ElectricSheep

Level 12
Verified
As far as I'm aware, Malwares can only spread if the computers are connected in some way, such as on a shared network or similar.
BUT the malware would have to have some means of making the 'jump' like a worm does.
I've cleaned up infected computers while using an uninfected one for the guides, etc and had no problems :)
 

Hadden

Level 2
Not really easy to say, if you have network shares with infected pc, probably yes; but if you share only the same wifi connection it's less probably - really depends even on type of infection, a trojan/worm/backdoor could spread to your pc, maybe.
If you keep your security on, you can stay quite secure :)
If you can keep secure also the other pc, it's even better :)
 

idunno

Level 2
Not really easy to say, if you have network shares with infected pc, probably yes; but if you share only the same wifi connection it's less probably - really depends even on type of infection, a trojan/worm/backdoor could spread to your pc, maybe.
If you keep your security on, you can stay quite secure :)
If you can keep secure also the other pc, it's even better :)
Well, tbh I dont know if its even a virus.
But my sister downloaded a random game from the first google search result.
No scanning no nothing.
So it is most likely a virus.
 

Hadden

Level 2
my sister downloaded a random game from the first google search result.
No scanning no nothing.
Not nice. Have you tried to upload game installer on VT? (from infected pc, of course, not yours).
I hope "infected pc" has a sort of antivirus on it. It's not good go without that :p
 
Last edited:
  • Like
Reactions: lowdetection

kamla5abi

Level 4
There isn't really a black & white yes or no answer to this. It heavily depends on the malware and exploit used to infect the infected computer in the first place.

Ex:
wannacry/etc malware that used eternalblue exploit could infect other computers on the same network, because thats how the eternalblue exploit and wannacry malware was designed (to spread the infection, like a worm).

If its malware that made its way to the PC from an infected download or malware ad that was clicked etc, and the malware is only designed to infect the computer it was executed on but has no worm like properties, then it probably wont spread around. Or if the malware used some exploit to get onto the infected PC, but another PC on the same network is patched against that exploit, then it likely wont spread to the clean PC either since the attack vector is no longer valid on the clean PC (hence the reason why its important to stay updated for software, or like how disabling SMBv1 prevented the wannacry ransomware from infecting other PC's )

Try AP isolation in router setting. It prevent devices from direct connect with other devices on network.
i am not 100% sure about this, since I have not looked into this setting yet, but wouldn't that be counter productive for most home PC's on the same network? And maybe even computers on a company network? Since they would likely want to connect with other devices on the same network to access shared stuff? or access network printers?

Windows has the "homegroup" feature for home users, so would AP isolation break this functionality? Would you still be able to manually share drives or folders if you enable AP isolation? (from your definition of AP isolation, sounds like it would break sharing, but i am not 100% sure).

Not a threadjack, just continuing from the OP's question...

If you have a few home PC's on the same network (wifi or hardwired) and have enabled "home group" feature to be able to share stuff automatically between them, has malware been able to use this as an attack vector to spread to the other PC's? Or is this somehow patched by microsoft?
 
Last edited by a moderator:
  • Like
Reactions: idunno and brod56

idunno

Level 2
Not nice. Have you tried to upload game installer on VT? (from infected pc, of course, not yours).
I hope "infected pc" has a sort of antivirus on it. It's not good go without that :p
Not yet, my brother has been playing this game since it got downloaded, ill do it when ill have a chance.
 
5

509322

Can it?

-thanks
Yes, a pc on the same wifi network as an infected pc can also become infected. There are a multitude of ways this can happen. You have to research the topic as it is a rather large topic that cannot be covered with a few sentences.
 
Last edited by a moderator:

Hadden

Level 2
If you have a few home PC's on the same network (wifi or hardwired) and have enabled "home group" feature to be able to share stuff automatically between them, has malware been able to use this as an attack vector to spread to the other PC's? Or is this somehow patched by microsoft?
I can't be sure, as I never used an homegroup. But it uses a password between the pcs, so maybe it's slightly better than plain share. Of course, also "regular" shares are password protected, but the code is stored on pc for both types....
I'm pretty sure the malware can find its way, in that case. It depends on a lot of factors :3
 

idunno

Level 2
Alright I have a new question, if i had my PC Disconnected from wifi the whole time the infected computer was on the wifi and ill make sure the. Infected computer wont be on wifi again. Will the comoutet that was disconnected from wifi infected?
 

ElectricSheep

Level 12
Verified
Alright I have a new question, if i had my PC Disconnected from wifi the whole time the infected computer was on the wifi and ill make sure the. Infected computer wont be on wifi again. Will the comoutet that was disconnected from wifi infected?
A computer can't get infected if it's switched off. Also, if one's disconnected from the wifi, the chances of the other getting infected is pretty much zero.
 

Slyguy

Level 41
Verified
Can it?

-thanks
Yes it can.

This is another reason why people use VLANs and/or AP Isolation. Does your router support AP Isolation? If not you could create a ghetto-vlan which is basically secured guest-mode SSID which will offer AP Isolation and Subnet segregation. (ghetto but workable)
 
  • Like
Reactions: Sunshine-boy

Slyguy

Level 41
Verified
i am not 100% sure about this, since I have not looked into this setting yet, but wouldn't that be counter productive for most home PC's on the same network? And maybe even computers on a company network? Since they would likely want to connect with other devices on the same network to access shared stuff? or access network printers?
From the business side of it, this is the point of policy based segregation, vlans, AP isolation, etc. So on a commercial router you'd have subnets that may look like this;

192.168.2.10-200/24
192.168.3.10-200/24

A device on .2.X subnet won't talk to .3.X by design with a policy based UTM. At that point you would then create policies to allow communication for explicitly what you need to communicate - either specific ports, IP addresses or protocols, nothing more. Everything else falls under a DENY/DENY/ALL policy in the cascade.

So a policy may look like this: From: LAN-192.168.2.201(Static of Printer) To: LAN-192.168.1.10-200/24 Allow, Allow, ALL, AV, IPS, WF, SSL then reverse it allowing the devices on the other subnet to talk to the printer. This isolates the printer on it's own static on a different subnet and allows devices to communicate with that specific printer while applying antivirus/ips/SSL/WF protections on that traversal of traffic. This allows the printer to be isolated in the event it gets compromised but the same applies to ANY device or system on the network. This is one of the things that makes commercial policy based UTM's so much more powerful over normal consumer routers. Ideally, one would allow all wireless to communicate ONLY out the WAN and not on the LAN at all, if LAN communication is required from wireless devices then they should be policy restricted. IF a threat actor was to penetrate a device, he'd not have much to do from that device because it would be policy restricted on an isolated subnet restricted to specific activity. Stopped in his tracks!

The good thing is, you can do this with a consumer router flashed with OpenWRT or something. Although you wouldn't have the internal LAN to LAN AV/IPS and other UTM scanning taking place to help secure your internal infrastructure it still would be a huge improvement over normal consumer stuff. Normal consumer stuff the best you will do is ghetto VLAN it with guest/isolation.
 

idunno

Level 2
Not nice. Have you tried to upload game installer on VT? (from infected pc, of course, not yours).
I hope "infected pc" has a sort of antivirus on it. It's not good go without that :p
I scanned the virus on vt and one anti malware program found
Not nice. Have you tried to upload game installer on VT? (from infected pc, of course, not yours).
I hope "infected pc" has a sort of antivirus on it. It's not good go without that :p
I have scanned it on vt and one anti virus program said its Malware.Heuristic!ET (rdm+)
6 people said the file is safe and 2 people said its a virus
So I dont know if its safe or not
 

Hadden

Level 2
Well, heuristic malware means "the file is not recognized as known malware, but it's behaviour tend to act as a malware".
So, probably it's a malware. Some AV says it's a trojan, some it's a generic malware, some it's a PUP/adware. But still not a good guy.
A non virus (but possibly annoying) is usually seen as PUP, PUM, risky tool or hack tool.
But if you want/need help to removal, you should ask in malware help section ;)
 
Last edited:
V

viel

Can it?

-thanks
Hello, You have a bit of work to do, paranoid style.. should clean out that PC very nicely :D
Scan with:
MalwareBytes (go to protection and enable remove PUP's,PUM's and Rootkits)
AdwCleaner
Hitman Pro (Enable rootkit removal in settings) 30 day trial only
Avast (imo) (Enable Scan all packers,Hardened mode with Aggressive mode,and set heuristics to High) Go on settings and go on Components and uninstall any extensions you do not need. Keep the shields and Network scan should be handy for you ;)
Kaspersky Security Scan Free (Deep Scan)
Kaspersky Antivirus free trial
Norton Power Eraser (Should do the trick)
Zemana anti malware
Install uBlock Origin for Chrome ( if you have chrome)
I recommend keeping Avast,Hitman Pro,Malwarebytes and install Zemana or Norton Power Eraser when the Hitman Pro trial ends.

Thanks :D
 
Last edited by a moderator:

Nepot

New Member
Well, tbh I dont know if its even a virus.
But my sister downloaded a random game from the first google search result.
No scanning no nothing.
So it is most likely a virus.
Can you provide the address of the page it was downloaded from?