Hackers don’t typically tell their victims that they’ve been hacked. Normally, hackers gain entry to computers of their victims without their knowledge and carry out their work. That way, they can come back another time to see what else they can do or find. In such a scenario, it is very difficult to find out if your computer has been hacked. Thankfully, there are a handful of signs that indicate a hacker may have invaded a network or a computer you use. While in all such hacked cases, the top most recommendation would be to completely restore your system to a known good state before proceeding. Depending on your operating system, it might simply mean clicking on a Restore button. However, once a computer is compromised, it can never be fully trusted again. In this article, we bring to you to recovery steps listed in each category that you can follow if you don’t want to do a full restore. Note: a complete restore of the system is always a better option, risk-wise. No. 1: Fake antivirus messages Fake antivirus warning messages are among the definite signs that your system has been compromised. Normally, you will be tricked by a malicious fake “antivirus warning” message luring you to buy their product. Once you click the link, you would be directed to a professional-looking website that would provide tons of recommendation. There, they ask you for your credit card number and billing information. This is where most of the people are tricked into providing their personal financial information. As a result, hackers gain complete control of your system and get your credit card or banking information. What to do: Shut down your computer, as soon as you notice the fake antivirus warning message. (Note: This requires knowing what your legitimate antivirus program’s warning looks like.) If you are working on something, save it right away. However, the sooner you shut down your computer, the better. Boot up the computer system in Safe Mode, No Networking, and try to uninstall the newly installed software (many a times, it can be uninstalled like a regular program). Either way, follow up by trying to restore your system to a state prior to the exploitation. If successful, test the computer in regular mode and ensure that the fake antivirus warnings have disappeared. Then, follow up with a complete antivirus scan. Many times, the scanner will look out for sneak remains left behind. No. 2: Unwanted browser toolbars Your browser may have several new toolbars with names that might indicate that the toolbar is supposed to help you. If you figure out that the toolbar is not from a very well-known vendor, go ahead and remove the bogus toolbar. What to do: Most browsers allow you to review installed and active toolbars. When in doubt, remove any toolbars that you never wanted to install. If the fake toolbar isn’t listed there or you can’t remove it easily, check if your browser has an option to reset the browser back to its default settings. If this doesn’t work, follow the instructions listed above for fake antivirus messages. You can usually avoid malicious toolbars by ensuring that all your software is fully patched and by being on the lookout for free software that installs these toolbars. (Hint: Read the licensing agreement. Toolbar installs are often mentioned in the licensing agreements that most people don’t read.) No. 3: Redirected Internet searches Redirected internet searches is another sign that your computer has been compromised, as a hacker gets paid by getting your clicks to appear on someone else’s website. Many a time people don’t know that the clicks to their site are from malicious redirection. Ironically, today’s redirected Internet searches through use of additional proxies are well hidden from the user, so the bogus results are never returned to alert the user. To sum it up, if you have bogus toolbar programs, you’re also being redirected. What to do: Follow the same instructions as above. Typically dumping the bogus toolbars and programs is enough to get rid of malicious redirection. No. 4: Sudden change in your online passwords If you notice a sudden change in one or more of your online passwords, then you are more than likely been hacked or at least that online service has been hacked. Usually in such a scenario, the victim replies to an authentic-looking phish email that supposedly claims to be from the service that ends up with the changed password. The hacker collects the logon information, logs on, changes the password (and other information to confuse recovery), and uses the service to steal money from the victim or the victim’s connections (while acting to be the victim). What to do: Immediately notify all your contacts about your compromised account if many of your acquaintances are being contacted through the scam. Secondly, report the compromised account by getting in touch with the concerned online service. Many online services can quickly get the account back under your control with a new password in a few minutes, as they are used to this kind of maliciousness. Some services even have the whole process automated. A few services even have a “My friend’s been hacked!” button that allows your friends to start the process. This is helpful, because your friends often know your account has been compromised before you do. Also, if the compromised logon information is used on other websites, immediately change those passwords. Lastly, think about using online services that provide two-factor authentication, as it makes your account much difficult to steal. No. 5: Unexpected software installs If you notice that your computer is installing unwanted and unexpected software then there is likelihood that your system has been hacked. These days most malware programs are Trojans and worms that typically install themselves like legitimate programs. They can attempt to say something like, “But we are a legitimate software company.” The unwanted software oftentimes is legally installed by other programs, so read your license agreements carefully. What to do: There are many free programs that show you all your installed programs and let you selectively disable them. For instance, Autoruns (for Windows) doesn’t show you every program installed but will let you know the ones that automatically start themselves when your PC is restarted. You can find many of the malware programs here. However, the difficult part is to find out what is and what isn’t legitimate. If you are not sure about this, disable the unrecognized program, reboot the PC, and re-enable the program only if some needed functionality is no longer working. No. 6: Your friends receive fake emails from your email account This is one of the common scenarios where your email friends end up receiving malicious emails from you. If it’s just a few friends and not everyone in your email list, then more than likely your computer hasn’t been compromised (at least with an email address-hunting malware program). Malware programs and hackers these days often pull email addresses and contact lists from social media sites, but by doing so means they obtain a very incomplete list of your contacts’ email addresses. Even though not always the case, the bogus emails they send to your friends often don’t have your email address as the sender. It may have your name, but not your correct email address. If this is the case, then usually your computer is safe. What to do: If one or more friends’ reports receiving bogus emails claiming to be from you, then run a complete antivirus scan on your computer, followed by looking for unwanted installed programs and toolbars. No. 7: Frequent random popups This popular sign happens your system has been compromised and you start getting random browser pop-ups from websites that don’t normally generate them. What to do: Normally, random pop-ups are generated by one of the three previous malicious mechanisms noted above. You will require to get rid of bogus toolbars and other programs, if you even hope to get rid of the pop-ups. No. 8: Your bank account balance shows missing money If you notice that your bank account is missing lots of money, then it is a sure sign that your computer has been compromised or probably you have responded to a fake phish from your bank. Normally, cybercriminals transfer everything or nearly everything, often to a foreign exchange or bank by logging on to your bank account, changing your contact information, and transferring large sums of money to themselves. What to do: To prevent such a scenario at the roots, turn on transaction alerts that send text alerts to you when something unusual is happening. Many financial institutions allow you to set limits on transaction amounts, and if the limit is exceeded or it goes to a foreign country, you will be sent a notification. Regrettably, many times the online hackers reset the alerts or your contact information before they steal your money. Therefore, ensure that your financial institution sends you alerts every time your contact information or choices of alerts are changed. No. 9: Your mouse moves between programs and makes correct selections Another definite sign that you are hacked is when your mouse pointer moves on its own while making selections that work. Usually due to hardware problems, mouse pointers often move aimlessly. However, somewhere malicious humans are involved if the movements include making the correct selections to run particular programs, which could trading your stocks, involve breaking into bank accounts and transfer money, and perform all kinds of rogue actions that could lessen your cash load. What to do: If you are victim of this attack, complete restore of the computer is the only option you should choose for recovery. Immediately change all your other logon names and passwords using another known good computer. Check your stock accounts, bank account transaction histories, and so on. Think about paying for a credit-monitoring service. Further, if you have lost any money, ensure that the forensics team make a copy first. If you have suffered a loss, call law enforcement and file a case, as this information may be needed to recover your real money losses, if any. No. 10: Your Task Manager, antimalware software, or Registry Editor is disabled and cannot be restarted If you notice that your antimalware software is disabled that you haven’t done it, then this is a big indicator that your computer has been compromised. If you try to start Task Manager or Registry Editor and they won’t start, start and disappear, or start in a reduced state, which is very common for a malicious malware to do. What to do: In such a situation, performing a complete restore of your software by getting rid of the malware program would be the best option, using the methods listed above. However, if you wish to try less extreme methods, then ensure that you research the many methods that are available to restore the lost functionality (any Internet search engine will return lots of results), and restart your computer in Safe Mode and start the restoration. Source: Infoworld