Malware on my Computer

RichardAnd

Hi lads,

I hope that this is the correct forum for this, as it's less of a work issue and more of an advice request.

My computer in work has been found to have been infected with malware. I have no idea how this happened, but I can only speculate that I downloaded something that I perhaps should not have.

I have administrator access on my PC, and when I'm not that busy, I sometimes study computer coding or read up on new technologies in my field (software dev). In my opinion, it's necessary to keep up to keep up to speed on technology to be a good developer, and sometimes I download tools and programming guides to help me in this end.

Last night, I got told that my PC was infected and that security are asking questions. I'm honestly genuinely concerned about this as whilst I didn't do anything with malicious intent or do something stupid like look at pornography at work, I still am worried.

My question if how I should proceed with this situation? Nothing may come of it, but the head of security at my company can be difficult, and I'm concerned that he may want to press the issue.

If I get into trouble, do I have any options legally? If the company tried to fire me, what could I do? Maybe I'm making a mountain from a molehill, but I want to be prepared

Thanks Lads.

Apiarist

Do not touch the computer. Do not attempt to "fix" it. Let the IT deal with it as soon as possible.

Apiarist

RichardAnd wrote: »

If I get into trouble, do I have any options legally? If the company tried to fire me, what could I do?

Don't worry prematurely. Malware happens to many of us. Now doing something stupid like trying to hide that you have malware -- that would be a serious offence in my view.

RichardAnd

victor8600 wrote: »

Do not touch the computer. Do not attempt to "fix" it. Let the IT deal with it as soon as possible.

victor8600 wrote: »

Don't worry prematurely. Malware happens to many of us. Now doing something stupid like trying to hide that you have malware -- that would be a serious offence in my view.

Thanks guys. They already know about it. They apparently detected traffic to an external IP from my machine.

RichardAnd

RichardAnd wrote: »

Hi lads,

I hope that this is the correct forum for this, as it's less of a work issue and more of an advice request.

My computer in work has been found to have been infected with malware. I have no idea how this happened, but I can only speculate that I downloaded something that I perhaps should not have.

I have administrator access on my PC, and when I'm not that busy, I sometimes study computer coding or read up on new technologies in my field (software dev). In my opinion, it's necessary to keep up to keep up to speed on technology to be a good developer, and sometimes I download tools and programming guides to help me in this end.

Last night, I got told that my PC was infected and that security are asking questions. I'm honestly genuinely concerned about this as whilst I didn't do anything with malicious intent or do something stupid like look at pornography at work, I still am worried.

My question if how I should proceed with this situation? Nothing may come of it, but the head of security at my company can be difficult, and I'm concerned that he may want to press the issue.

If I get into trouble, do I have any options legally? If the company tried to fire me, what could I do? Maybe I'm making a mountain from a molehill, but I want to be prepared

Thanks Lads.

Does your company have policies in place regarding downloading software etc from the internet to your work laptop and have you broken these?

Where I work there are strict policies in place regarding what software can be installed etc and anyone found to have broken these will face disciplinary action up to dismissal, and that's without actually downloading malware.

So I guess it depends on what policies are in place with your employers.

biko

There could be any number ways you got infected.
From visiting a drive-by site to a malicious mail to your work client.

Let them fix it and don't worry over it.

RichardAnd

DubInMeath wrote: »

Does your company have policies in place regarding downloading software etc from the internet to your work laptop and have you broken these?

Where I work there are strict policies in place regarding what software can be installed etc and anyone found to have broken these will face disciplinary action up to dismissal, and that's without actually downloading malware.

So I guess it depends on what policies are in place with your employers.

I don't know. I was never told, and no one I've spoken to seems to know either. I looked through my contract, but I saw nothing in there about that, but then I guess that it wouldn't be in there.

I only ever downloaded stuff from reputable site, i.e., Oracle, Microsoft, linkedin Learning.

OMM 0000

It's possible an attacker got onto the network and moved laterally onto your machine. Then installed a downloader which is putting malware on your machine.

IT want to know how the malware got there. Believe it or not, the best case scenario is you did something stupid. That's much more preferable to the alternatives.

I wouldn't be freaking out.

RichardAnd

RichardAnd wrote: »

I don't know. I was never told, and no one I've spoken to seems to know either. I looked through my contract, but I saw nothing in there about that, but then I guess that it wouldn't be in there.

I only ever downloaded stuff from reputable site, i.e., Oracle, Microsoft, linkedin Learning.

Wouldn't be in contact. If they have policies in place, and unless they are a bit stupid, they will, you could argue that you were not made aware of them, if they didn't send out an email/give training etc.

As others have said it may not be something you download, but as someone who studies security the majority of breeches are down to human error, are you using social media sites on your work machine and clicking on links in posts etc, as this is the most common way to get caught.

Irishdreamer

RichardAnd wrote: »

I don't know. I was never told, and no one I've spoken to seems to know either. I looked through my contract, but I saw nothing in there about that, but then I guess that it wouldn't be in there.

I only ever downloaded stuff from reputable site, i.e., Oracle, Microsoft, linkedin Learning.

Have you ever been given an employee handbook? My company gives us a new employee handbook every year & inform us of any new sections or additions to it.

Jim2007

RichardAnd wrote: »

I have administrator access on my PC, and when I'm not that busy, I sometimes study computer coding or read up on new technologies in my field (software dev). In my opinion, it's necessary to keep up to keep up to speed on technology to be a good developer, and sometimes I download tools and programming guides to help me in this end.

What is the company policy on downloading such software?

Jim2007

RichardAnd wrote: »

I don't know. I was never told, and no one I've spoken to seems to know either. I looked through my contract, but I saw nothing in there about that, but then I guess that it wouldn't be in there.

I only ever downloaded stuff from reputable site, i.e., Oracle, Microsoft, linkedin Learning.

If the company is big enough to have a head of security, you can be sure it has a policy, pretty much everyone has one these days, because the public auditors usually want to see it. Look in the company handbook or circulars, the IT documents etc... and there is usually extra rules you agreed to when you get admin rights.

Batgurl

Do you have administrator rights because you need them for your job? Or do you have them because you “borrowed” them?

If you used the administrator rights to download something and you weren’t supposed to have them in the first place, then you should hold your hands up and admit it to prevent unnecessary work on your IT dept side.

RichardAnd

DubInMeath wrote: »

Wouldn't be in contact. If they have policies in place, and unless they are a bit stupid, they will, you could argue that you were not made aware of them, if they didn't send out an email/give training etc.

As others have said it may not be something you download, but as someone who studies security the majority of breeches are down to human error, are you using social media sites on your work machine and clicking on links in posts etc, as this is the most common way to get caught.

No. I don't use any form of social media beyond youtube. I have posted in Stack OVerflow and the Oracle forms, but I don't recall following any dodgy links.

Irishdreamer wrote: »

Have you ever been given an employee handbook? My company gives us a new employee handbook every year & inform us of any new sections or additions to it.

I was given one, but I can't remember precisely what it said.

Jim2007 wrote: »

What is the company policy on downloading such software?

No one seems to know from whom I have asked, my manager included.

Batgurl wrote: »

Do you have administrator rights because you need them for your job? Or do you have them because you “borrowed” them?

If you used the administrator rights to download something and you weren’t supposed to have them in the first place, then you should hold your hands up and admit it to prevent unnecessary work on your IT dept side.

I didn't ask for administrator rights. I was given them a few months ago to install software, but many of the developers have admin access.

In all honesty, I haven't done anything with my PC that really makes me worried. If I pulled in malware, it was by accident. I'm going to talk to my manager about this properly in the morning and get it settled. If they want to grill me, I'd rather it be done now.

RichardAnd

RichardAnd wrote: »

No. I don't use any form of social media beyond youtube. I have posted in Stack OVerflow and the Oracle forms, but I don't recall following any dodgy links.




I was given one, but I can't remember precisely what it said.



No one seems to know from whom I have asked, my manager included.




I didn't ask for administrator rights. I was given them a few months ago to install software, but many of the developers have admin access.

In all honesty, I haven't done anything with my PC that really makes me worried. If I pulled in malware, it was by accident. I'm going to talk to my manager about this properly in the morning and get it settled. If they want to grill me, I'd rather it be done now.

If you don't know, you don't know, nothing wrong with that. Your I.T. / security department can do analysis on your machine and may well determine the actual malware involved and how and when it was installed.

STB.

RichardAnd wrote: »

I didn't ask for administrator rights. I was given them a few months ago to install software, but many of the developers have admin access.

In all honesty, I haven't done anything with my PC that really makes me worried. If I pulled in malware, it was by accident. I'm going to talk to my manager about this properly in the morning and get it settled. If they want to grill me, I'd rather it be done now.

Grill you! Look there's a certain level of personal responsibility with using trusted software anywhere, not just in the workplace. You may find you have an IT usage policy within your workplace. They normally aren't worth the paper they are written on. There is a bigger issue here which is not your problem.

As regards the local admin rights that your IT division are handing out whilly nilly, that is the problem. The security issue at their end is a bigger issue than you unwittingly installing software. You didn't do so intentionally and it wasn't malicious on your part.

And what corporate virus checker didn't pick this up in the first place.

I suspect that the software isn't malware at all, but someone who has written software with a backdoor or that has vulnerabilities that need to be patched. Stop worrying.

I suggest you ask in the IT and security forum rather than here.

mickthewall

You’ll be fine OP, this happens all the time.

More than likely some Dodgy software forum you visited looking for help which are rampant.

It’s one of these things that happens, you didn’t compromise the company or anything.

The admin access is only to your local PC so don’t worry about that.

Honestly happens every day. Nothing to fret about.

Worst they’ll ask you is do you know how you got it

Sam011

Delete System32.