How do you tell if your computer has been hacked?
Many computer users go about each day not realizing their computer was compromised by a hacker. Maybe your computer has a certain file running on it that allows hackers to access your personal information at will. Either way there are steps you can take to do some spying on your own system to make sure your computer was not hacked.
In most cases of hacking a computer, an unwanted file or files of some type are left behind. These files come in various forms such as spyware and viruses. Sometimes a virus protection program is not enough to keep you safe. The footsteps that hackers leave behind on your system are the suspicious and unwanted files. You can check for these files or programs by simply observing your computers activity and locating additional running processes.
Symptoms of a Hacked Computer
If your computer experiences any of the following symptoms below, you may be infected with an Internet Trojan and hackers may have the ability to invade your computer.
- Computer suddenly starts running slow.
- Settings were changed without your knowledge. Your web browser home page or file information.
- Suddenly slow internet access.
- Additional internet activity detected without you using any programs accessing the internet.
- Abnormal running files/processes in the task manager.
There are several free utilities that users can utilize to check their computer for evidence of being hacked. These utilities look for unusual activity such as the utilization of your TCP and UDP Ports. TCP and UDP ports explained here. A TCP or UDP port is used by programs for transfer of information to other computers on the internet. Below is a list of utilities you can use for basic investigative checks on your computer to tell if you were hacked.
List of free utilities:
PSTools - This is a utility that gives you a list of command lines that can kill/quit processes running on your computer. To completely remove a virus or hacker file you may need command line functions to end a running process of the malicious file.
Fport - This is a utility program that runs from the command line. When it is run it monitors the TCP and UDP ports telling you which program is using which port.
TCPView - This utility also listens to the TCP and UDP port activity. It has a graphical user interface (GUI) for easy use. This utility is similar to Fport but with a better front end interface for use.
File Analyzer - This is a tool that allows you to view additional information about any given file. When you do a right-click-properties of a file you can view detailed information of the given file. This arms a user with the ability to better identify a suspicious file type.
Windows boot disk creator - You can create boot disks from the following website: http://www.bootdisk.com/bootdisk.htm. This allows you to boot from a separate disk for removing any corrupted or hacker files on your computer system without them loading into your system during a boot process.
Now that you are armed with all of these wonderful tools. What do you do now?
As a general rule to finding out of your computer is hacked you must know how your computer usually behaves under normal circumstances. This means if it takes a commonly used application an additional 2 minutes to open then you might have a problem. It is always a good practice to familiarize yourself with the list of normal running processes/programs on your computer. You can do this by right-click the taskbar and go to Task Manager and the Processes Tab.
To get a little deep into detecting if your computer has been hacked you can check for the TCP and UDP port activity for any given program. You can use the Fport or TCPView program for this. Since hackers leave files behind to initially hack your system you can run Fport or TCPView to see which program or files are accessing the ports. If you locate the suspicious file and find that it is accessing a TCP or UDP port then it means the file is transferring information to another source. The source is usually the hacker on the other end collecting your personal information in some cases. You must use a boot disk and remove the corrupted file.
If you are trying to locate a file that Fport or TCPView found and you cannot find it in on your hard drive then it may be a hidden file.
To display/show hidden files you must change the setting in your Folder Options. Open up My Computer > Tools menu > Folder Options > View tab > uncheck the box "Hide extensions for known file types" and make sure the bullet for "Show hidden files and folders" is selected. Click OK.
If all else fails with removing hacker files or fixing your computer from being hacked you can format your hard drive and reinstall the operating system as a last resort. We do not recommend you doing as you will lose ALL of your information. In the end it is your call and it is always worth a try to remove the malicious files first.