Did Malware Infect My Entire Household - Need Help

Question

I'm a true idiot. Let's get that out of the way. I really messed up with my computer security and there's no other way of putting it than to say that I'm a true idiot.

Putting aside my stupid actions, which I will describe below, I wish to ask knowledgeable and trained people for help in securing my home network, computers, and devices and have a slew of questions I'd like to ask on the topic and my specific situation generally. This is going to be kind of long, so I hope you'll be patient with me and realize I really do badly need help.

BACKGROUND INFO. A: I live at home with my parents and younger sister. We have Verizon Fios internet. My sister and I both own HP laptops. My parents own an iPAD. Parents don't have anti-virus (b/c they think you don't need it for Apple products), but my sister and I do.

A couple of months ago, I visited a porn site that's been known to be a cesspool of malware infected videos. I am a true idiot. Very shortly after visiting that website, my computer started running more slowly. It started off with minor decreases in speed to being totally inoperable practically. Like if I started it up right now and tried to watch a YouTube video, it would probably take 5-8 minutes (minimum) to load a video, whereas before my porn site visit a YouTube video would load and start playing at normal speed within seconds. And if I tried to play a 10 minute video, it would likely take 20-30 minutes (minimum) to fully play through the entire thing with frequent pauses throughout. Web surfing also takes forever to load pages.

Additionally, I've noticed weird stuff at the bottom left corner of my Chrome browser that wasn't there before. Every time I go to a new webpage, it will say "waiting for ______________" and list any number of weird names that aren't the target website. Often there will be 5 or more weird names that are toggled through.

Shortly after I noticed my computer slowing down, my sister's and parent's computers also had the same issue. My parent's iPAD doesn't seem to show as much decrease in speed, but there is noticeable decrease. My sister's laptop also has shown speed issues, although maybe not as bad as mine. Also, her email keeps sending out junk mail to people (me and others have noticed it and told her about it).

BACKGROUND INFO. B: My porn site visit took place in August. However, prior to that back in May, we had a power outage that caused our Verizon Fios router to reset to factory default settings. That meant it went back to a generic login name and password (that I've been told is easily searchable and cracked). Being the ultimate idiot, I did not change the settings after the outage to a more secure and personalized login name and password.

I literally only did so a few days ago after it was clear my laptop had a virus/trojan/hacker or whatever.

Therefore, anyone could have potentially hacked our network from May until late September. And remember that I also visited that porn site in August.

Why did I not change the Verizon Fios router default settings to a personalized one after the outage? I literally forgot and no one else in my family is very computer literate either. I'm the only one who knew to change things in the first place. I just gave my parents and sister the default factory settings name and password like a true idiot!

PROBLEM: Obviously, something is wrong with our computers in our house. They are slowed down and mine is super freaking slow.

I fear we may have been hacked via our router and/or had a virus/malware spread from my computer to the others, due to an infection from that porn site.

Answer 1

To start out, slowness is really hard to troubleshoot, and may not be a malware infection at all. Just keep an open mind and stop panicking. The human imagination is excellent at creating scenarios that are nothing close to what really actually happened.

Answers:

1. There is no silver bullet in security. It's defense-in-depth. AV and MBAM is a good start, but standard security best practices apply here. Ensure everything is patched fully (software and OS), enable firewalls with restrictive access, limit web browsing to known-good sites or use a web content filter/web filtering endpoint software (typically bundled with AV), and use ad-blocking (AdBlock Plus or other less controversial alternative) and script blocking (NoScript) extensions on your browsers.

2. Anything is possible. Without definitive evidence or collected data, it's possible malware could have spread throughout the network, unlikely in today's landscape, but possible. There have been several malware variants and attacks that have enslaved home DSL routers and other modem gateways into joining botnets, which could possibly be at play.

3. Yes, printers, chromecast-like devices, and other internet of things (IoT) devices all can be impacted by malware the same as any other network connected device. Really anything with electronic intelligence has the potential to be compromised in one way or another. Without specific knowledge of your environment, most IoT devices can be reset to factory condition. This often will remove the malware and reset to a insecure default configuration. Quickly change this to a custom configuration to prevent re-compromise.

4. Possible. I would recommend everyone who has an embedded webcam to put something over it when you're not using it. Be it a Walmart smiley sticker or a piece of electrical tape, just cover it when not in use for your privacy. As far as the mouse moving, it's possible that you have contracted a remote access trojan (RAT) which could open you up to this type of activity. This is generally less common than it used to be, unless you're someone of interest to an adversary (you'd likely know if you were).

5. It's never a bad idea to rebuild for scratch if you suspect something is compromised beyond your ability to analyze and remove the threat. I am not an owner of any Apple devices, so google will be your friend on resetting those devices. Rebuilding for Windows is more complicated, but depends on your operating system (Win 7, 8, 8.1, 10, etc.). There are also lots of articles online for how to re-image your OS.

6. It's rather unlikely that everything to ever touch your network is owned. I probably wouldn't mention it. Just keep other devices off your network until you feel it's safe again.

7. No, but you should change all your passwords across all your social media (and everything else while you're at it). Don't reuse passwords across sites and use a password generator service similar to what DuckDuckGo offers ("password strong 25" will generate a strong password 25 characters in length). I would also recommend this for all users of the devices you feel are affected (your sister and parents).

Conclusion

Ultimately what I think happened based on the info I have, is this:

1. Your router was reset and and the creds never changed from default

2. You visited the porn site and managed to get a drive-by-download of steaming fresh malware

3. Malware infected your computer and acted like a downloader to bring down many malware ecosystem friends that do various things (and are not particularly related to the original malware)

4. Other downloaded malware has the potential to do things like view your webcam, monitor browsing history, compromise credentials to email, financial sites, gaming sites, etc.; and finally scan your network for vulnerable routers or gateways (FiOS modem device)

5. Compromises FiOS device with default config and it joins a botnet of other vulnerable gateway devices in the world

6. Botnet of vulnerable gateway devices are doing something relatively intensive and is slowing down your overall network and everyone attached to it.

7. Your sister somehow got her email compromised, maybe she logged into Gmail or Yahoo on your computer, maybe she just was rolled up into the Yahoo breach, maybe she used the same creds on the My Little Pony website (or whatever) that got owned, who knows. (BTW, she should change her web mail password and verify she has verified recovery options [phone #, security questions, etc.] to get rid of her account being used for spam)

While these answers may not be the most solid things in existence, there's not a lot of data here to go off of. For a true hardcore analysis, you'd want to collect log files from applications, event logs from the OS, prefetch objects, a memory dump, and a bunch of other things. Not to mention to fully pin down exactly what happened, if enough evidence still exists, you'd be looking to fork out a ton of cash.

Keep in mind that the StackExchange family of sites is focused on Q&A content, not hand-holding tech support. There are sites (Bleeping Computer etc.) where volunteers are willing to work with you and walk you through cleaning up a malware infection.