Is my computer affected or at risk? WannaCry Virus?
July 14, 2017 4:07 AM   Subscribe

After getting a message from Avast, I am curious as to if my computer is affected WannaCry - Double Pulsar or something else)

I am running a Windows 8.1 machine that I only use for media files (I have it connected to my tv that I use the computer only for Netflix, Apple TV, streaming, YouTube, etc). I don't even have Word or Excel software installed on it.

I try and do weekly (ish) scans with programs such as Avast, MalwareBytes, SpyBot S&D and CC Cleaner, etc. This past weekend, I did scans, and Avast Free scan came up fine, but added that my computer may be vulnerable to WannaCry/Double Pulsar attack.

I haven't noticed any performance issues (or haven't received the Wanna Cry lock screen, etc), and I haven't noticed any software downloaded on my computer (or had an banking issues, etc). I did, however, notice that some of my Windows updates weren't updated properly. I tried to update my computer (I don't know if I have done it correctly), but when I rescanned my computer, I didn't get the error message.

To be honest, I am not really worried about this computer - there isn't anything on it (no files, pictures, documents, etc). I am more worried about my other computers on my network that I use for home and work. I do have Dropbox installed on this computer, so I am guessing that my files in this folder could be at risk?

Anyway, just wondering if there is something I can do to check and see if my computer has been attacked?
posted by dbirchum to Computers & Internet (17 answers total) 2 users marked this as a favorite
Have you run the other programs (particularly Malwarebytes) after Avast informed you of this? Did they throw any errors/messages?
posted by kuanes at 4:31 AM on July 14, 2017

If it had been infected with Wannacry I think you’d know it by now...

Keep applying the security updates & don’t worry about it otherwise.
posted by pharm at 4:32 AM on July 14, 2017

Thanks folks. Nothing has ever shown up on any scans as an issue (either on Avast, Malwarebytes, SpyBot S&D, etc), just the one from Avast saying that my computer could be vulerable.

I still don't think the most recent security is applied to my machine. It states that Windows Update didn't install properly and its undoing the changes. I will have to look at this when I get home.

Any other suggestions?
posted by dbirchum at 4:40 AM on July 14, 2017

Does Avast go on to suggest their paid product after these messages? Avast sometimes sends me mildly alarming messages on my work computer and when I click on learn more they offer me the pro version. I think it's just a way to get more paid customers and not necessarily a reflection of your computer's "well-being."
posted by eisforcool at 6:00 AM on July 14, 2017

I don't think they did at this time, but I know what you mean (encouraging people to purchase their paid products to give them more protection.

On a related (or unrelated) note, I was digging into some Dropbox stuff to ensure that it was secure. I followed some DropBox directions and found a way to see what computers were linked to my Dropbox account and when they were used, etc. Everything seems fine there (no unfamiliar computers or devises linked to my account), however, I noticed that it said that my iphone was accessed in a different location than where I live! Not sure how this is possible when I have had my phone the entire time unless its a breach and someone has access to it remotely. I can see that no files had changed in that time.

Any suggestions on this?
posted by dbirchum at 7:08 AM on July 14, 2017

Might be where it thinks the IP address is, not necessarily where you are. You could check your location history in privacy under settings maybe if hat would help give you answers. But at least you aren't seeing anything dodgy in your scans, so that's good.
posted by oceanjesse at 7:10 AM on July 14, 2017

Thanks oceanjesse, I will do that.

It was odd - the area that showed up on my iPhone was for a very specific area (town), where my head office is located So I am sure that I have accessed my DropBox account there in the past, just not in the past 5 days.

Its still scarey...
posted by dbirchum at 7:44 AM on July 14, 2017

There's a large difference between vulnerable and infected. Technically, your computer is vulnerable to meteorites and volcanic eruptions, too. And bird poop. If you get bird poop in there, you're screwed. It might just be a notice to run a specific Microsoft patch, or selling their flavor-of-the-month security suite.

In regards to the strange IP, you may have been connected to a network that makes it appear as though you are somewhere else. Like if you're connected to McDonald's wifi, everything thinks you're in Kansas because the wifi's actually traveling to their ISP in Kansas before being sent out over the open internet. Hotels, restaurants, all kinds of things have this kind of wifi set up.
posted by dozo at 8:00 AM on July 14, 2017

Thanks dozo -

With respect to the strange IP, I was travelling for work this past week with my iphone and connecting to various public wifi's (my hotel, etc).

Maybe that could be the cause? Is there a way I can confirm that someone in that area wasn't accessing my DropBox at that time?
posted by dbirchum at 8:31 AM on July 14, 2017

Update it to Windows 10. Last time I looked, this was still a freebie.

Pretty much all of 10's irritating features are also present in 8.1, and a few things have in fact improved, so there's essentially no downside that I'm aware of.
posted by flabdablet at 8:47 AM on July 14, 2017 [1 favorite]

By the way, a warning that you're vulnerable to WannaCry just means that your computer has not yet installed the specific Windows updates that close the security hole WannaCry is built to exploit.

If your security suite had actually detected WannaCry it would tell you that it was present, not that you were "vulnerable to" it.
posted by flabdablet at 8:51 AM on July 14, 2017

Thanks flabdablet!

I tried uploading to Windows 10 last night and got an error message - We couldn't install windows 10. The installation failed in the SECOND BOOT phase with an error during PRE_00BE operation.

posted by dbirchum at 8:58 AM on July 14, 2017

Might want to run DISM against it before trying again.
posted by flabdablet at 9:01 AM on July 14, 2017

Ok. I will try that when I get home. I clicked on your link - seems a little complex, but I will give it a go. Thanks again.
posted by dbirchum at 9:08 AM on July 14, 2017

I would try Windows Defender. It's pretty good. Comes installed on Windows 10, but the link I provided allows you to enable it on 8.1.

There's nothing wrong with Avast, I don't think, other than the incentive to have you pay.
posted by teabag at 10:02 AM on July 14, 2017

seems a little complex

When MS articles tell you to type stuff into a cmd window, you're generally better off copying and pasting the line they tell you to type rather than actually typing it; if you're not familiar with command line punctuation conventions, it's easy to end up confused by stuff that doesn't seem to be working for mysterious reasons.

For a couple of extra gratuitous Windows irritation points, ctrl-V does not work for pasting stuff into a cmd window. You need to use right-click -> Paste instead.
posted by flabdablet at 11:46 PM on July 14, 2017 [1 favorite]

Just as a heads-up for people who happen to arrive here by googling for WannaCry: tonight I visited a customer who had just gone some way toward being taken in by a completely fake scam claiming to be WannaCry.

She was using some dodgy video-streaming website as a result of not having the technical skills to find her favourite drama series by any safer means than typing its name into Google and clicking the first result that promised to stream it for her (I know, I know).

So she got a few minutes worth of video stream, then a big scary pop-up, a siren and a looped voice-synth "security alert" saying she'd been infected by WannaCry, all her valuable files had been encrypted, and she MUST NOT touch the mouse or the keyboard and MUST NOT turn off her computer but MUST INSTEAD call the phone number listed in the scary pop-up. Completely over-the-top. I expected to see Tom Cruise arrive in a helicopter at any second.

Anyway, she'd rung them, got suspicious when the person she was talking to wouldn't tell her where they were, hung up on them and called me.

I found no .wcry files anywhere on her machine, which is in any case running a fully patched Windows 10. So, just another fake-tech-support scam with no actual substance.
posted by flabdablet at 10:54 AM on July 20, 2017

« Older - good or dodgy?   |   Should my partner get surgery for a deviated... Newer »

You are not logged in, either login or create an account to post comments