Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can I get infected sharing my modem


  • Please log in to reply
11 replies to this topic

#1 Tierra93

Tierra93

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:47 PM

Posted 11 November 2012 - 05:32 AM

A friend came over as she didn't have much security and I helped her load several security programs. She used my modem and the only way we could get her connected was by entering her MAC address into my modem. Both malwarebytes and spybot found problems. I did run both on my computer and no problem and will run an online scan - but can I get infected just by letting her use my modem with her MAC address?

Thank you.

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:47 PM

Posted 11 November 2012 - 05:25 PM

can I get infected just by letting her use my modem with her MAC address?
I must assume that you needed to change it back to your IP / Modem address, so this should negate the infections.
However you can be infected via Modems - Update your Antivirus and Antimalware programs and Re-scan just to be sure.

Are you having problems at all, or do you think that your system is now clean -

Thank You -

#3 Tierra93

Tierra93
  • Topic Starter

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:47 PM

Posted 11 November 2012 - 05:44 PM

I update and run full scans daily with malwarebytes, spybot and Norton - yesterday and today. I also ran ESET online scan today to be sure - everything is clean.

Don't seem to be having problems myself.

How do I prevent getting infected via modem?

Thank you.

Edited by Tierra93, 11 November 2012 - 05:45 PM.


#4 Tierra93

Tierra93
  • Topic Starter

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:47 PM

Posted 12 November 2012 - 10:14 AM

This morning I am having a few problems - keyboard isn't acting correctly when typing acting like number and caps locks aren't working. Nothing much more.

Any other programs to run to be sure I'm clean.

Thank you.

#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 AM

Posted 12 November 2012 - 05:29 PM

Yes, there is a possibility. There is malware that will change the DNS settings of the router that connects the PC to the Internet.

If your friend's PC was infected with such malware and if you have not changed the default password of your modem, then the DNS settings could have been changed: e.g. that the router now uses malicious DNS servers.

When your PC uses this modem, you will be redirected to malicious websites.

But this not very likely.

When you connected your friend's PC to the modem, was your PC connected too and powered on?

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 Tierra93

Tierra93
  • Topic Starter

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:47 PM

Posted 13 November 2012 - 01:30 AM

Yes, I had my computer on and hooked up to my modem with my ethernet cable. I was looking at what I had for security to tell her what to download and how to download and showing her on my desktop how to used the different programs. I was also working on a joint project with her on my computer while she downloaded security programs and installed - but no file sharing. I did that work on my computer and emailed her the info while she downloaded security stuff, since I was appalled by her lack of security.

I have Open DNS on my modem and just checked and the numbers still match those of Open DNS. If it is infected would it still show the correct DNS?

I don't know how to change the default password on my modem - unless it's the naming of the wifi and password there. But the name and password to access it are assigned by CenturyLink and don't know how to change those. I thought CenturyLink had to do that.

Edited by Tierra93, 13 November 2012 - 02:19 AM.


#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 AM

Posted 13 November 2012 - 04:52 AM

Yes, I had my computer on and hooked up to my modem with my ethernet cable.

And does your computer have a firewall and was it enabled?

If it is infected would it still show the correct DNS

No, you would see other DNS servers. Just for your info, I prefer to call a router with malicious DNS settings "compromised", not "infected". I use "infected" when malicious code is installed or running.

I don't know how to change the default password on my modem - unless it's the naming of the wifi and password there. But the name and password to access it are assigned by CenturyLink and don't know how to change those. I thought CenturyLink had to do that.

I'm not familiar with CenturyLink, maybe another forum member knows how to.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#8 Tierra93

Tierra93
  • Topic Starter

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:47 PM

Posted 13 November 2012 - 09:05 AM

Yes, I have comomdo - but only on the safe setting - as the last few versions were asking me about everything at higher settings and just don't know enough. Also, my modem has firewall and SheildsUp says I'm running in Stealth - but that probably means nothing since she was connected to my modem.

What program scan can I run to see if I have a virus that affects the DNS that I've not already ran - and is it on my computer or in the modem or both?

CenturyLink used to be Qwest.

Is the DNS changing virus the only thing I could have picked up from her sharing the modem?

Thank you.

Edited by Tierra93, 13 November 2012 - 09:09 AM.


#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 AM

Posted 13 November 2012 - 02:47 PM

What program scan can I run to see if I have a virus that affects the DNS that I've not already ran - and is it on my computer or in the modem or both?

You checked the DNS settings on your router and they still point to the OpenDNS servers, so that's OK, no need to scan this with a program.

Is the DNS changing virus the only thing I could have picked up from her sharing the modem?

No, the other machine could have attacked your machine directly (depending on the malware present on that machine), that's why I asked if you machine is protected by a firewall.
And you've confirmed you have a firewall on your machine.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#10 Tierra93

Tierra93
  • Topic Starter

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:47 PM

Posted 13 November 2012 - 07:18 PM

So, do you believe, with the malwarebytes, spybot, norton, and ESET online scans all being negative that I'm probably not infected with anything? Or should I be trying another scan with another product - a different online scan?

Thank you

#11 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 AM

Posted 14 November 2012 - 04:26 PM

From what you wrote, I don't see evidence of infection.

quietman7 has compiled a list of Live CDs that AntiVirus vendors offer for free. If you don't feel confident, you could use one to scan your machine offline.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#12 Tierra93

Tierra93
  • Topic Starter

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:47 PM

Posted 14 November 2012 - 05:19 PM

thank you very much for all of your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users