needed help setting it up. She lives two states away, so the phone was the only way I could help. Once we'd set up her local account, she downloaded TeamViewer, and I used that to handle the operation.

    Of course, we had to work by phone until I could use TeamViewer. During the setup by phone, she paused every now and then to tell me about something that had popped up on her screen. One alert said she needed to update a bunch of drivers, and the item kindly offered to help her with that chore. Moments later, another similar alert appeared. Each time, I stopped her and told her to ignore these alerts—they sounded like trouble to me. We got the local account established, and right away I got busy installing antivirus software. Her ISP, Comcast, provides Norton Internet Security free of charge; that's what I installed.

    Next I went to Add or Remove Programs, where I confirmed my hunches. I deleted "Chromium" and two other PUPs that had gotten onto her system in the short time it took to set up the local account! Then I installed and ran Malwarebytes and CCleaner. The former found and removed 33 PUPs. I think it's all under control now, but I'm a little worried. My friend has a history of letting crapware onto her computer. I'm sure I'd find plenty of it if I could peek at the Vista machine she's replacing. She opens stuff she gets from friends, and then wonders why her machine misbehaves. No amount of counseling dissuades her.

    I know there's no way to keep malware off a machine if the user simply will not exercise basic preventive behaviors. My chief, immediate concern is with the speed at which this stuff got in. I've set up a few new machines over the years, and never have I seen malware appear this quickly and easily. I suspect there's no guardian at the modem or router. What can I check—what barriers can I erect—at the "front door" to help keep her system safe?

  2. #2
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,436
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts
    Caesar,

    You're assuming that the stuff "got in" when it may well have been put there by the OEM!

    You might also seriously consider installing Microsoft EMET on her machine and select the highest settings.
    If she doesn't normally install software this should not interfere with surfing and email.

    HTH
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  3. #3
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,594
    Thanks
    5
    Thanked 1,059 Times in 928 Posts
    I believe if it is a Windows 10 machine that much of what EMET covers is already in Windows 10. See Enhanced Mitigation Experience Toolkit (EMET) version 5.5 is now available for more information. EMET may be overkill for her.

    I think that you should try to figure out where she is browsing and what she is clicking on. Social engineering is the most likely infection vector.
    Joe

  4. #4
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,436
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts
    Joe,

    Unfortunately, the items mentioned in the article are Enterprise Level Tools and not available to us mere mortals.

    Also, Edge may be more secure but it is basically useless due to lack of full addon support IMHO.

    I still use EMET as part of my layered security setup on my (3) Win 10 setups and it seems to be working AFAIKT!

    HTH
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  5. #5
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,594
    Thanks
    5
    Thanked 1,059 Times in 928 Posts
    @RG,

    Unfortunately, EMET is not a set it and forget it tool. You often don't know the effects until you've run the system for a while using most if not all the programs you normally run.
    Joe

  6. #6
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,645
    Thanks
    147
    Thanked 884 Times in 845 Posts
    You may want to log into her router and change the password from probably what is still the default admin and check the router's security is set to WPA/WPA2 - PSK - AES.

  7. #7
    Bronze Lounger
    Join Date
    Jan 2001
    Location
    Virginia, USA
    Posts
    1,560
    Thanks
    37
    Thanked 1 Time in 1 Post
    Guys, I really appreciate all the information you've shared. This is the first I've heard of EMET. It sounds like a great tool. However, I'd be more comfortable using it if I still lived across the street from this lady. Now I'm two states away, so I really do need a "set it and forget it" tool. @Sudo15, that's a great idea about logging into her router. I can do that with TeamViewer. My client's router was likely set up for her by one of her sons, who's not exactly a whiz at this stuff, if you get my drift. I think I also need to discuss her browsing and clicking habits in depth. She tends to trust her friends to NOT send anything that might be a gotcha.

  8. #8
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Delaware, US
    Posts
    1,172
    Thanks
    19
    Thanked 99 Times in 88 Posts
    Unfortunately, setting up a computer has become a alligator/swamp sort of thing and it's getting worse. Not that long ago, you could setup a computer without connecting to the internet but that's no longer the case. It's even become nearly impossible to download a full install of AV software and store it on disk for install to another computer.

    That said, I think you are correct in the assessment that there may be a user error issue at work. However, it's also possible that there is another infected computer connected to the same router, in which case it could rapidly find and infect any other computer connected.
    Graham Smith
    DataSmith, Delaware
    "For every expert there is an equal and opposite expert.", Arthur C. Clarke (1917 - 2008)

  9. The Following User Says Thank You to gsmith-plm For This Useful Post:

    Caesar3 (2016-05-23)

  10. #9
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,411
    Thanks
    447
    Thanked 406 Times in 378 Posts
    Some people are more prone than others to picking up malware on their computers. A few cases in point:

    * My former pastor and his wife -- two very educated people. I personally set up and cleaned both computers, and installed Trend Micro on both. A few months later, I found adware on her computer; and a rogue search engine had grabbed control of his browser.

    * My wife -- she doesn't know much about computers, but she is very careful about where she goes, what she clicks on, and who gets on her computer. I checked her computer when we were dating; it was as clean as a whistle.

  11. #10
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,436
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts
    Quote Originally Posted by mrjimphelps View Post
    I checked her computer when we were dating; it was as clean as a whistle.
    Sneaky Jim, checking for competition in the guise of checking for malware...very sneaky!
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  12. #11
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,411
    Thanks
    447
    Thanked 406 Times in 378 Posts
    Quote Originally Posted by RetiredGeek View Post
    Sneaky Jim, checking for competition in the guise of checking for malware...very sneaky!
    Actually, I had already hacked her match.com account, so I didn't need to.

    JUST KIDDING!!!!!

  13. #12
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    Paducah, Kentucky
    Posts
    430
    Thanks
    40
    Thanked 69 Times in 66 Posts
    Sure!

  14. #13
    Bronze Lounger
    Join Date
    Jan 2001
    Location
    Virginia, USA
    Posts
    1,560
    Thanks
    37
    Thanked 1 Time in 1 Post
    Ah! In fact, there is another computer on the same network: An old Vista machine, which this shiny new W10 machine will replace. My experience with this client tells me that I'd find plenty of malware on the old machine ... if I could check it. I need to get her to install TeamViewer on the old machine for a couple of reasons. For one thing, I know she'll want to move her photos and documents to the new computer. Before I move anything, however, I'll need to clean up the old machine, fer sherr.

    Thanks, Graham!

  15. #14
    5 Star Lounger
    Join Date
    Oct 2013
    Location
    Phoenix, AZ
    Posts
    926
    Thanks
    554
    Thanked 137 Times in 128 Posts

    Lightbulb

    This is for something else but it will work for what you want. Set Windows Updater to automatic once the Win10 offer expires if she is not updating. Set up a Guest account as the main use account and an Admin account with a easy password for use in installing apps. Put the password on something easy for the owner to access when needed. The account will only produce a window announcing a password is needed to install XXXX. If the owner goes ahead and supplies it well, you tried.

    Hardening off Vista

    If you are running Microsoft's Vista, support will end on Apr. 11, 2017.

    Truthfully, a lot of what I am suggesting below should have been implemented a long time ago. But the next best time to do it is now.

    -----------------------

    Add memory (if needed) to 3-4Gb (32-bit) or 8GB (if 64-bit). You are supporting an old PC get it into shape.

    Update wifi router (hardware) firmware after backing up settings. This can harden its access off and it may patch up some holes in its security.

    Clean out dust. Make sure fans are working. Look for issues inside (leaking caps for example).

    On an old system it is a good idea to run memtest86+, hwmonitor and mfg. drive diagnostic app(s) just to see if the equipment is still working to specs. Store a copy of the results (log) somewhere if possible.

    Consider adding a SSD [at least 120GB, though as I write this 250GB is the sweet spot] as the boot drive if still running on an HDD [see clean install of OS suggestion].

    -----------------------

    Install any remaining Vista updates.

    Turn off the Windows Update once support date is past. (Microsoft Update is left on if MS Office 2007 or newer still on PC; Office 2007 support ends Oct. 10, 2017)

    Set IE9 to highest security settings and use some supported browser like Firefox/Thunderbird (email) [Chrome no longer supports Vista]. Disable IE by directing to a self IP address.

    Update BIOS (if needed). I always update the BIOS to the last revision available before an install.

    Check for firmware on drives and apply.

    Clean install Vista. Great time to do it. (optional) If you do be sure to back up before you do. Be sure to grab all product keys/activation codes/etc from anything you plan to reinstall.

    Update all drivers, including peripherals.

    Belarc Advisor and WinAudit to inventory apps and machine. Look for apps you no longer or never use to remove.

    CCleaner remove any unneeded apps, check what startups are running, clean registry and temp files.

    Backup drive image (Macrium Reflect)

    Vista updates (collected)
    http://download.wsusoffline.net/

    Replace no longer supported Firewall - Comodo [Zonealarm is a good alternate]

    Replace Antivirus (if Microsoft) to something that will continue to support Vista. - AVG

    Add MozBackup and save browser/email if Mozilla based browser/email chosen

    add AdBlockPlus
    add HTTPS: Everywhere
    add Web of Trust (WOT)
    add YesScript or NoScript
    add Ghostery
    change to OpenDNS server on router (good job of blocking phishing) 208.67.220.220, 208.67.222.222 [or Windows if portable]

    Replace MS based email if unsupported - Thunderbird update (set ISP servers for secure email)
    POP (in): pop....., port 995, SSL/TLS, normal password
    SMTP (out): smtp..... port 587, STARTTLS, encrypted password

    Add EMET 5.5 (free; requires NetFramework 4) [support ends Jan. 27, 2017], Malwarebytes Anti-Exploit or HitMan Pro.Alert

    Add HitMan Pro.Kickstart (not a blocker, bit recovery/removal) or Malwarebytes Anti-Ransomware (still in beta as I write this; stand alone blocker)

    Add PSI Secunia (checks Adobe Flash and Reader, Shockwave, Silverlight, Quicktime and Java) Consider dropping these apps as well unless needed.

    Check Mozilla based browser plug-ins for updates: https://www.mozilla.org/en-US/plugincheck/

    Check Browser security: https://browsercheck.qualys.com/

    Install a HIPS Intrusion Prevention System: https://blog.malwarebytes.org/intell...05/whatiships/

    Update the HOSTS file now that MS won't do it.
    http://someonewhocares.org/hosts/

    Consider using a sandbox for apps. http://www.sandboxie.com/

  16. #15
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,645
    Thanks
    147
    Thanked 884 Times in 845 Posts
    A bit difficult to do those physical things when just accessing the machine through Teamviewer

    Plus, depending on the elderly person's level of competence - it's best to keep things simple.
    Last edited by Sudo15; 2016-05-24 at 04:15.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •