How to know if a computer was hacked

Updated: 09/03/2019 by Computer Hope
Anonymous individual using a laptop.

It can be difficult to detect a hacker on a computer because the hacker hides or disguises their actions. Below are the most common things you may notice after a computer is hacked.

Note

It is difficult, if not impossible, to determine who hacked a computer or detect who is actively hacking a computer.

Tip

Most computer problems are not caused by computer hackers. It is more common for a computer to be hijacked by a virus than to be hacked.

New programs installed

In some situations, you may see new programs or files on the computer. If you are the only user on the computer and new programs were installed, it may have been hacked. However, there are also several legitimate reasons why a new program may appear on the computer, which are listed below.

  • Operating system or other program received updates that included new programs or files.
  • When you installed a new program, other programs may be installed with it. For example, it's common for plugins and other free programs to have a check box verifying the installation of a new toolbar or antivirus program. If you don't uncheck these boxes, the additional new programs are installed.
  • If you suspect someone may have used your machine, ask if they installed a new program.

Below is a listing of programs that may indicate a hacker was on the computer.

  • Backdoors and trojans are by far the most common programs installed on a computer after it is hacked. These programs can allow the hacker to access a large amount of information stored on your computer.
  • IRC (Internet Relay Chat) clients are another common way for a hacker to get into a computer or remotely control thousands of computers. If you have never participated in an IRC chat and have an IRC client your computer may have been hacked.
  • Spyware, rogue antivirus programs, and malware might indicate a hacker. More commonly, however, they are a sign your computer was infected via download or visiting a hijacked page while on the Internet.

Computer passwords have changed

Online passwords

Sometimes, after an online account is hacked, the hacker changes the password to one or more accounts. Try using the forgot password feature to reset the password. If your e-mail address has changed or this feature does not work, contact the company who is providing the service. They are the only ones who can reset your account and give control back to you.

Local computer password

If your password to log into your computer has changed, it may have been hacked. There is no reason why a password would change on its own.

E-mail sending spam

Notification of new e-mail.

When an e-mail account is taken over, the attacker often uses that account to spread spam and viruses. If your friends, family, or coworkers are receiving advertising e-mail from you, your e-mail may be compromised. Log into your e-mail account and change your account password.

Tip

E-mail addresses can also be spoofed without hacking the account. After changing the e-mail password, if your friends continue to get e-mails you have not sent, it is likely someone is spoofing your e-mail address.

Increased network activity

For any attacker to take control of a computer, they must remotely connect to it. When someone is remotely connected to your computer, your Internet connection will be slower. Also, often after the computer is hacked, it becomes a zombie to attack other computers.

Installing a bandwidth monitor computer program helps determine which programs are using bandwidth on your computer. Windows users can also use the netstat command to determine remote established network connections and open ports.

However, there are multiple legitimate reasons why your Internet connection may also be slow.

Unknown program requesting access

Computer security programs and firewalls help restrict access for security purposes. If the computer prompts for access to programs you do not know, rogue programs may be installed or it may have been hacked. If you do not know why a program needs access to the Internet, we recommend blocking access to that program. If you later discover these blocks cause problems, they can be removed.

Tip

A firewall prompting you for access may also be someone trying to probe your network, looking for open or available ports.

Security program uninstalled

If the computer's antivirus program, anti-malware program, or firewall was uninstalled or disabled, it can also indicate a hacked computer. A hacker may disable these programs to help hide any warnings that would appear while they are on your machine.

Note

It is also possible for a virus to disable the antivirus program or malware to interfere with the anti-malware program.

Computer is doing things by itself

Mouse cursor moving by itself

If your computer is deeply exploited, it's possible for a malicious third-party to remotely control your computer, executing any programs you have the privilege to run. If they are controlling your current login session, they can even control the computer as if they were sitting at your desk, using your keyboard and mouse.

For example, a mouse cursor could be moved or something could be typed. If you see the computer doing something as if someone else is in control, your system is likely being exploited at the root level.

Internet browser homepage changed or new toolbar

If you notice your web browser configuration has suddenly changed, this may be a symptom of virus or malware infection. Examples of sudden browser changes include your homepage changing, a third-party toolbar being added, or your default search engine changing to something you don't want.