Spyware, Viruses, & Security

General discussion

Is it safe to use my computer again, after it was compromised?

by Lee Koo (ADMIN) CNET staff/forum admin / February 28, 2014 9:40 AM PST
Question:

Is it safe to use my computer again, after it was compromised?

This past summer my son was using Skype to chat with people. I have never used the service and have no idea how it works. But apparently, he was in a group chat with people he didn't know and one of them hacked into our computer. My son is 13 and I really didn't understand what he was trying to explain, but from what he said this person told him they got our IP address and hacked into our computer. My kid freaked out and taped a big note to the computer that it was "infected" and for nobody to use it. When we did use it, we would get a pop-up that said unauthorized changes had been made to our computer.

The only protection I have on the laptop is Avast antivirus. So I really don't know what was going on with it. After not using the device for about a month, I ended up restoring it to factory settings and that seemed to work. Since then, we have a new router through our cable provider. I still have Avast for security. But I don't use the computer to make purchases or pay bills.

How can I tell if my laptops security is really compromised? Is it safe to "go back into the water"? If not, what must I do to make it safe to use again?

Sincerely,

Tonia D.
Post a reply
Discussion is locked
You are posting a reply to: Is it safe to use my computer again, after it was compromised?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Is it safe to use my computer again, after it was compromised?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Restoring to factory settings should make you safe again
by wpgwpg / February 28, 2014 10:29 AM PST

Nothing is 100% when it comes to security, but restoring to factory settings comes about as close as you can get because the first thing it does is to format your hard drive, eliminating everything that was on it. Once in a great while you could get a nasty virus that would get into your CMOS, but it's very rare for that to happen, and you usually know it when that happens because you can't use your restore discs.

Collapse -
Lovely CMOS battery backup!!!

It happens. A computer store gave me a free ISP program and the nightmare began. My computer kept resetting the computer registry. I called Microsoft and they helped a little. I spent two years trying to figure it out. A tech told me sometimes you have to pull everything apart and put it back together. CMOS was the reason my computer kept resetting itself and then my programs would be uninstalled. A computer store even helped me along the way but they only took my money and snooped to boot.

You have to ground yourself to the case.
You have to pull out the coin cell battery.
If your battery doesn't have enough of a charge, it won't start up.
It isn't fun to do. My mouse wasn't working right for a few minutes after I did that. You have to figure out how to get it working again.

Collapse -
The tech guy was right...
by JCitizen / March 14, 2014 11:39 AM PDT

I've had clients who were so badly compromised, that they had a re-flashed malicious bios, PCI card, and firmware on the hard drive! Fortunately they didn't really have anything worth stealing, so I re-flashed all the firmware, and ran a diagnostic repair on the hard drive using the OEM tools. This after replacing the firmware with the newest version of course. Low level formatting no longer works(in the traditional sense) on modern hard drives, but the diagnostic un-hides any sectors marked as damaged where malware re-installation packages can be hiding. Then I do something like the gutmann wipe, but for modern hard drives, i.e. Darik's Boot and Nuke.

If you do a thorough job scanning the hard drive with Malewarebytes Anti-malware Anti-Rootkit in normal mode, you can usually breath a sigh of relief - but if you have anything to lose, that isn't good enough. Always assume you are compromised and use kernel level solutions like a good HIPs - Comodo Defense +, Trusteer's Rapport, and Avast - where the kernel level characteristics of these solutions resist tampering by any left over malware. Also a good password manager can be golden, where encryption is used; this should also be rated as a good kernel level tool. Of course these solutions have to be already on the computer before the compromise, or you cannot trust the installation process will be successful!


After a wipe and reinstall, I still do a PE scan of the hard drive using DVD rescue disks by several solutions, like Kaspersky's Rescue 10 and Avast, and then just for good measure an MBAM safe mode scan with MBAR as previously mentioned.

Even if you don't have anything to lose, it can still pay to do that same scan without a wipe an reinstall. invariably I've found more rootkits, backdoors, or other APTs(Advanced Persistent Threats). It is a good idea to wait 24 hours before doing this, and keep the unit offline, before and during scanning, so any zero day threats have a chance of being found. Also it prevents the malware from calling their minions to change the characteristics of the malware in preventing detection.
The really good question is how much can you lose, and is it really worth the time, effort, and money to go deep in rooting out infection. Most of the time, a cursory cleaning is good enough for folks that have nothing to lose, and don't bank, shop, or otherwise expose personal information online.

Don't give up on Skype, just make sure you have both a good hardware AND software firewall, and don't allow Skype to start when the computer does - it is not a bad idea to shut Skype down after using it!

Collapse -
Safe to use my computer again after it was compromised
by not-a-clue / March 14, 2014 12:49 PM PDT

Tell you w2ha. If you have the time and know how. I would Re-install Windows. It is not that big of a thing.
If this is your only PC I would backup "ALL important data" Scan this Data to make sure your problem doesn't exist in the data you are backing up.
Then Reformat, it is not that big of a thing if you have all your reinstall disk's and or "pass keys, Serial keys etc". It is just time consuming to get your system back to what it use to be.
Be careful and patient!

Collapse -
You are okay
by 4Denise / February 28, 2014 11:21 AM PST

Your computer is no longer compromised. However, you really should learn more about computer security. Also, be sure to keep your personal data backed up. I am going to assume that you have the ability to restore the computer to factory settings, since you did so. Be sure you also have a copy of those restore files on DVD, just in case.

I found some places where you can get some consumer-level security classes:

http://netsecurity.about.com/c/ec/1.htm

http://netsecurity.about.com/b/2004/10/22/free-security-training.htm

http://www.computer-training-software.com/computer-security-t.htm

http://www.gcflearnfree.org/computers

http://www.timeatlas.com/web_sites/general/microsoft_offers_free_online_computer_courses#.UxFoMoX4LJc

I must point out that I have not yet used any of these resources. Look them over carefully. Something is bound to fit your needs.

Note: This post was edited by its original author to merge 2 posts together on 03/14/2014 at 8:36 AM PT

Collapse -
Here is help but beware of identity theft

Tonia,

Download Stinger by McAfee. It is a free program, lightweight and is made by the anti-virus people. Run it and see what pops up just for fun. It might take an hour but it is worth it to point out to you what was done but I caution you that it may just find some things.

http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

What you need to do is wipe the computer clean in order to get rid of the infection. You can try the route to save the data before you wipe it clean but you need to do a cold reinstall of Windows using a recovery disk. It sounds that if they stuck a sticky note, it sounds like you either have Windows 7 or Windows 8 and I know that Windows 8 doesn't come with a recovery disk because you are supposed to back up Windows when you get the computer. You basically need a 16 GB thumb drive or larger to backup your clean operating system and throw it away in a drawer somewhere and never use it unless you get infected again and then you have to learn on the internet how to use safe mode so you don't transmit viruses when you are cleaning your computer.

If you don't have a recovery disk or a backup, I don't know how else to get you a clean version of Windows legally other than to tell you that you will need to buy it as far as I know or buy a boot disk from http://bootdisk.com/ which won't be an end all solution.

The problem with Windows security is that other users will go through open ports and malicious hackers will install root kits to take your computer over. You basically will have to wipe the computer clean to be sure because they can install keyloggers to capture everything you type and capture your login information which includes, websites, usernames, passwords so you have to treat it like it is an infected computer and that you could be the victim of identity theft depending on how long this has been going on or how much information they can get from you because that virus you got is going to email them daily your information and what you do online.

When you do reset your computer to its factory conditions, you might want to change your email address because these people know who you are and will keep following you and try to make you the victims of a phishing attempt so you have to change your tracks by changing your email address so they don't know who you are anymore.

When I got infected by a virus, I basically bought a new hard drive, swapped drives, installed windows, read all the drivers and installed them. I then installed Word and other programs. It took me about six hours to install Windows and everything. I put the old hard drive in an external case and my data is still there but you have to be careful on clicking on things or you can get reinfected so you might have to scan your old hard drive in an external case with some good programs. When I got infected, Windows basically became the Virus so when my anti-virus software killed the virus, my computer wouldn't start. Doesn't that sound like fun to deal with? There was an encrypted copy of Windows on my machine and we tried for hours to unlock it so the tech said it sounded like my hard drive was failing so I ended up buying a new hard drive.

I suggest you install the paid version of Malwarebytes in the future and religiously keep it up to date because it can't detect malicious malware unless your definitions are up to date. Malwarebytes is protection against some of the malicious hackers.

The other problem you may want to do is get rid of Skype. Whatever he was doing was the source of the problem and you have to practice safe computing and keep clean backups otherwise you are going to get infected again.

I'm sorry if this is a little too much. Professionals are going to charge you $100-$200 to do what you can learn to do yourself and all they are doing is putting Windows in the machine and clicking on enter which means they are making money off of your tragedy.

Other than that, check your credit reports. Watch what comes in the mail and read everything. Change your online shopping passwords from a clean computer that isn't infected and you may want to scan it first with Stinger to be sure.

My employer clicked on a virus and one of those 1-800 numbers popped up on her screen saying they were from Microsoft and they would clean her computer. My employer ended up buying software from the people who infected her computer and gave them her credit card so you have to know what you are clicking on and what you are doing. You have to limit activities that infect your computer because there are OTHER people who download illegal programs and they don't know they are downloading a virus and no virus checker in the world is going to protect you from downloading the virus so you have to know who you are dealing with is ethical or not because unethical sources of software come with consequences.

I've been there. I've done it.

Learn to practice safe computing. Keep backups.

Let us know how you are doing.

Chuck

Collapse -
Don't forget..
by JCitizen / March 14, 2014 11:50 AM PDT

MBAM has to be the PRO version if you want real time protection. You better hurry to get the life time license though, because they announced they are going to go to the yearly model soon! All previous life time licenses will be grandfathered in, and good forever, as long as you have the retail license - OEM will only last as long as the machine. There are also many free solutions out there that use various science in real time protection. Just look at the CNET user reviews to find out what is the latest greatest tech.

Collapse -
Not right
by Dellji / March 14, 2014 12:10 PM PDT

Why clean the virus and then format the disk and reinstall windows?

Boot from a Live CD and run several different malware and antivirus programs to clean it.
Then use something like Auslogics Browser care http://www.auslogics.com/en/ to get rid of all toolbars and other unnecessary browser addins like toolbars. Then reboot and do a full scan with updated virus definitions and malwarebtyes

In my 40+ years in computers in most cases it is the free AV that came with a new PC that expired.

Jim

Collapse -
Unnecessary
by dangnad1 / March 14, 2014 12:38 PM PDT

What a blowhard. Chuck must be in the dreams of those with anxiety panic attacks. If you had to do all of the above every time you had a problem you would have no time to enjoy the rich benefits of the www. My advice, use Windows Defender and MalwareBytes. Run both of 'em, full scan, then sit back and relax and have fun.

Collapse -
Question
by JessR39 / March 15, 2014 1:20 AM PDT
In reply to: Unnecessary

You mention Windows Defender. I use Zone Alarm pro as my firewall. How do you compare the two as far as which is most effective as a block to my computer?

Collapse -
Re: firewall
by Kees_B Forum moderator / March 15, 2014 1:24 AM PDT
In reply to: Question

Windows Defender isn't a firewall. So you can't compare it with Zonealarm Pro (the firewall).
As antivirus Windows Defender ranks low.

Kees

Collapse -
How do you do clean backups?
by stephen7144 / March 15, 2014 6:21 PM PDT

The message about viruses states it's important to create and keep "clean backups". I don't know how you can be sure the backups are any cleaner than a C/drive that has been scanned with multiple scanners. To male a backup whether to DVD or external hard drive or even to the cloud, the backup software is just going to copy what was on the dirty C/drive when it backs it up. Even without backup software, you are simply selecting files and folders you want to preserve without knowing when one might have been infected. Of course you can run multiple scans on the backups and the C/drive but they will surely miss the same infections on the backup media as on the C/drive. I recently had a virus and it was found by a Norton manual scan, not the auto protect that is supposed to prevent the infection. It was found on the C/drive and on both external hard drives, the one using backup software and also the one I use for manual backups because you cannot count on any brand backup software to backup everything it is supposed to all the time. I know this to be a fact from experience. Even my online backup had missed backing up Outlook, which it was supposed to be backing up. I needed an Outlook folder that got deleted and fortunately had the manual backup I do for critical files and folders. But when a virus was found on the C/drive recently, the same virus existed on the two external drives and I have to assume the scans find everything which we've been told they don't. In addition, the online backup cannot now just be restored and there is no way to scan an online backup that I know of. You have to download the entire backup to a folder on your desktop and do as many scans as you feel necessary before anything from that online backup is safe to restore. The only other option I know of is to delete the entire backup where ever it may be located if the files can be let go. I would really like to know how the author of the answer above can make what he called a "clean backup" without also depending on various scans.

Collapse -
There are a number of ways to have a clean backup
by 4Denise / March 16, 2014 6:35 AM PDT

The first, and most important, is to back up your system immediately after it is installed (or after you buy the computer). This is an important backup to have because you know that it's clean.

Next, make a periodic clean backup when you know that the system is clean, such as after doing extensive scans and other utilities. I make one of these at least once a year and keep it around.

Last, do your manual scans and other utilities before doing any backup. I hate to tell you this, but a system backup on a drive that is always connected to the computer might be convenient, but it is not actually a backup. You can consider such a "backup" to be for data files, but not for your system. The same goes for online backups. Only backups that have been done manually are secure, and they must be kept off of the computer.

I also use weekly full (never incremental) backups using Acronis, which I keep on my computer. I have confidence in these because they are single files and they are static. I have never had one get infected. If one did get infected, though, I could easily restore using my annual backup and simply use my records (Belarc Advisor reports every week) to add in what is missing.

The point is that clean backups take time and effort. It is not an excessive amount, but it is important. Also, backups that can be accessed by your computer at any time can potentially be infected when your computer is.

Collapse -
For the future
by mateek / February 28, 2014 12:25 PM PST

If your computer is Windows I'd suggest putting your son or anyone else his age on a guest account in the future. If there's a real need for your son to have his own account, for saving favorites, bookmarks, or preferences, etc you should try using a "Standard User" account. If the problem arises again, you can just delete the account and your computer should be secure from anything that could come through the internet.

I vaguely remember a setting to disallow safe-mode anonymous log-in if you're concerned about the physical location of your computer being compromised. Maybe a CNET contributor could jump in here and elaborate.

To answer one of your questions directly, you said you've already restored your computer successfully to factory settings, so I wouldn't worry about paying bills or purchases. You sound like a cautious and responsible "surfer" with no previous concerns, so I'd say you're completely safe now.

Collapse -
Limited privelege accounts...
by JCitizen / March 14, 2014 12:15 PM PDT
In reply to: For the future

are definitely the 1st step in good practices. I'll let others look at the rest of your statement.

Collapse -
I assume your passwords aren't on your computer
by mateek / February 28, 2014 12:37 PM PST

I said in my post above not to worry about making purchases or payments. I just wanted to add that I assume you din't have your passwords unsecured on your computer. Otherwise you should make sure to change all the emails and passwords on all those accounts. I'm sure you'll know whether to go to those extra steps or not.

Collapse -
secure emails and passwords
by Kati / March 1, 2014 4:47 AM PST

Mateek Thank you for helping. I wonder if you can tell me how to secure your emails and posts?

Collapse -
Kati,
by mateek / March 1, 2014 1:36 PM PST

I think you should just do an internet search for "password manager freeware download" There are paid versions, but there are a whole bunch of really good free programs.

Collapse -
Yikes! No!
by dsttexas / March 15, 2014 12:17 AM PDT
In reply to: Kati,

Many free download fixit tools are malware themselves. Stick with reputable software only, and only from their own websites not other download sites.

Collapse -
I use Roboform
by 4Denise / March 16, 2014 6:37 AM PDT
In reply to: Kati,

I have the older version (paid for one time), and the subscription version. Both work great and both are still available. I cannot vouch for other password managers, as I have not used them.

Collapse -
I had a favorite pw manager
by mateek / March 16, 2014 7:46 AM PDT
In reply to: I use Roboform

My favorite before I moved to Windows 7 was AnyPassword here at Cnet, but the free version never updated past XP. I loved the simplicity but they only offer a paid version for Vista/7/8 now. At that point I did find and use Roboform, but didn't like it nearly as much. I stopped using Roboform about four months later. A glitch with AnyPassword was that after importing to a second or new computer I had to re-order all the entries I'd made into my preference for folders, and that was laborious. I don't know if the updated paid version has improved that or not. I'm back on an open source freeware password manager.

Collapse -
Secure emails and posts?
by JCitizen / March 14, 2014 2:00 PM PDT

I assume you may mean SSL secure socket layer? If you see the padlock in the address bar of your browser as you use your email, then it at least is unlikely anyone can read you activity online. As far as "posts" go; not many forums use this tech for that. If you don't want keyloggers to watch your activity, you can install Rapport by Trusteer and tell it to protect the site in question. If you are not in an SSL session I couldn't guarantee that particularly. However Keyscrambler by QFX can obfuscate what keys you are pressing, so at least anything spying on you from your side of the discussion will be illegible. QFX cannot block screen capture or video surveillance like Rapport can in an SSL session, however.

Collapse -
Compromised etc.
by pgc3 / February 28, 2014 12:46 PM PST

If your system is no longer compromised and you have gone back to using the free Avast A/V as your security software I'd suggest you upgrade to something more aggressive. Free A/V software is very basic and doesn't incorporate full real time coverage and will not preclude potential malware/spyware intrusions. Unfortunately the more effective anti virus software packages/suites are not free.

Collapse -
Not so
by 4Denise / February 28, 2014 1:07 PM PST
In reply to: Compromised etc.

Avast free is just as good at catching viruses as Avast paid is. Free antivirus programs do the job nicely. There is not a thing wrong with them. What they are missing is nice features that are optional.

Free antivirus programs are there because it is in everyone's best interests to keep computers from becoming infected. It would defeat that purpose to make the program so that it doesn't do the job properly. Avast free scans in real time, keeps itself updated, and does on-demand scans. It does all that can be done to keep a computer virus-free.

However, Avast only protects against viruses and similar types of malware. It does not protect against adware or spyware. For that, another program is needed. Those are also available for free.

Collapse -
Real time heuristic coverage
by pgc3 / February 28, 2014 2:15 PM PST
In reply to: Not so

I would have to disagree that the free A/V downloads are as effective as many and most of the higher end subscription packages. It is not just the software it is also how one uses the system(s). Some of the free tools available on the net, such as Malwarebytes, Superantispyware, Hijackthis and some others are reasonably effective when used properly but there is no such thing as a "PANACEA".

Collapse -
Who said anything about a panacea?
by 4Denise / March 1, 2014 5:09 AM PST

The point is that you do not have to buy the software. As far as using them properly, well that issue does not go away when you buy software. I am sorry you disagree, but you have no evidence to back up your opinion, and mine is well documented by the many people who use free security software exclusively and never have any more problems than they did with paid programs. I am one such person. Using the software is not difficult.

If you want the convenience (NOT security) of an all-in-one application that just does it all for you, then waste your money on one. If you just want your computer secure, then that is easily done without paying-- and it can actually be more effective, since you can mix and match different types of software according to what each does best. There is no such thing as a single all-in-one application that does it all well. It will invariably lack in at least one area.

Collapse -
Free AV vs paid
by BillOnDemand / March 1, 2014 10:37 AM PST
In reply to: Not so

Used Avast free version and kept getting infected by "ransom-ware". Went to paid version and have never had a problem since. The paid version puts your internet surfing "in the cloud", so that nothing touches your computer until it has gone through the Avast screening. Think of it as a milli-second delay, like they use on the Academy Awards broadcast to make sure naughty words don't shock the audience.

Collapse -
I'm sorry to hear that.
by 4Denise / March 2, 2014 3:55 AM PST
In reply to: Free AV vs paid

I use all free security software and I have never been infected with ransom-ware. If I was, it wouldn't do them much good. My latest full system backup is never more than a week old.

Collapse -
I had a similar experience with the free version of Avast
by wpgwpg / March 2, 2014 4:30 AM PST
In reply to: Free AV vs paid

I don't think I got ransom-ware, but I got some malware the first time I went to download an update for free Avast. I immediately got rid of it and went with different antivirus software. It's gotten to be a dangerous world we're living in unfortunately. Sad

Collapse -
I had it happen too
by itsdigger / March 2, 2014 5:15 AM PST

I got plowed by some game on Facebook when FB was young and I was using Norton supplied by Comcast and that Constant Guard back in 2005 or 06 running Vista. I used my restore media and got rid of Comcast's Norton and Constant Guard and have used free Avast ever since. Got rid of Facebook too.

Now I have to say that in conjunction I also stopped using Internet Explorer and use Forefox and WOT(Web of Trust) . I also don't download much. I normally use Linux now anyway and get most programs I need from the repositories

Digger

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech Tip

Know how to save a wet phone?

It's not with a dryer and it's not with rice. CNET shows you the secret to saving your phone.