Sooo I'm in Kansas. Specifically, I'm in Eerie, Kansas, renowned across the land for its annual Bean Days festival and its free-range population of semi-domestc housepets, which may very well outstrip its human population at this point. Yup. Eerie "Whose Huntin Dog Is This" Kansas. Eerie "Think the River's Gonna Be Up In The Soybeans Again This Year" Kansas. Eerie "I'm not one to start fights but I jus can't stand those Obamites," "King James Tranlation or eternal flames YOUR CHOICE" Kansas. (*edit* I say this with all affection. Despite my sometimes-intense-discomfort it really does feel like "family" and "home.") We are visiting my mother's family, who are friendly, charming, outgoing, and most of whom have agreed to stay away from topics like politics or the wayward sexual orientation of certain relatives who we oughtn't be gossiping about anyway, now should we? (Staying with her mom, a genuinely sweet old lady who would not hurt a damn fly.) ... I need wifi like I need breathing. Unfortunately, the network security key I was given was ineffective at connecting my laptop to the intarwubs. I'm on my cellphone now. Can totally get a signal by waving it out the second floor window in the rain. Anyway, when Uncle Russ came over this morning, he took on the task of helping me get connected, the first step of which was to give me the same network password that wasn't working the night before. It was predictably ineffective. As were the fifty or so variations, rearrangements, and blind guesses we tried over the next half hour. Something odd, though- guesses containing the same letters as the password written down got a different reaction than keysmash entries. (Dog's name plus number) and variants would result in a "Connecting..." message, followed by "Netwok security key mismatch," with a prompt to re-enter the password. Keysmash-plus-enter would get an immediate popup that said "Password Incorrect." Finally Russ ended up calling Linksys tech support, managing to only make fun of the guy's accent a little, and not diectly to him, and started relaying directions to me. First direction: Hook up your laptop to ethernet. Okay. Second direction: Open your browser and go to this URL. It was a short URL that redirected to something longer. Third direction: Download this executable file and let it run. ... Eeeeeengh. I'm trusting you, tech support guy on the phone with my uncle. Because you're tech support. And my uncle surely knows that he's contacted the Proper Authorities in this case. The program he had me download was from a site called LogMeIn Rescue, program of the same name. Fourth diection: Let it past my firewall and click "Allow" on everything. Then relax my mouse hand and let him take over my desktop. Gggnnnnnnngh. Argharghargh he's opening win32 augh rearranging my poor puter's guts aaaugh oooh pretty scrolly data trees I do not unnerstand. Eventually a window came up that had a list of things like Event Warning and Error and a bunch of different stuff, going back to something like 2011. He explained to my uncle something that was passed on to me approximately as, "Someone else has been using your network, and because of this it has become so corrupted that it no longer even has a valid password." Now here's my first question for y'all, is that even a thing, like, that can happen? There was a literal game of telephone going on here and I have no idea what if anything got through ungarbled. Second thing: Tech support guy says that getting a new router wouldn't fix it, but he could, for a one-time fee of $149-and-change. This is where Russ balked. It is also the point at which the word "Hornswaggled" saw its first usage in that conversation. And also the first indication that Russ was not 100 percent certain that he had connected to a legitimate technical support line. Which. I. I just let this guy run his hands through my fucking compter's guts, and now you're saying you don't know who that guy is, why, he could be anyone, just some guy out there lookin to make a buck off honest people, y'know they're everwhere this day and age. I was like, Russ, that was Linksys tech support, right, they'd get in trouble if they lied, at which point he indicated that the website he'd gotten the phone number from was just the first hit he'd got on googling Linksys. ..... :| I have no way of telling how much of Russ's threat assessment is compromised by paranoia-of-outsiders, especially since it only kicked in after the guy quoted a price. Anyway, the router's disconnected now, in case it really was the neighbor kids hornswagglin the network. I'm running malware checks on my computer now. I couldn't find any recently installed programs on my computer, which seems to me could either be good (the script just ran w/out installing anything, now it's all gone, yay!) or really bad (Shit yeah that shit's installed, but it spoils the game if you know about it, oh hey look a bank password!) ... Sooo final question: On a scale of 1 to "vegacoyote's computer just exploded, and all her passwords are belong to Tom the Tech Support Guy," how screwed am I likely to be?
...that sounds really iffy. LogMeIn Rescue is a legitimate, not-known-to-be-a-virus program for remote support from helpdesks. Is your Uncle Russ usually computer-competent? Are there other computers connected to that router? Anecdata: The first hit I get when I google "linksys" is the official Linksys site. So your uncle might have gotten actual Linksys tech support. But I still have misgivings that I can't quite articulate, possibly because I'm used to doing all the tech support for my family and don't trust remote help in general.
If it was me, a person who has actually worked in anti-virus software development, I'd reinstall the operating system and THEN change my passwords on all sites I care about. You cannot detect rootkits once they have been installed because they corrupt the very tools used to detect them. So - paranoia level high after that.
(You too? I worked for Sophos in England between 1994 and 1996, at the tail end of MS-DOS viruses and the start of the Windows and macro-virus era. I was a virus analyst and developer, porting the antivirus tools to several UNIX-derived systems. My first day on the job? Given a PC, a disk with a virus on it, the Intel 80386 Handbook, the MSDOS Encyclopedia, and told 'Work out what it does'. I'd never used MSDOS before.)
I worked for "Internet Security Solutions" (ISS) just before it was bought by IBM and then for a year or so after. Was told "here is something bad, write a fast routine to detect it that will run on AIX, linux, and Windows NT" as my first task. The malware was windows specific but still had to be detected on the *nix platforms that acted as the gateway. Was an eye-opener on how that world works. EDIT: fixed name of company, since it was a rather cool company before IBM bought it and killed it.
I checked Linskys facebook page and there is another person saying this: Not exactly the same situation but it might be worth poking their official FB page for help? It might also be that tech support trying to swindle you out of money is normal with these guys. That said yeah, I'd be hella nervous about shit like this. I'd reformat unless there's something you really need to keep on there.
When you are not sure if you have been compromised - first step is to use a DIFFERENT computer or your phone to change passwords on all accounts that have been accessed by your computer - like banks, credit card companies, Paypal - anyone that you do money online with. Do that FIRST. Don't wait to be sure if your computer is safe. Second step - use the built in tools if you are a windows user. If Windows Defender refuses to run, you have been compromised and your computer has been violated. Re-install windows. DO NOT keep using the computer. Windows Defender will ALWAYS run on a machine that is safe to use. Third step: Windows Defender is NOT the best defense - but when it has failed you are in deep poop. If it does run and does not detect issues, you are in limbo - you could still be hosting a rootkit and not know it. There is no way to detect them - the most common ones just disable security, but there are some that just modify security to say "yeah, I belong here". So you have to decide - is the pain of re-install worse than the penalty of someone having access to everything you do on that computer? AND some are used for nothing more than using your computer as a host to attack others, serve kiddie porn, or send the rootkit to your friends when you contact them on Skype (friends get really annoyed when you send them a rootkit that steals their life savings, just so ya know). If you are a linux user but are not geeky - you are in the same limbo, but less chance of detecting you've been rooted, since there is no Windows Defender service to say "hey, I'm broken". The chance of having a rootkit on linux is MUCH HUGELY less, since only users running as root could install it (and you're a linux user so you know better than to do that, right?) but again - once it is installed it cannot be detected so you're up the same creek. If you're a Mac user - I dunno. I don't use anything made by Apple for reasons not related to this.
Okay. Got another guy doing the desktop-posession thing that we are PRETTY SURE is from the cable company this time. The reason we are pretty sure is that he said "We'll put the support fee on your grandmother's cable bill" this time instead of "Get out your credit card." Also the number came straight from the cable company instead of the first google hit for "Linksys password not working." Guy's running a remote scan for malware, said it should take about an hour, after which, even if there was anything he couldn't get off, he said he would at least know it was still there and could warn me that it wasn't safe to use. ... dammit, I don't wanna have to reinstall my OS again... had that done in December and I'm still reinstalling shit. Wish my brain ran further on the sperg side and not so hard on the ADHD, enough so it'd be easier to learn how to fix this shit myself. I get so I'm like, hey, I think I can figure this out if I could just sqint at it a little longer, so then of course OH MY GOD IS THAT MINECRAFT. Also this is the second time in as many days that I've had a complete stranger remotely squidging around in my computer's guts, and it is creeping me right the fuck out. Russ has offered to pay for any repairs that come about as a result of this, which is super nice of him seeing as how money is not a thing I have in surplus. .... and when THIs is done we get to pack up for another 5 hour car trip home wheeeee! blob save me from hard-drive centipede paranoia and close-quarters rides with compulsive silence-fillers. ... I love my mom, I really do, but we have a very different set of sensory needs. :\ want my puter back dammit
