Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Has our home network been hacked?

Oct 7, 2016 4:52PM PDT

I'm concerned that our gateway has been hacked into. We have a cable gateway (Arris Touchstone DG1670a) provided by Time Warner. There are only two Ethernet cables currently connected to the gateway. I recently disabled the wireless connections. When we initially switched to TWC, I was out of town on business for two weeks and the modem was unsecured. We are running Windows 7 Professional and Internet Explorer 11 on both computers

Strange things occur when we are connected to the internet -- desktop icons have been moved around and/or have been disabled, programs that were pinned to the Start Menu have disappeared, extra letters automatically appear when typing sign-in passwords, and we have been getting knocked off the internet multiple times. I researched various topics on the internet and ran multiple virus scan programs and malware programs with no problems showing up. I also spoke to TWC tech rep who could not provide any insight into the problem.

--Submitted by Peggy S.

***********
10/10/2016
Update from Peggy S. here
:
https://www.cnet.com/forums/post/b7cf22b0-f9a9-43c8-ac38-5e48a7afc1cc/

Update on Hacking Problem

I tried the various suggestions and found no viruses or malware on my computer. I discovered during that process that someone had installed a remote access progam on my computer. I deleted it and disabled all the remote access services. I had already turned off the remote access option a long time ago under the Remote settings on Computer but this overode it. The problem with my desktop icons, etc, has no longer occurred.
However, lightening struck our gateway. At that time, I found out that the cabling from my ISP was not grounded. I later discovered that it also damaged my ethernet port. TWC replaced the modem but since my ethernet port did not die until about a week later, they do not think they're responsible for paying for the replacement.
I'm going to try a USB to ethernet adaptor until I can get it replaced.

Thanks to everyone for your assistance!

Peggy S.

Post was last edited on October 14, 2016 11:40 AM PDT

Discussion is locked

- Collapse -
You've been hacked or malware-infected
Oct 7, 2016 7:11PM PDT

You need to take action right away.
If possible, use Windows' System Restore to restore the operating system to a time BEFORE you installed the new Arris gateway/modem.
Next, turn off your computers. Don't use Sleep or Standby or Hibernate; use Shutdown.
Unplug the network cables from the computers.
Use a friend's computer or one at work to download some free security scan programs. Use a fresh USB flashdrive (one that's never been connected to any computer in your home).
Download, install and run the free version of MalwareBytes on the infected computers:
https://www.malwarebytes.com/
If necessary, use Windows' Safe Mode to install and/or run the scan(s).
Also obtain and run one or more rootkit scanners mentioned here:
http://www.techsupportalert.com/best-free-rootkit-scanner-remover.htm
Obtain and run the free version of CCleaner:
https://www.piriform.com/ccleaner/download
If all the steps above fail to restore normal operation you can save your photos or other data onto a spare flashdrive and then reinstall Windows from scratch.
When you're satisfied the computers are running normally again then it's time to fix the modem.
Use an unfolded paperclip or a pencil point to press and hold the tiny Reset button on the back of your Arris gateway (tiny hole above the USB port) for 10 or 15 seconds. Consult the Arris user guide for instructions on this.
Create a new username on the modem sign-in screen to replace the default "admin" username. Also create a complicated password in the space below the username. Write them down on a piece of paper.
Set up the modem's security with a new, long password using WPA-2 security. Use upper and lower case letters, some numbers and a some special characters. Write down the password and put it somewhere safe. Make sure the Guest Network is turned off.
On your computers, consider using a Guest account when you're on the internet. It's much harder to hack.

- Collapse -
Ghosts in the machines
Oct 7, 2016 7:13PM PDT

Unless some worm was inserted into your machine/s prior, when you secured the modem you locked any hackers out. They/he/she would have to crack your ID and/or password and the Arris can be set to not accept remote entry.
As to the rest; Some could be your browser, some could be remember this settings in browsers and Win 7. If time warner like Xfinity has Guardian software that installs with the free security stuff does funny and intrusive stuff.

Others will have better input. Best of luck.

- Collapse -
If Hacked...Your Problems May Run Deep - Let's Hope Not
Oct 7, 2016 8:43PM PDT

Hi Peggy

First-off there is no security protocol that YOU can enable for your modem. That’s all handled by your ISP (TWC). Your vulnerability comes when you turn on your computer. Even then someone has to be using it - opening infected emails and attachments, transferring files via an external drive from an infected computer, surfing the web to dangerous sites, opening a share session with a fraudulent computer tech, downloading stuff – in short someone has to open a gateway (email, file or browser) to somewhere.

If none of the above occurred while you were away, then your issues can probably be corrected by…

1. A computer re-boot into safe mode and back out. Here’s a link on how to boot Windows 7 into safe mode.

.http://www.pcworld.com/article/2851718/windows-8-and-windows-7-safe-modes-how-to-enter-and-when-to-use-them.html

2. System Restore to a point prior to the TWC installation is a good idea. Any files or programs installed after the restore point will be removed. Here’s a link on how to perform/select a System Restore:

http://www.dell.com/support/article/us/en/04/SLN85604

Here comes the “IF” again…..If the above failed then….
Take your computer to a professional and have it cleaned and restored. Depending upon the extent of the infection the cost can run upwards to $200.

If you are a DiY’er here’s a link on how to save a few dollars to clean your Windows system:

http://www.pcworld.com/article/243818/security/how-to-remove-malware-from-your-windows-pc.html

You can also wipe the hard drive and start over with a clean install of the OS or a system restore from an external HD that has a clone of your system from before you switched to TWC.

Whether you enlist the aid of a professional or take the DiY route…off load your documents, files and photos to an external HD. You can have the professional scan them or you can do so yourself after you get your computer back-up and have installed an antivirus program (other than the one you had) to scan the drive before placing them back on your computer. Not to worry 99.9% of spyware finds a home in your systems registry. The clean –install or system restore includes an uncontaminated system registry.

One program that I use on a monthly is Malware Bytes. There is a free and a pay version. I rum Malware Bytes once a month in addition to my anti-virus program that is always on.

Assuming nothing has corrected the issues….I don’t want to push the manic button, but you’ve got some funky things going on with your computer. Sounds like it’s possessed. Devil All jokes aside I’d stop worrying about my computer at this point and start concentrating on how to protect your finances, identity and family.

Random characters appearing when typing sign-in passwords are reminiscent of a key-logger having been downloaded to your system. These days a computer is a gateway to your life. Even if you don’t have critical data stored on it spyware can capture passwords you use for online banking, shopping, social media or anything where a secure sign-on is required.

Although it can be very frustrating and a feeling that you have been violated – I strongly suggest you replace all of your credit cards, change your bank account number, scrub social media accounts, change every frick’n password you use and get a new email account - preferably one that doesn’t end in “xx.rr.com” (TWC). Email addresses are often used as online ID’s. I know what I suggested can be a pain in the Derrière, but so can having your finances ruined or losing your identity.

I hope you are able to resolve your issues quickly and in the simplest way possible. Good Luck!

Together Everyone Achieves More = T.E.A.M.

- Collapse -
ISP Handles All Security Protocols for Your Modem? Not Quite
Oct 8, 2016 9:30AM PDT
" First-off there is no security protocol that YOU can enable for your modem. That’s all handled by your ISP (TWC).

Are you saying that Time-Warner Cable pre-installs a unique, complex WPA-2 passphrase on the modem/gateway? The original poster said he was out of town when the modem was installed and that it was unsecured, and that he only recently turned off the wi-fi. That means their home network was clearly vulnerable.
For example, someone sitting in a car out in the street could use a laptop to discover the wide open wi-fi (Show available wireless networks option in Windows). Free software running on the laptop can quickly open a browser, try all the standard router addresses such as 192.168.1.0 and others until a sign-in screen appears, auto-type "admin", leave the password blank or input a factory default password for that model, open a list of all connected computers, then hack into those computers through their local ip address and insert a piece of malware.. All of that takes less than 5 minutes to achieve if any of the connected computers are booted up.
Similar vulnerability exists if your router/gateway/modem has a Guest network enabled with no security passphrase. In fact, this may be the easiest way in ....
- Collapse -
Modem and Router: 101
Oct 8, 2016 10:39AM PDT

I believe you are confused by the terminology. When was the last time you used 192.168.x.x to log into your MODEM. I'll tell you...NEVER. 192.168.x.x is the default for a ROUTER. A ROUTER is what you lock down with WPA2 for security.

I don't know how old you are but there was a time before WiFi that all an ISP provided was a MODEM to bring internet and/or cable service into your home. Everything was connected via ethernet cable which is a secure connection. The security was handled by the ISP for the MODEM. Furthermore, for a MODEM to be hacked it must be done at the server end of the ISP.

Unless TWC is provideing a combination Modem/Router (which IMO is always a bad choice) it wasn't the MODEM that was open it was the Router component that was unsecured. Unfortunately, a lot of users depend upon the ISP (especially when the ISP provides modem and router) to secure their network.

In case you didn't know the ISP client has the option to use only the modem component of a combination unit supplied by the ISP and integrate their own router. I've done it with TWC, DirecTV and now Google Fiber. FYI, when I used TWC I used my own Modem and Router.

Bottomline it was the ROUTER component that was allegedly left unsecured and compromised barring any attacks via email attachments or fraudulent websites.

I hope this clears things up as to the difference between a Modem and Router security protocols and who assigns them and how.

Cheers!

- Collapse -
You are correct
Oct 10, 2016 8:38AM PDT

I used the term Modem but thinking of the Router side of it.

- Collapse -
Gateway 101
Oct 14, 2016 7:52PM PDT

You mentioned: " Unless TWC is provideing a combination Modem/Router (which IMO is always a bad choice) it wasn't the MODEM that was open it was the Router component that was unsecured."

Per Arris website: "The Touchstone DG1670 is a DOCSIS3.0 home data gateway supporting 16 x 4 channel bonding for up to 640Mbps of broadband data. It combines a 4-port gigabit router, MoCA 1.1 over coax, and a dual band 802.11n wireless access point."

I don't know how old you are but ISPs have been supplying a combined modem/router known as a "gateway" for several years. In my initial reply i referred to the unit as a "modem/gateway" hoping it would clarify my intention. Naturally, i checked the Arris website before writing my reply. At home we use a separate modem and router. Some of our friends, however, have gateways and i have as recently as last month logged into one of those those gateways using 192.168.x.x. I hope this clears up the difference between a modem and a gateway. Cheers!!

- Collapse -
OK
Oct 14, 2016 8:50PM PDT

Whatever you choose to believe...then so be it.

Cheers!

- Collapse -
No, it is whatever is true.
Oct 14, 2016 11:46PM PDT

Every ISP I have used in the last 10 years has supplied a gateway, not a modem. The gateway is a modem and wired/wireless router in one unit. This is not an opinion. It is a fact. The original poster specified a gateway. She can access it and set the options.

- Collapse -
This is the last I’m going to say on this subject…..
Oct 15, 2016 6:39AM PDT

Just because you combine a Modem and Router into one unit and call it a Gateway doesn’t change the basics of operation.

To the user it’s smoke and mirrors. There is still a modem and router component. They both still have specific duties.

The modem component still connects to the ISP servers to bring the signal into your home. That is still a secured connection. It can only be hacked at the ISP server. Through that connection the ISP will send updates and firmware upgrades as to how the Modem will handle/process the signal. Do you really think the ISP is going to allow the user to lock down the Modem (deny ISP access) and/or mess around with its internal protocols?

The Router component takes the signal and allows the user to distribute it to a single or multiple devices via a wired Secure connection over Ethernet and/or Unsecured WiFi; until the user logs into the Router setup page and creates a WPA2 security protocol. WiFi is the only thing that can be hacked from the outside without a connection to the user’s computer therefore necessitating the creation of a WPA2 security passphrase.

If you are still not convinced that when you type in the IP Address for your Gateway that all you are accessing is the Router component (not the modem component) click the link for TWC.

https://www.timewarnercable.com/en/support/internet/topics/wireless-networking.html

That’s it.

- Collapse -
Irresponsible ISPs...
Oct 16, 2016 3:26PM PDT

It has been my experience helping clients on many of the forward facing devices on their home network, that have visible or actually open ports just waiting for a brute force attack by the typical criminal enterprise that permeates the web. In each case it solved their problems to put another hardware router behind the ISP equipment. However if the "gateway" er whatever resides in that spot, has a known back door, or is weak against such attacks, it will not stop them from redirecting the customer to malicious sites.

Some of the providers out there have actually been sued over this subject, and the consumers won the right to use their own equipment to secure the firewall. Time Warner may have been on that list.

- Collapse -
It was about 15 years ago..
Oct 16, 2016 4:34PM PDT

but I remember when I ran with just a modem and a software firewall when broadband finally came to my area. At that time I was able to access some of the settings on the modem using a built in web page accessing it from the LAN side of the modem. I don't remember the address I used, but only a browser was needed. Your discussion stimulated this old memory - I'm pretty sure I'm correct, as it was one of my first attempts at troubleshooting ISP hardware. I have had networking experience way back to 1985 but hadn't rejoined the tech until years later. Your comments reflect today's reality now.

- Collapse -
It's Good to Have a Knowledge of History
Oct 16, 2016 10:17PM PDT

You are absolutely correct in your thinking. Going a bit further the DOCSIS standard for Modems was adopted about 19 years ago. Prior to that they were proprietary software based units that allowed updates in the field by a technician. A smart consumer could possibly login to the net framework and play around with things. They (consumers) could do one of two things: (1) improve performance or (2) really muck things up. The latter being more of the norm than the exception. All of which again -to your correct recollection - was 1985 thru 1996. I might also add that "hacking" back then was more of a malicious hobby versus what it is today!

What I’ve been trying to convey to some in this forum is that in today’s world the user does not have access to the Modem net framework. It is only accessible by the ISP. The problem to understanding is that many in this forum have No History. They don’t know how things once were and therefore misinterpret todays truncated verbiage to apply to the whole rather than just an integrated part of the whole.

The Tech world consistently employs the "KISS" approach (Keep It Simple Stupid) when relating to the consumer. It’s much easier for an ISP to call the box they provide a “Gateway” and tell the consumer here’s the IP Address and Passphrase to secure the unit to their preference.

The ISP will call the Gateway a modem just because it’s easier to explain. After all the term Modem has been around even before “dial-up” computer based internet. Ever use the term Phone Modem? Modem IMO has become a pseudo-generic term just like Kleenex and Aspirin.

However, I believe in providing proof...so anyone reading this can click the link and scroll down to the section on Security to learn who does and who doesn’t have access to a Modem :

https://en.wikipedia.org/wiki/DOCSIS

Good reading everyone and Thanks JCitizen for joining the conversation!

- Collapse -
Thanks for your contributions as well!!!
Oct 25, 2016 1:35PM PDT
Happy
- Collapse -
The ISP handles the security? Not mine.
Oct 14, 2016 11:43PM PDT

It might not be common knowledge, but the user is the one that handles the security on a gateway. If the instructions for doing so were not provided with the gateway, then the company should have instructions available on their site. You can get into the administrator setup program and alter passwords, change security (if the unit has that capability) or do anything else that you can do with a router/modem/gateway that you own. All you need is the url and the default administrator name and password. You can change those immediately. The difference between a leased gateway and the one you might own is that the leased one is usually set up with a way to reset the unit to factory settings easily. Even that may not be different, since you can often do that to one you buy anyway.

I think it goes without saying that anyone who is using a leased gateway should immediately go in and change the administrator name and password.

- Collapse -
A couple of random thoughts
Oct 8, 2016 1:38AM PDT

Hi Peggy, you have some good and comprehensive advice from gaucherre and ajtrek already. It certainly sounds like you have some sort of infection but it must have been picked up while your computers were running.

Running offline scans such as Malwarebytes, Kaspersky, Trend Micro and others would be a first step. Some of these can be run from a bootable CD/DVD download, which would limit any malware from interfering with them.

I would assume your TWC modem has an inbuilt hardware firewall, in addition to your personal firewall on your computers. Check the documentation to make sure it's blocking everything you don't use.

If you do decide to wipe the computer system disks, a drastic step, make absolutely sure you have (preferably two) verified backups of your data. Then don't just reformat them, use something like Partition Wizard live CD/DVD to secure erase all the partitions and reallocate them. Do a full format when you reload your system. If you have a known clean full system image backup of your systems from before the problem started, reload that and you are good to go. Otherwise, re-install your system and applications from the distribution disks and run your malware scanners against any data you transfer from your backups you made before wiping your disks - it's fairly easy to hide malware in JPG images, for instance.

Last thought, does TWC subscribe to any of the shared hotspot schemes - like FON in Europe, Telstra Air in Australia? The idea is that you can log into other people's modems when travelling, in exchange for allowing others to log into yours. Telstra and FON say it's completely secured at the router - I disabled my Air!

Good luck.

- Collapse -
Definitely...
Oct 16, 2016 3:40PM PDT

Until you've run a boot scan with Kasperskiy Rescue DIsc 10, you really haven't tried to make sure there are no lurkers left in the PC. You will have to be connected to the internet by Ethernet though, because many of those rescue disks don't have wireless drivers.

I've also had to wait 24 hours occasionally for the zero day definitions to come in the updates on the rescue disk - they are stored on a folder in the root directory to shorten downloading time in any future scans.

Peggy has not said if she was running as administrator on the web or not, but I assume others here have already warned about that - one should always do daily work on the web, logged in as a standard user. Creating the account is easy. Look up here on CNET on how to teenager proof your PC.

- Collapse -
Your systems are contaminated, for sure.
Oct 8, 2016 6:19AM PDT

The fact that your virus scanning activities haven't turned up anything is concerning but by no means conclusive. Lots of malware includes code to detect a virus scan and will effectively go into hiding during a scan.
Advice about replacing cards, bank account details etc. is sound and those measures may be a necessary pain.
Scanning the computer while it is running under its own operating system is unconclusive, theref ore some peopel have a Linuy based "virus scan disk" (CD or DVD, so that it cannot be corrupted by the virus you are after. On the other hand it may not even be useful to know the identity of what hit you, since the best option in all probability will be a clean install anyway.
You do want to back up your data to an external disk, though - but be aware that that backup might contain copies of the virus or its source (it could be in a PDF file, a Word document or even a JPG image - or multiples of those.)
It is not entirely proven to me that the cause of your problem is in the specific internet access product you are using - the issues you describe could have come via any other internet connection as well, which would explain why the TWC tech rep didn't have any enlightenment for you. Still, it is a good idea to lock up your modem/router (or whatever they call the device you are using for your connection) as described earlier - for many good reasons.
Once you have a clean install of your OS again - on a fresh disk or at least one that has been thoroughly repartitioned and not-quick formatted preferably under control of the install CD/DVD - you need to run a few thorough malware scans on your backup data before you let anything on your new system touch your data again - lest you end up with exacly the same problem all over again. You may not find anything during those scans, by the way. If the infection came from an email attachment or a file on a web page that you opened without permanently storing it on your system that source of the problem may be long gone, without, alas, taking the infection with it ...
And going forward, learn to be wary of all email attachments, especially those that com from unknown parties, and even more so if the email is in bad English (or bad whatever language is customary aroud your life) and/or it is made very urgent that you should open the attachment and/or react to whatever they warn you about.
And don't visit websites that unknown parties want to send you to or - even worse - that links in an email point at.
I get a lot of this kind of dangerous junk mail and must assume that practically everybody does as well. My email client will reveal the address behind a link in an email when I hover the mouse pointer over it. It is totally crazy to see where some of those alleged web pages of your home bank are hosted. And have you ever wondered why you get so many mails from banks that you don't even bank with? So, what makes you think that the mails that seem to come from your actual bank are any less fraudulent? If in doubt go to your bank's homepage (typing the URL in by hand to make sure it wasn't jippoed in your browser's bookmarks - yes, they can do that, too!) and if from that homepage you can't find the page you were supposed to reach from the link in the email - then the link in the email is bogus. Really, it is!
In my opinion the above covers the vast majority of opportunities to get into trouble on the internet.

- Collapse -
Better do some cleaning.
Oct 9, 2016 11:45AM PDT

We have a Time Warner modem that has the Wi-Fi, but, we do not use TW's Wi-fi, with instructions from TW you can do whats called a BRIDGE CONNECT, which means your bypassing TW Wi-Fi and using your OWN Wi-Fi- thru your Router....

- Collapse -
Update on Hacking Problem
Oct 10, 2016 4:20PM PDT

I tried the various suggestions and found no viruses or malware on my computer. I discovered during that process that someone had installed a remote access progam on my computer. I deleted it and disabled all the remote access services. I had already turned off the remote access option a long time ago under the Remote settings on Computer but this overode it. The problem with my desktop icons, etc, has no longer occurred.
However, lightening struck our gateway. At that time, I found out that the cabling from my ISP was not grounded. I later discovered that it also damaged my ethernet port. TWC replaced the modem but since my ethernet port did not die until about a week later, they do not think they're responsible for paying for the replacement.
I'm going to try a USB to ethernet adaptor until I can get it replaced.
Thanks to everyone for your assistance!
Peggy S.

- Collapse -
Here are some helpful steps to start...
Oct 14, 2016 3:22PM PDT
- Collapse -
There are also other precautions...
Oct 16, 2016 4:07PM PDT

If you do no banking or shopping online, then you can ingnore most of my advice. I like defensive techniques that work pretty well even if you are infected.
1. Use a good encrypted password manager - don't rely on the browser to memorize them, if fact I block that myself.
2. Download IBM's Rapport to protected against further browser manipulation and keylogging. This is a free utility provided by banks usually, but eBay used to have a download as well.
3. Here on CNET you can probably also find an anti-keylogging utility, and the user reviews are the best litmus test on those. KeyScrambler isn't too bad but it isn't as good on browsers as Rapport is. The free version may have protections for notepad, but I haven't used the free version in years.

These are just a few things I offer in addition to the good link Lee is providing, as there is good advice there too. However - if you have to wipe the hard drive of a laptop or PC, I recommend the drive manufacturers diagnostic program be used to do it. The drive manufacturers have discovered that wiping the spaces marked as bad by superfluous "bad sector" scan flags left by the malware is required. These kind of infections can survive a weak wipe program.

- Collapse -
Don't Give Up...Just Yet
Oct 25, 2016 6:17PM PDT

Hi Peggy

If you are still out there monitoring this thread thanks for getting back to the community with an update, it's very much appreciated. There's not much I can add by way of securing your PC now that you have done all you can based upon the most recent info from Lee and J Citizen.

Just curious....you made it sound as if the remote access you found on your computer was a legitimate application like from a Microsoft Tech or another reputable computer tech company. Is or was that the case? If so you are probably OK; but if not you should definitely take corrective actions to protect your identity and finances.

Not sure what you mean by your Ethernet port was damaged and TWC refused to accept responsibility. Where is the port located? On your computer?

Given that TWC has already admitted to an ungrounded cable causing the modem to die during a storm you may have recourse as they have already admitted to culpability of a kind. Electronics don't always die at the same time after a surge. For some it takes continued use to speed the process which could be months, weeks or days. However, in your case I think a week is close enough to the time of the incident to site probable cause.

I've found that threatening to submit a report to the BBB often times gets a very quick response. I took on Apple who had refused to refund $25 due to a legitimate online mistake that I reported in less than 24 hours. After I reported the incident to the BBB my $25 was refunded in the form of a credit. OK it wasn't cash but it was something Happy

Bottomline is...don't let TWC bully you. If the damage is costly I'd go all the way within reason so as not to spend more money fighting TWC than you might hope to get in a settlement. Small Claims court mat be a course of action as well - consullt legal aid in your area before you do so. In most places it's free. Also, like I said TWC may acquiesce with a bit of saber rattling.

In any event Good Luck...Peggy...and Safe Computing!

Together Everyone Achieves More = T.E.A.M.

- Collapse -
sophisticated
Oct 14, 2016 7:42PM PDT

Probably an remote agent that is not detectable with most software. Would rebuild myself, format reload .etc Hopefully no identity data was on it. Firewalls are available and cheap for what they protect. Use more than just a wireless router with minimal protection ....Identity theft is one of the most damaging infringements one can experience.Even when the credit companies know it can take many years to clear up.

- Collapse -
If you do reinstall - replace the drive
Oct 14, 2016 10:11PM PDT

If you do reinstall, whether a clean install or from a backup, I suggest replacing the hard disk instead of wiping and reinstalling. Hard disks are cheap now--a name brand 1TB drive is $40.

There are three benefits from "Replace, don't wipe":

1) You still have the old disk. I guarantee you there will be something you forgot about. Even with backups, you can't run backups. Sometimes you need to see a program running to remember a setting, or something else.

2) It's a lot faster. Although you should back up anyway, you actually don't need to--you still have the old disk.

3) Less worry--you don't have to hope everything will work, load, reactivate, etc. You have the old disk.

Regarding "reactivate", although you usually can get MS to grant reactivation, with other vendors' programs sometimes the activation server has been shut down, the vendor is out of business, the program has reached the maximum number of installs and the vendor refuses to increase that number, etc. If you have to access that program, you can swap the old drive back in, run the program, and then swap back to the new drive when you're done.

"Replace, don't wipe", is a cheap "belt and suspenders" approach. (If you're wearing a belt, why do you need suspenders? If you're wearing suspenders, why do you need a belt? "Just an extra precaution.")

And if the original disk is a decent size, eventually just buy an external enclosure, wipe the drive at that point and you've got an additional backup drive.

- Collapse -
Yes, you were hacked.
Oct 14, 2016 11:37PM PDT

If you had a remote access program on your computer, then you were hacked. Scary, right? Did you turn the wireless off on the new gateway? New ethernet cards are really inexpensive and easy to install. Ethernet goes out on computers very easily. In fact, you will probably pay less for a new ethernet card than you would for the usb access. You just need to know what kinds of add on slots you have in your computer to get the right one.

Make certain that nobody is allowed to use your computer unless you are present. You'd be surprised how many people think it is "fun" to mess with someone else's computer. A computer is a personal item. It is not for public use. Make sure your guests know this. Put proper security programs on your computer, use a good password (do not give it out to anyone), and make sure that you set the computer up so that it locks out anyone who tries to access it when you are not there. I went as far as to get a cheap computer for my living room. My good computer is in my bedroom, and I do not allow anyone else to use it. If someone needs to use a computer, I have a guest computer that they can use. If they mess it up, then I can reset it to factory state easily. I only install security programs and a few browsers on it. If they break it, then my guests can complain all they like. They just won't have a computer to use. I did my best.

Also don't forget that you can make separate accounts for everyone in your household, and only one needs to have administrator access. You can even shut out everyone's ability to install new programs without your permission.

- Collapse -
Not exactly a hack but...
Oct 15, 2016 12:32AM PDT

If you are on XFINITY/COMCAST and are renting the cable moden/ router you may be running an open WiFi on your connection.

XFINITY is promoting their HOTSPOT WiFi service for their customers. This uses a 2nd WiFi port (RF Channel) that runs requires a user to login with a XFINITY/COMCAST ID.

First of all this does use some of the bandwidth of your Internet cable service. My understanding is that it is not counted in you data usage.

The more serious issue is that if a neighbor attaches to the HOTSPOT you are hosting they can use it to do Bit Torrent hosting via your Internet IP address. Be aware that the Copyright police don't care who is doing the repeat g as they look strictly at your Internet IP address.

You can call Comcast Technical Support and they will re- provision your hardware to keep the HOTSPOT RF Channel turned off.