• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Need help with unusual internet connection problem. This one has me stumped.

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

trents

Senior Member
Joined
Dec 27, 2008
A customer of mine fell for an online computer maintenance scam. You know, the guys from India who remote in and purportedly show you all the bad things they found wrong on your computer. They put some security software on it that supposedly protects you from harm if you pay the bucks and sign up for the plan. Well a few days ago her computer would not complete the boot into Windows 10, just a black screen with the white spinner pattern. She tried to contact the outfit that sold her the contract and they are not responding to her. Obviously, they have moved on.

I did a from scratch install of Windows 10, deleting all partitions first. The computer was running perfectly at my house and there were no issues surfing the net.

I take the computer to her house and we connect it all up and anytime we try to open a web page there is a warning message saying something about a privacy risk and the certificate not being valid. There is a cross out of the "s" in https://. I entered several different search strings in the URL window and same thing.

Now here's the kicker. I go home and get my laptop and connect it up in the customer's home and we can surf the net at will. So I take her computer back to my house and connect it up to my internet and again, no problem surfing the net. The problem is with her computer on her internet connection.

I researched this and the only information I found stated this problem is usually caused by an incorrect time and date stamp. The time and date stamp are not incorrect on this computer, however, either in Windows or in the bios.

Is it possible that the scammers or her ISP has done something to block her computer from the internet when using her gateway IP? Perhaps at the mac address level? I can not think of any other way to explain this. I checked network sharing settings and made sure network discovery was turned on, though when I did the fresh installation of Windows I turned it off initially.

Any ideas? I have never run into this before!
 
Last edited:
Did you check her router to make sure there was nothing fiddled with there?
 
Thanks, guys. I just got off the phone with my network guru buddy and he gave the same advice as you two. He said he ran into this same kind of thing once on his personal network and ended up having to replace the Comcast gateway device. Apparently, the cyber crooks will sometime hack routers. I will try this but can't do it until Wednesday because of customer's schedule. I'll get back to you.
 
Last edited:
Just got an email reply from my son who is a network engineer for a state credit union system:

I would try a factory reset of her modem/router. It's possible they hacked that as well. If it's handing out some bogus DNS servers it might be redirecting her to fake sites, thus triggering the security error.

The reason your computer worked ok on her connection could be because of a static lease linked to only her computer's MAC address.


So my son agrees with what the rest of you are thinking.
 
Update: Fixed now but lots of time and frustration involved with not so competent Centurylink support techs. I narrowed it down to a MAC address issue because when I used a USB ethernet adapter the problem disappeared. When I removed the adapter and plugged the cable directly into the ethernet port on the computer the problem returned. We were always back to the website redirect that the computer's security prevented us from connecting to without the USB adapter. Deleted cookies, history, cache but no go. Reset the router with the button on the back. No go. Called Century link and had them reset the router on their side. No go. The Centurylink tech had me change the Network SSID and the admin password. No go. The Centurylink tech had me uninstall drivers for the NIC and reinstall them. No go. Centurylink tech had me wipe/redetect the Ivp4 adapter settings. No go. He had me uninstall and reinstall the Chrome browser. No go. After all that none of the browsers would even load a page of any kind. Finally, the Centurlink tech ran out of ideas and we ended the conversation.

I was almost resigned to just using the USB ethernet adapter and calling it a day. I tried one last thing that turned out to be the fix. Through Device Manager and Properties I changed the MAC address for the Computer's NIC. Bingo! That worked.

It was a real learning experience. I don't know what the hacker's did but whatever they did was at a deeper level than just resetting the router would take care of. Next time I will just start with changing the MAC address of the NIC and save myself a lot time and frustration.
 
Last edited:
Thank you for this thread. I will file it away for when one of my clients gets something similar.

I'm not keen on changing the MAC. It just seems to be inviting another issue later on. I would rather that a new modem/router be installed or root around in the router's software. Maybe re-flash the firmware? Just my thought on the long term.
 
Thank you for this thread. I will file it away for when one of my clients gets something similar.

I'm not keen on changing the MAC. It just seems to be inviting another issue later on. I would rather that a new modem/router be installed or root around in the router's software. Maybe re-flash the firmware? Just my thought on the long term.

don, I'm getting the same advice from others. I will pass this on to the client. Unfortunately, she is on a very limited income and I'm not sure Centurylink will be willing to replace her gateway without her paying for it.
 
The "DNS hijack" described here https://www.komando.com/cool-sites/312613/test-your-router-to-see-if-its-been-hacked-heres-how sounds like what happened.

Update: Checked the customer's router with the F-Secure router checking tool and it reported no issues. Not sure how thorough the tool really is but maybe better than nothing.

Update 2: Well, beans! I called F-Secure support and learned that changing the computer's MAC address will invalidate the tool's results.
 
Last edited:
Back