How do I know if my computer has been hacked?

HackerTip: Most computer problems are not caused by computer hackers, it is more common for a computer to be hijacked then hacked. It can be difficult to detect a hacker on a computer because nothing changes to help disguise the hack. Below are the most common things that change after a computer is hacked.

New programs installed

In some situations, you may see new programs or files to the computer. If you are the only user on the computer and new programs are installed, this could be an indication of a hacked computer. However, there are also several legitimate reasons why a new program may appear on the computer, as listed below.

  • Operating system or other program received updates that included new programs or files.
  • When installing a new program it may have installed other programs. For example, it is common for plugins and other free programs to have a check box asking if it is ok to install a new Toolbar or antivirus on your computer. If these boxes are checked, new programs are installed.
  • Any other person who logs on your computer could install new programs.

Below is a listing of programs that may indicate a hacker has been on the computer.

  • Backdoors and Trojans are by far the most common programs to be installed on the computer after it has been hacked. These programs allow the hacker to gain access to the computer.
  • IRC clients are another common way for a hacker to get into a computer or remotely control thousands of computers. If you have never participated in a IRC chat, your computer may have been hacked.
  • Spyware, rogue antivirus programs, and malware can be an indication of a hacker. However, are more commonly a sign that your computer has been hijacked while on the Internet.

Computer passwords have changed

Online passwords

Sometimes, after an online account is hacked the attacker changes the password to your account. Try using the forgot password feature to reset the password. If your e-mail address has changed or this feature does not work, contact the company who is providing the service, they are the only ones who can reset your account.

Local computer password

If your password to log into your computer has changed, it may have been hacked. There is no reason why a password would change on its own. Log into an administrator account to change your accounts password.

E-mail spam being sent

When an e-mail account is hacked or taken over, the attacker almost always uses that account to spread spam and viruses. If your friends, family, or coworkers are receiving e-mail from you advertising something like Viagra your e-mail is compromised. Log into your e-mail and change your e-mail account password.

Tip: E-mail addresses can also be spoofed without hacking the e-mail account. After changing the e-mail password, if your friends continue to get e-mails you have not sent, it is likely someone is spoofing your e-mail address.

Increased network activity

For any attacker to take control of a computer, they must remotely connect to that computer. When someone is remotely connected to your computer, your Internet connection will be slower. Also, many times after the computer is hacked it becomes a zombie to attack other computers.

Installing a bandwidth monitor program on the computer can help determine what programs are using what bandwidth on your computer. Windows users can also use the netstat command to determine remote established network connections and open ports.

There are dozens of other legitimate reasons why your Internet connection may also be slow.

Unknown programs wanting access

Computer security programs and firewalls help restrict access to programs on a network or Internet. If the computer prompts for access to programs you do not know, rogue programs may be installed, or it may have been hacked. If you do not know why a program needs access to the Internet, we recommend blocking access to that program. If you later discover these blocks cause problems, they can be removed.

Tip: A firewall prompting you for access may also just be someone trying to probe your network, looking for open or available ports in your network.

Security programs uninstalled

If the computers antivirus, anti-malware program, or firewall that has been uninstalled or disabled this can also be an indication of a hacked computer. A hacker may disable these programs to help hide any warnings that would appear while they are on the computer.

Computer doing things by itself

When someone is remotely connected to a computer they can remotely control any device. For example, a mouse cursor could be moved or something could be typed. If you see the computer doing something as if someone else was in control, this can be an indication of a hacked computer.

Modem users

If the computer is dialing the Internet on its own, it is an indication that a program needs to connect to the Internet. It is common for programs like e-mail clients to do this to check for new e-mail. However, if you cannot identify what program needs Internet access, this can also be an indication of a hacked computer.

Internet browser home page changed or new toolbar

Internet browser changes such as your home page changing to a different web page, a new toolbar getting added, your search provider changing, web pages getting redirected are all signs of a browser getting hijacked and not a computer hacker.