My computer has been hacked. How do I fix it?

Getting hacked is a real danger for everyone. The problem of knowing my computer has been hacked and wondering how do I fix it can be hard. Which is why you should be aware of common signs that something isn’t right in your digital world.

There, here are some definite signs that your computer has been hacked and what to do in the event of a compromise.

You get a ransom message that your files have been encrypted:

Ransomware is huge! One of the worst messages anyone can see is your screen telling you that all your data is encrypted and asking for a payment to unlock it. Most victims end up with many days of downtime and additional recovery steps even if they do pay the ransom

What to do: All you have to do is restore the data and fully and verify to make sure the recovery was 100%. 

The best protection is to make sure you have good, reliable,  offline backups. You are taking a risk if you don’t have good, tested, backups that are inaccessible to malicious intruders.

If you using a file storage cloud service, it probably has backup copies of your data. Don’t be over confident. Not all cloud storage services have the ability to recover from ransomware attacks. Contact your cloud-based file service and explain your situation. Sometimes they can recover your files, and more of them, than you can yourself.

I had the same experience a year ago.  I was using Microsoft One Drive to back up all my files which synchronizes my files automatically. They were able to restore my last good backup immediately.

Lastly, several websites may be able to help you recover your files without paying the ransom. Either they’ve figured out the shared secret encryption key or some other way to reverse-engineer the ransomware. You will need to identify the ransomware program and version you are facing.

Antivirus, Task manager or Registry editor  is disabled

This is a huge sign of malicious compromise. Some types of malware disable your antivirus or anti-malware programs and make it difficult to re-enable them. If you notice that your antivirus has suddenly stopped working the only option would be to terminate any suspicious software through Task Manager or Registry Editor.

But even if you wanted to, it’s highly likely that you wouldn’t be able to open either of these two programs, as they might also be disabled.

What to do: Perform a complete restore because there is nothing to tell what has happened. I personally recommend on a Windows computer, try running Microsoft Autoruns or Process Explorer root out the malicious program causing the problems. They will usually identify your problem program, which you can then uninstall or delete.

If the malware won’t let you uninstall it, research the many methods on how to restore the lost functionality (any internet search engine will return lots of results), then restart your computer in Safe Mode

Frequent, random popups and your browser misbehaves:

This is one of the most explicit indications of a computer is infected or has been hacked. If you start seeing more annoying pop-ups in your web browser, and they often flash in sites that usually don’t generate pop-ups, this is a bad sign.

Redirecting users to certain websites is a lucrative business for hackers. They’re paid to redirect users to these sites, so once a user opens a URL, it will automatically redirect them to a different website without their permission.

This could also be done without the site owner’s consent, so they don’t actually realize the clicks are being forced by hackers.

It’s important to make sure that your PC or laptop is protected by the best antivirus possible, as phishing scams, hacks and malware numbers growing more and more by the day.

Read More

Unfortunately, the most advanced hacks are using proxies, so while you will still see the returning URL you wanted (the one you should actually see in your browser), you’re not actually on that site. So, you won’t even be aware of the fact that you’ve been rerouted.

So, you won’t even be aware that your internet search was redirected through the use of a proxy. That means that the returning URL is well hidden from you, tricking you into thinking you’re on the page you intended to be on.

This is a common technique hacker achieve through malware, called browser hijacking. Your browser has been compromised and you can’t trust it anymore. Often, when a browser is hijacked, you are redirected to fake versions of websites that are controlled by the hacker who created the malware. They can then capture your details and gain access to other sites such as online banking services using your name.

Sometimes the goal is to simply turn your machine into an advertising money mill. Ads will pop up and be clicked on automatically. Gaming the system and making money for those advertisers. Whatever the reason, this is a pretty bad situation to be in!

What to do: If you are lucky, you can close the tab and restart the browser and everything is fine. Most of the time you’ll be forced to kill the browser.

The worse scenario is that the fake anti virus message has compromised your computer. If this is the case, power down your computer. If you need to save anything and can do it, do so before powering down. Then restore your system to a previous known clean image. Most operating systems have reset features built especially for this.

You see new toolbars installed itself

If your browser is suddenly showing toolbars you don’t recognize and clearly didn’t install, it’s almost sure that your computer has been compromised.

Unwanted toolbars can be extremely annoying. They can mess with your browser settings and, for example, change your standard homepage to a spammy website.

Additionally, these toolbars can open the door to other malicious files and open ad windows without your permission.

Is this happening to you? If so, it’s time to get rid of these annoying toolbars. The longer you let them sit in your toolbar, the higher the chance other malware will nest itself in your system.

What to do:  Most browsers allow you to review installed and active toolbars. Remove any you didn’t want to install. When in doubt, remove it. If the bogus toolbar isn’t listed there or you can’t easily remove it, see if your browser has an option to reset the browser back to its default settings. If this doesn’t work, follow the instructions listed above for fake antivirus messages. You can usually avoid malicious toolbars by making sure that all your software is fully patched and by being on the lookout for free software that installs these tool bars. Hint: Read the licensing agreement. Toolbar installs are often pointed out in the licensing agreements that most people don’t read.

444,259 ransomware attacks took place worldwide (Source: Statista)

Unwanted software installed in your computer

Similar to unwanted installations of browser toolbars, it’s a clear sign that you’ve been hacked if software automatically installs itself without your consent.

It’s highly likely that these software programs can control or modify other software programs installed on your system. The worst-case scenario is that it could modify or disable your antivirus, allowing other types of malware to flood into your system.

A malicious program may be disguised as legitimate software to slip into your computer. Usually, it is done by worms or malware that attach to other software to get installed together as a bundle. So, if you notice an unknown program residing on your system, it’s likely a malicious one.

The unwanted software is often legally installed by other programs, so read your license agreements. There are quite a few software tools that install additional software on your PC – especially free software, which often asks the user’s permission to install third-party software.

This doesn’t always mean that the third-party software is malicious, but it’s never a good sign. The additional software could be weak and outdated, so it could be easily abused by hackers to take control of your system.

Always make sure to read the license agreements before installing software, and during the installation process steps, always uncheck the boxes that allow third-party software installation.

What to do: There are many programs that will show you all your installed programs and let you selectively disable them. My favorites for Microsoft Windows are Microsoft’s free programs, Autoruns or Process Explorer. They don’t show you every program installed but they will tell you the ones that automatically start themselves when your PC is restarted or the ones currently running (Process Explorer).

First, you should uninstall any software added to the system since the problems started. You should also look for any applications you don’t remember installing and remove them.

This is usually not enough to get rid of the problem, so after finishing the normal uninstall process, you then need to use a malware removal tool such as Malware bytes to clean out the infestation.

Your passwords no longer work

One of the first signs that you’ve been hacked is when your credentials for an account refuse to work. You’ve double-checked and still can’t log in. Weird, right? Well, this is a pretty obvious sign that someone else has the keys to your kingdom and that can be a very serious situation.

However, if you are absolutely sure that you’ve entered the correct login details – and the site is not experiencing technical problems – and it’s no longer working, then it’s highly likely that someone stole your details and changed the password.

Phishing emails might be the culprit of login issues. Such scams usually redirect you to a look-a-like page where you enter your account details, but unknowingly present the data to a hacker.

What to do: If the scam is widespread and many of your acquaintances have been contacted, immediately notify all your close contacts about your compromised account. This will minimize the damage being done to others by your mistake. Second, contact the online service to report the compromised account. Most online services now have easy methods or email contact addresses to report compromised accounts. If you report your account as compromised, usually the service will do the rest to help you restore your legitimate access. Also, consider enacting MFA.

If the compromised logon information is used on other websites, immediately change those passwords. Be cautious. Websites rarely send emails asking you to provide your logon information. When in doubt, go to the website directly (don’t use the links sent to you in email) and see if the same information is being requested when you log on using the legitimate method. You can also call the service via its phone line or email them to report the received phish email or to confirm its validity.

Hackers create 300,000 new pieces of malware daily. (Source: McAfee)
92% of malware is still delivered via email. (Source: Verizon)
More than 500 million PCs are infected with mining malware.(Source: Slashdot)

Emails or Social Media Messages That You Didn’t Send

If a virus has compromised your email, it might be trying to spread further by sending malicious emails to your contacts. It doesn’t automatically mean that your computer has been hacked. However, if the fake email includes your name and email address, it is likely that your system has been infected.

Are your friends messaging you because of something you posted on Facebook? Or they received an email from you which you did not send?

That’s a clear sign that your account has been taken over. You can follow exactly the same advice as in the point above.

Generally, the hacker is using your account to send out a message to all of your contacts with either a link that will instantly start the download of a malicious file or redirect them to a malicious site.

It could be a standard message or only a URL. If the hacker(s) are real professionals, it could even be a personally-tailored message to increase the likelihood of someone clicking the link.

Either way, this is a clear sign your system or social media accounts have been hacked.

What to do: First, warn other friends not to accept the unexpected friend request. Contact the social media site and report the site or request as bogus. Each site has its own method for reporting bogus requests, which you can find by searching through their online help.

Change to multi-factor authentication (MFA). That way the hacker can’t as easily steal and take over your social media presence.

Email Phishing and Spoofing – All you need to know

Mouse moving strangely

The signs above are pretty overt, but often a compromise of your device is a little more subtle. If your computer is constantly slow and working at full capacity, that could be a sign things aren’t right. Does the battery on your phone run out much more quickly? Does the mouse pointer move by itself or applications open and close without you doing anything?

A moving mouse pointer is a sign that your computer has been hacked, though it could instead be that you’re suffering from technical issues.

There’s an important difference between the two scenarios, though.

If the mouse cursor is randomly flying all over your screen without a clear path of direction, it’s most likely caused by a glitch or a technical problem.

In the case that the mouse cursor is making clear movements and systematically opening software tools or other programs, you can be sure that someone else has full control. This person is controlling your computer from a different location.

It’s quite a dangerous threat because hackers could wait for the computer to become inactive and then strike. While you’re asleep, someone is using your computer to do whatever they want.

What to do: First of all, disconnect that device from the internet! If someone is actively sending it commands, cutting off that access is the first step. Secondly, if you can, run anti-malware and antivirus software.

However, the best option is probably to do a factory reset or complete wipe and reinstall of that system.

Using another known good computer, immediately change all your other logon names and passwords.

Some simple steps you can take to protect you from the hacker:

• Use a 2-way firewall
• Update your operating system regularly
• Increase your browser security settings
• Avoid questionable Web sites
• Continually check the accuracy of personal accounts and deal with any discrepancies right away
• Limit the personal information you post on a personal Web pages
• Run a full virus scan to detect the malware and viruses infecting your computer
• Review the applications installed on your device. If any developer or vendor doesn’t seem legitimate, uninstall the app right away.
• Change the passwords for your online accounts.
• Wherever you can, set two-factor authentication for important online accounts.
• Clear browser cookies regularly.
• Never click on suspicious links nor download applications from unknown sources