I suppose what I am about to describe sounds something like a hacker, but I have no experience with this, so I am in need of some help.

Recently, a friend of mine had one of his two networked PCs rapidly become virtually inoperable with malware and such. I took that PC (we will call it PC1) to my place to try to clean it up. Shortly after taking PC1 out, the other PC (We will call it PC2) on the network started going haywire.

After having done my best with PC1 (I cleaned it up decently, but could not remove Virtumonde and Smitfraud), I brought it back to my friend (since it worked good enough at my place to function for what it was needed). Then I took PC2 to just wipe that one clean with a fresh install of the OS. It did not take long for PC1 to start going crazy again, so my friend got impatient and just bought a new PC (we will call it PC3).

After I brought back PC2 with a fresh OS, I hooked up PC3 to the station where PC1 used to be. When I left his place, PC2 and and PC3 were networked and working fine (again, both were completely new and clean OS, never having been used by anyone but myself).

It turns out that about and hour after I left, PC3 started going crazy just like PC1 did (it showed a lot of the same signs as having been infected with the same crap as PC1). Now, those with access to PC3 say no one was on it (or at least, that no one did anything they shouldn't have; i.e. look at porn and such).

Is it possible that someone is indeed hacking his PCs? Is it possible that a PC can become infected from outside without first inviting the malware in by means of downloading an executable program or something? Can someone's modem, router, or IP address be at the mercy of some program or hacker, thereby making whatever PC is using them vulnerable to infection? Or is someone just lying about not doing anything inadvisable like downloading porn?

Hi,

Well you identified one possibility, dangerous browsing habits. There are others. Clicking on an infected email attachment is a common way to become infected. And, becoming infected from outside is possible, but it is very remote. Ask yourself this, what does your friend have of value that would be of interest to a hacker? Unless there is a good answer to that question, it is doubtful that it is getting infected from outside. Breaking through a good quality, and current, hardware router/firewall usually requires a live person, a lot of expertise, and a damn good reason to spend the time doing it.

I suspect that your friend attached PC3 to his router with PC1, and that the infection spread that way from PC1 to PC3.

OK, what now. First, is the brand and model of hardware router/firewall a recent one, or is it old. Older routers really didn't have much firewall protections, newer ones do. And, does the hardware have the latest firmware update from the manufacturer?

Here's what I would do, disconnect all three systems, and completely reformat and reinstall their OSes before any of them are networked to the other two. Also make sure to do all Windows Updates and install the latest versions of whatever software security your friend uses, and that should include anti-virus, anti-malware and a software firewall at a minimum.

Only at the point where all three systems are known clean, and completely ready, should you network them.

If they become infected after that, either the router is letting things through it shouldn't (or has been set to leave ports open), or unsafe browsing is the most likely suspect.

Here's one other thing to test. Go to:

http://www.grc.com

and navigate to ShieldsUp! Run the All Ports test, and see how the systems perform. Given that you are running the tests through your friend's security software and the hardware router/firewall, all you should see is a sea of green. See what results you actually get. Then, run the test without running through the hardware router/firewall, but just using your friend's normal security software. How does that look? Any differences, may tell you how this is happening.

Thanks for the fast reply

I was, and still am very skeptical to there suspicions of a hacker, for all the reasons you listed: i.e difficulty involved and the lack of anything really worth going after. Moreover, I would think a hacker would want to keep a low profile if he/she were digging for info, rather than alert the owner that something is wrong by infecting the PC with all sorts of malware.

PC3 and PC1 were never connected that the same time. First it was PC1 and PC2, then PC2 and PC3. I suppose that it is possible the infection went from PC1 to PC2, then from PC2 to PC3 (though PC2 seemed just fine after I put the new OS on it). I will need to look into this more. I will look into everything else you suggested as well. If I don't come back with continued problems, then that means all is well. If I do, well ... talk to you then Anyway, thanks again for the help.