Malware only at work - router infected?

Chispaluz

Chispaluz

New Member
Reaction score
5
Location
Grand Rapids, Michigan
Hi all,

I'm attempting to help an organization I volunteer for. They received a free Windows 7 laptop, and it has been having issues when browsing with Chrome. Pop-ups, browser locked, etc.

I took it home and went through it with rkill, MBAM (detecting rootkits), AdwCleaner. MBAM and AdwCleaner found malware which I then cleaned. I reset Chrome (the only browser they use). Installed ESET NOD32 (I had an extra license) and then played with it at my place for a good 30 minutes, and had no issues.

They took it back to work -- same problems came back. I figured I must have missed something. Took it back to my place, when through the same rigamarole, and found more malware which I then cleaned. They took it back to work -- same issues arose.

I'm stumped. I have never had an issue like this. All other computers that use the wireless at that location are working fine. Could the router be infected with malware, and only affect the one laptop? I haven't dealt with an infected router before, and the IT person there would have to deal with it if it is.

Any suggestions for me? I don't want to put much more time and effort into this -- they're frustrated, as am I.

Thanks!
 
I've seen this. I once helped a company that happened to. They had an ATT router of some type. Some of the machines we did a nuke and pave so should have been no issues. Take the machine back to their location, antivirus starts screaming when they go out to the internet. Come to find out, I ended up on a couple changing the DNS in the windows settings to use google's dns servers, and issues disappeared. So I left them like that to work with the intent that we needed to upgrade the router to a different/better solution. Heard stories later about how cheaply they did things. However, it is definitely possible that's the case. I would try to change dns settings in the adapter you are using at the time you are there. If issues disappear, then you may want to reset the router, or look at upgrading them into a business class firewall or something to that effect.

Edit** all of what I said aside, nline makes an excellent point. Until you nuke and pave, you don't know what you will introduce onto the network.
 
Even better would be to take it to Windows 10 as part of a nuke and pave. Right now you can still get the upgrade to Windows 10 even though the deadline has passed.
 
Last edited:
ohio_grad_06 said:
I've seen this. I once helped a company that happened to. They had an ATT router of some type. Some of the machines we did a nuke and pave so should have been no issues. Take the machine back to their location, antivirus starts screaming when they go out to the internet. Come to find out, I ended up on a couple changing the DNS in the windows settings to use google's dns servers, and issues disappeared. So I left them like that to work with the intent that we needed to upgrade the router to a different/better solution. Heard stories later about how cheaply they did things. However, it is definitely possible that's the case. I would try to change dns settings in the adapter you are using at the time you are there. If issues disappear, then you may want to reset the router, or look at upgrading them into a business class firewall or something to that effect.

Edit** all of what I said aside, nline makes an excellent point. Until you nuke and pave, you don't know what you will introduce onto the network.
Click to expand...
And he does too about the router. Need to make sure that it is clean. But unless others are seeing the same problems I'd say the issue is with the new laptop.
 
Personally I'd have just nuked the machine the second time I looked at it. While it's theoretically possible that a router could harbor malware and serve as an infection vector it's very rare and difficult. And I'd think that if the other machines on the LAN are clean it's probably not the router. Did you try creating a new user and deleting the old one?
 
Also, I should point out that just because a machine is donated does NOT mean you have a legal right to the software on the machine. Unless they hand over and transfer all the licenses for the software you can't use any of it.
 
All great points.
I didn't try creating a new user, but I'm tired of this machine and I'm ready to nuke and pave it. It would be better for them to have Windows 10, and make sure they're getting a clean slate, too.
Also great point about the software licenses.
Thanks so much for your input!!!
 
Right now it is still working with a valid key just as it did on the 28th of July. For whatever reason, Microsoft has yet to turn that off. Yet it may happen any day now.
 
lol you seem to suggest nuke and pave a lot nlinecomputers.

you probably just missed something simple like maybe a particular shortcut they are using or something to that nature.
 
I agree with the nuke and pave completely because no one knows what this computer really has in it. It was donated and therefore it could have stuff the OP isn't aware of. Give it a clean slate and set it up the way you do so. Go for the gold on the Windows 10 right now too.
 
I don't have a problem with nuke and pave as well. None of my customers are going to pay my hourly rate to spend hours fix a malware problem. So I tell them I'll give the good old college try, for an hour or two tops, then it's nuke and pave. Never had anyone have a problem with that.
 
Markverhyden said:
I don't have a problem with nuke and pave as well. None of my customers are going to pay my hourly rate to spend hours fix a malware problem. So I tell them I'll give the good old college try, for an hour or two tops, then it's nuke and pave. Never had anyone have a problem with that.
Click to expand...
If the computer comes from an unknown source or donated then reformat is the only option.
If the computer is from a known source, you just use your judgement, but after a couple of years of use, so much crud builds up that a "nuke & pave" rather than spend time trying to manually remove detritus is the way to go. Even the best AV misses things.
Customers will appreciate the "new" feel of their computer.
 
Markverhyden said:
I don't have a problem with nuke and pave as well. None of my customers are going to pay my hourly rate to spend hours fix a malware problem. So I tell them I'll give the good old college try, for an hour or two tops, then it's nuke and pave. Never had anyone have a problem with that.
Click to expand...

I wouldn't even spend the hour or two. Chispaluz's experience only makes me more convinced that trying to work with a donated machine is a waste of time.
 
  • Like
Reactions: GTP
ComputerRepairTech said:
lol you seem to suggest nuke and pave a lot nlinecomputers.
Click to expand...
Because most of the time it is the right answer. It is really hard to make money if you are bogged down on malware-infested sh-thole computers. The end user just wants it working, they don't care how you get there, even when they say to you "Don't reformat it. I don't want to lose my programs and stuff". Because they say that in ignorance of my abilities and past experience with other techs that couldn't do it right. If you are a professional and properly setup with the correct tools then you can handle it. It is the difference between being a Pro and being Geek Squad or worse a pizza tech.
 
It comes down to the 2 things mentioned above:
1) It was donated, and who knows what the previous user inadvertently loaded onto it.
2) It's a waste of my working time to spend more energy and resources on it.

The client agree to a reformat, and is dropping it off again later today. They will be happy to have a clean, working machine for their organization.
As always, I appreciate your input. It's always interesting to read your thoughts and opinions -- the collective experience and advice on here is an awesome resource.

Thanks!
 
nlinecomputers said:
Because most of the time it is the right answer. It is really hard to make money if you are bogged down on malware-infested sh-thole computers. The end user just wants it working, they don't care how you get there, even when they say to you "Don't reformat it. I don't want to lose my programs and stuff". Because they say that in ignorance of my abilities and past experience with other techs that couldn't do it right. If you are a professional and properly setup with the correct tools then you can handle it. It is the difference between being a Pro and being Geek Squad or worse a pizza tech.
Click to expand...

There is nothing pro about nuke and pave I could pull that off when I was 12. It's easier now than ever before with the majority of software settings being saved in the user folders rather than registry. I realize there are a couple of situations where advance knowledge is required such as moving over software with a copy protection system when they've lost their license key but for the most part its not a difficult process.

I'm not saying it's the wrong answer money wise because you're right financially it makes sense a lot of the time. I just don't like it when people come in with an issue and someone mentions nuke and pave as if the thought never considered the techs mind. The more problems and solutions we have here the better for every tech interested in learning on technibble.
 
Could it possibly be a "User" issue?
Some people can't seem to stay away from this stuff for more than a couple hours.
Machine infected
Machine cleaned
Machine infected again
All the while the user is using a different machine, but is "more careful", as it's not their usual.
Some people just never learn.
If it happens after a N&P, look at the user.
 
You must log in or register to reply here.

Similar threads

britechguy
iPhone: Anyone ever encountered one that's infected?
Replies
11
Views
577
Markverhyden
Markverhyden
Diggs
Firefox compatibility issues
2
Replies
30
Views
2K
Porthos
Porthos
Appletax
I can see former MS Store apps on freshly n&p PC
Replies
9
Views
237
YeOldeStonecat
YeOldeStonecat
HCHTech
Outlook New rant
Replies
12
Views
1K
dcomp12
D
johnrobert
New Outlook
Replies
3
Views
128
johnrobert
johnrobert
Back
Top