Computer seized by police, how to check/clean for keyloggers or any other malware?

Joined
Apr 29, 2015
Messages
31
I'm not getting into details, but my computer was taken by the police recently.

But they gave it back. I will never hook this computer back up to the Internet until I completely scrub it of any trackers/warez.

If I could afford it I would just scrap this computer and build new, but damn this thing is/has been a beast in many ways for me over the years, so I'm have some nostalgia in trying to keep it. Plus the new comp I would build will cost me at least a G with the way I would build it and if I could just clean my original, it's got plenty of horses under the hood for an upcoming major project I really need it for.

I'm getting a new SSD for OS (think I'm going back to Ubuntu from Win7)

But I also want to run/clean the mobo/bios/anything else for keyloggers or any malware at all they may have installed.

Is it 100% possible to rid myself of any software they may have put on my mobo by doing some type of reset/wipe/clean of bios? Would there be anything else to consider?

What about the memory sticks, could they install/embed any malware of any kind in them? I'm not opposed to buying new memory if they could.

No this post is not a joke and real help is greatly appreciated. I think I put this in the right place on the forum... If not mods please move.

Thanks.
 
Last edited:
What are the system specs?

Is the BIOS chip removable?

Nothing can be installed in RAM and persist after the power is turned off.
 
Buy a new SSD and reinstall.

If you still don't trust that, build a new rig.
 
Stuff like the SSD can be secure erased and the CPU is fine. Secure erase the SSD and you should be fine. and the bios battery as said.

EDIT: My brother works with the local PD, he said that it's basically only hard drives they try to trace and stuff, secure erase the drive and your good
 
Last edited:
if you have another computer install wireshark on it and watch the logs from your old pc.

see if there is any traffic going somewhere where it shouldn't.
 
The BIOS chip is removable. It is the socketed chip next to the black PCIe slot.

I highly doubt that there is anything installed on it as unless you are a "high risk" person there would be no point in them spending the time and effort to install anything on the BIOS.

If you are really paranoid, you should be able to order a replacement BIOS chip off of Ebay.

If you want to go ahead and replace the board, you can get something for pretty cheap but I really don't think it is going to make a difference.
 
Main article: Fourth Amendment to the United States Constitution

The Fourth Amendment to the United States Constitution provides that:

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
 
Main article: Fourth Amendment to the United States Constitution

The Fourth Amendment to the United States Constitution provides that:

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

lol 4th amendment.

good luck with that.

when they call you a terrorist, you have no rights and they need no evidence.
 
I'd say I'm paranoid enough to build a whole new computer if I have to.

Beyond replacing the bios chip, there really isn't anything else that would be required to replace the whole board is there? I'd like to do this as cheap as possible with being as effective as possible, including replacing the whole board if really need be.

Should I remove the battery too?

I found a bios chip I think, eBay #260530996325 - does that look like the right one, says it's for P5K Premium? Or is it the P5k-E model - 380449609035

The link to mobo is my EXACT one.

Only problem is they say it needs to be soldered in? It's not just plugged in there? As easy as soldering probably is, I have never done it and wouldn't want to try it for this project.
 
Actually I think this is the right bios chip right: eBay #380447979692

Says specifically for P5K EPU and appears to be socket, not solder, which after looking at the mobo itself looks to be a socket bios chip. (I'm pretty sure I'm looking at the right thing)
 
dang this is too juicy not to know any details... I say scrap the hard drive and install a fresh new one and clean OS install
 
So I just ordered that chip and will get a new SSD or thumb drive to run a live version of Ubuntu off of, is there any other possible thing that could be corrupted with any warez that would need replacing?
 
So I just ordered that chip and will get a new SSD or thumb drive to run a live version of Ubuntu off of, is there any other possible thing that could be corrupted with any warez that would need replacing?

If you secure erase the SSD then you wont have to worry anymore.

also you can also always run a VPN online like PIA, its 3$/month for the added protection
 
I had 2 HDD and 1 Samsung evo SSD and I know they imaged all of them. The one HDD had truecrypt on it but I believethey defeated the encryption and got into it, although it did give them a hard ttime. I will use bit locker from here on out as that is supposed to be most secure encryption program.

Is secure erase a program to download or a function of an SSD? I just don't know if I'll truly trust it and would almost rather she'll out another $100 for a brand new Samsung evo drive like I have now.

I want to have a dual boot system of Ubuntu and win7 just for the times when Ubuntu is giving me a hard learning curve, I'm rusty as hell. 120g SSD is plenty for Ubuntu and I had a 250g for win7,but man the price difference between the 2 is so small it's almost worth getting 250g for both, but that's just so much overkill for Ubuntu. I'd like to dual boot on same SSD, and 250g would probably be able to do both, but it's usually better to keep them separately don't you think?

A VPN is also something I'd like to get setup but the lag is gonna piss me off.
 
I had 2 HDD and 1 Samsung evo SSD and I know they imaged all of them. The one HDD had truecrypt on it but I believethey defeated the encryption and got into it, although it did give them a hard ttime. I will use bit locker from here on out as that is supposed to be most secure encryption program.

Is secure erase a program to download or a function of an SSD? I just don't know if I'll truly trust it and would almost rather she'll out another $100 for a brand new Samsung evo drive like I have now.

I want to have a dual boot system of Ubuntu and win7 just for the times when Ubuntu is giving me a hard learning curve, I'm rusty as hell. 120g SSD is plenty for Ubuntu and I had a 250g for win7,but man the price difference between the 2 is so small it's almost worth getting 250g for both, but that's just so much overkill for Ubuntu. I'd like to dual boot on same SSD, and 250g would probably be able to do both, but it's usually better to keep them separately don't you think?

A VPN is also something I'd like to get setup but the lag is gonna piss me off.


secure erase is a function of an SSD. It basically gets rid of everything on it and resets it to like new, MUCH MUCH more so than a format.
 
I just don't know if I'll truly trust it and would almost rather she'll out another $100 for a brand new Samsung evo drive like I have now.

In that case, secure erase it and toss it on ebay. You'll cut your cost for a new drive to about $25.
 
Main article: Fourth Amendment to the United States Constitution

The Fourth Amendment to the United States Constitution provides that:

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

That's all well and good and several of us are believers in the Constitution but don't make the mistake of thinking our government is. Look at what government did to innocent Japanese Americans decades ago. Look at the NDAA from a few years ago which states that the government can imprison anyone, citizen or not, for any reason without trial or evidence for any length of time. Look at how the Supreme Court has oppressed people by completely disregarding not just the Constitution but common sense. They don't even make an effort to LOOK like they care about rights and laws and justice and all that.

To answer OP, wipe the drive and reflash BIOS/EFI. Make sure to completely wipe the drive and not just OS partition.

Replacing any hardware in this case is, honestly, just ridiculous.
 
You know if they are really watching you - they already know your hardforum handle and your other handles and know more about you than you would imagine. Creating your new hardforum handle didn't help you escape their survellience --- depending of course on what you did to deserve their attention.

In the corporate world, we have quite a few ways to monitor your activities as one of our staff. In the civil world - it's anyone's guess.

If I wanted to be absolutely sure, I'd drop the comp on ebay, and buy a whole new machine. I'd start using a VPN service going forward, and switch my ISP regularly, swap out my router to the newest model (less likely to have any known exploits), and ensure to change all my router credentials, and PC, website passwords after you receive your new machine - possibly change them from a family members house or public facility (library/school). But that's just the perspective of an infosec guy, who does none of those things because I have nothing to hide.

You should assume if they had your machine in their possesion, they know EVERY single last account and password you used. Forensic tools are amazing this days - especially if you had a spinning drive and not an SSD to begin with. They could see your print jobs, your web-email, your surf history, your chat messages - everything. Assume you have no confidentiality in what you did before.

BUT --- that's worst case and with a proper forensics team.

The reality is, probably, wiping your HD, and reformating would be sufficient to take care of your typical trojan fodder (unlikely anything is installed at all--- yet I don't know what you did or if the FBI was involved or any of the details --- if that's the case - the whole game changes - and you revert back to starting over from scatch like mentioned above).

HOWEVER -- why are you 'out of trouble' and trying to move on -- yet trying to secure yourself so you can potentially proceed with nefarious activities without being monitored. Check yourself -- use this as an opportunity to straighten out your life. You shouldn't need to hide what you do.
 
Check yourself -- use this as an opportunity to straighten out your life. You shouldn't need to hide what you do.

I'm not OP, but take that advice and shove it. He never told you he did anything and everything we do should be hidden if we want it to be. Police seize lots of property without a valid reason.

If this were a conversation in person, I'd honestly be hoping OP would punch you in the face for saying that.*

*: I don't condone violence. :)
 
Last edited:
If you have reason to believe you could be under targeted surveillance, buy everything new. Don't buy it online. Walk into a store.

While Trucerypt would have protected your data, once your hardware is out of your hands, even TC is futile. HDD firmware can work against you, UEFI can work against you. If you're a high-profile target for whatever reason, never re-use hardware you get back from law enforcement.
 
I'm not OP, but take that advice and shove it. He never told you he did anything and everything we do should be hidden if we want it to be. Police seize lots of property without a valid reason.

If this were a conversation in person, I'd honestly be hoping OP would punch you in the face for saying that.

Punching people in the face is the sort of thing that gets you arrested.
 
Punching people in the face is the sort of thing that gets you arrested.

threatening violence is enough to get you arrested.

The OP didn't go into details.. it could be something stupid like downloading too much adult material on torrents (and getting caught)

Face it though, if it is really serious I doubt protecting him self from future seizures would be this important on the list of things to do.

BTW: the 4th Amendment is still valid, the problem is they can get a warrant.. search your stuff while you are not around.. then tell you months down the line. .. thank you patriot act.
 
I like how the fourth amendment was brought up, but wasn't even verified that the OP is from the states.

Regardless, you have no idea if it was an unlawful seizure, and a political statement provides no technological help on this forum. Take your armchair legal advice elsewhere.

With that said OP, replacing the RAM would be pointless. I would just install new OS on a brand new drive and factory reset your BIOS. I doubt they did anything extensive unless you were involved in some serious criminal activity and, if in the states, had the Feds involved.
 
This is the local police not the FBI. I doubt they are going to this extent to monitor you unless you are really under their watch. At that point you would have cars following you and a tracking device installed on yours.

As stated before, Wipe the drive, reset the bios firmware, and then watch from a different machine wireshark logs.
 
If it's just the local cops, I wouldn't go to more extremes than secure erasing the SSD and reinstalling. Maybe flash the bios just for fun to an newer version (or the older revision if yours is already on the newest, then flash back to the newest).

If they've gone to more extreme methods, then they are already watching everything you do with the new cameras in your house.
 
Unless the NSA themselves seized your pc, all they have done is take a forensic image of your HDD. That is as far as the FBI would even go. Take the tin foil hat off. If they want your life, they can take it without ever seizing your stupid PC.

Now that being said, as to why they did it, you better keep clean. You can bet they took a snapshot of your drive(s), and it will be run though a few systems to look for whatever they are looking for. Honestly, if you don't have a lawyer, you better start looking for one. That is serious advice from somebody that knows how this works.
 
BTW: the 4th Amendment is still valid, the problem is they can get a warrant.. search your stuff while you are not around.. then tell you months down the line. .. thank you patriot act.

That has been the case far longer than the patriot act has been around.
 
I'm not OP, but take that advice and shove it. He never told you he did anything and everything we do should be hidden if we want it to be. Police seize lots of property without a valid reason.

If this were a conversation in person, I'd honestly be hoping OP would punch you in the face for saying that.*

*: I don't condone violence. :)

Ironic that you quote protection from unjust search and seizure, while at the same time violating my freedom of speech by threatening violence.


In the words of Roy D. Mercer - How big a boy are you?
 
If I wanted to be absolutely sure, I'd drop the comp on ebay, and buy a whole new machine. I'd start using a VPN service going forward, and switch my ISP regularly, swap out my router to the newest model (less likely to have any known exploits), and ensure to change all my router credentials, and PC, website passwords after you receive your new machine - possibly change them from a family members house or public facility (library/school). But that's just the perspective of an infosec guy, who does none of those things because I have nothing to hide.

Exactly, depending on what you did, and what they found on the computer, they can tap your line coming out of your house and collect EVERYTHING that comes in or out. Using a VPN, torrent, or different ISP won't help.

Above is the worst case scenario in an going investigation. If shit is this serious, you need to get an attorney bro.

Best case scenario, they just imaged the hdd as other have said. I severely doubt they put any key loggers / trojan on there as they can be easily removed. If they have probable cause to monitor your traffic they are going to go straight to the wire.

Again, this all depends on the severity of what was done.
 
I appreciate everyone's help and advice. Let's keep it civil so we don't get this thread locked.

A few things to help clarify:

It was local PD, but a large enough city they have enough resources to have probably anything at their finger tips. But the feds are not involved.

Computer was seized, but that was not what the issue/investigation is about. They took it because that's just standard procedure at this point during a search warrant it seems.

They did image all my drives, I know this for sure as the detective told me.

I didn't do anything illegal persay on the computer, but once they look through my history and interests they may raise an eye and want to take a closer look or keep an eye on me so I'm just making sure the computer is clean so I can reuse it.

Using a VPN would be nice, but if they're gonna tap my main cable line then according to a few on there I guess there's nothing I can do about it other than put my Internet in someone else's name. And I'm not sure if I need to go to that extent since technically the case is not in regards to any computer crime. But like I said they may not like my browsing history. Nothing weird or bad like kiddie porn etc, so I'm not trying g to cover being a sick fuck. Just particular interests that are generally taboo.

I have a really good attorney for the case, another reason I can't afford a new computer and want to clean up the old one.

I bought a new bios chip and SSD. According to everyone I should be good from those two steps alone. And there's a good chance they didn't install anything, but I'm paranoid as hell and locking my shit down even better with bit locker this time. I had truecrypt on my media HDD, but didn't have my OS drives encrypted and was on win7 and surely there's backdoors for them to get past my initial password login. I'll be moving to Ubuntu and adding as much security and encryption as possible.

I'm gonna secure erase old SSD and resell on eBay to counter balance cost of new drive.
 
Last edited:
Just a note, they CAN'T see what's going through your VPN, unless they had a warrant for the vpn provider and had monitoring setup there. Which they don't, that's fbi/nsa level stuff.

That's the whole point of a vpn - it's not readable from a tap in the middle.
 
Just a note, they CAN'T see what's going through your VPN, unless they had a warrant for the vpn provider and had monitoring setup there. Which they don't, that's fbi/nsa level stuff.

Bullshit, an agency with a court order/warrant can request that. It may not be likely in this case, but it is not "FBI/NSA stuff".

OP, you better stop looking to cover your tracks with VPN and go straight. It sounds like you were doing something grey, so they have your ass dead rights, and if you startup in a covert manner again, they will see it, then compel your ass right into a courtroom.

Seriously, walk away from whatever got you into this. As bad ass of a hacker as you may think you are, they are the fucking masters of the universe* compared to you.

* I will clarify why a local PD can be the masters of the universe when it comes to cybercrimes. They can tap into federal and state resources if they need to, and of there is a serious crime, or a good pile of money involved, they will tap into that resource.
 
Back
Top