Thursday, 15 December 2011

Check If Your Computer Is hacked

Many computer users go about each day not realizing their computer was compromised by a hacker. Maybe your computer has a certain file running on it that allows hackers to access your personal information at will. Either way there are steps you can take to do some spying on your own system to make sure your computer was not hacked.

NOTE: - Before doing these steps, close all downloads and web pages and running task like ms- word, Photoshop, games ets. But stay connected to internet.

1. After closing all running task, come to desktop and Refresh screen and observe that how many times icon refreshes(blinks)..If they refreshes two or more times there is chance that you are infected with Keylogger, Trojan or virus.


2. The first method is very simple for all the people using an ADSL router. After all the internet downloads and process are closed, just check the status of Ethernet light. It should not blink at a very fast rate. It shows that packets are being transferred in and out of your computer.
But as there is no active download or internet activity so no packets should transfer. If so… you might be hacked

3. Go to run and type cmd. The command prompt will open. In the command prompt type

netstat -a



This shows the list of active internet connections, check if any unnecessary internet connection is ESTABLISHED. If so, you might be hacked

4. You notice any abnormal activity in your computer, like your computer hangs for a couple of seconds every time you switch it on or in between your tasks (if it occurs often), there is a chance that you are hacked. Often keyloggers and trojans are configured to deliver all the log information to the destination ip address/ ftp address after reqular interval of time. And when this information is being sent, the browser hangs for some time.

5. Use software’s like TCP view, it gives the list of all the connections made through TCP. This software is capable of detecting almost all the trojan/malicious connections.

6. Keep the antivirus updated and install an external firewall like comodo. If your antivirus is not updated regularly, it is as good as nothing. If you don’t update your antivirus regularly and often exchange data from other computers and download a lot of files. There is a great possibility that you are hacked.

How the other tools can assist you in diagnostics:
TCPView: Look for any suspicious running processes, if there are suspicious processes, you can right click on them and click Process Properties, if you find a suspicious process, you can also click End Process to attempt to close the program


Process Explorer: This program will list all running processes and can help determine which process is the parent processes and which processes are spawned by the parent.


PSTools: This program contains console command line tools that can list running processes and alternately be used to kill those processes


Filealyzer: This program can be used to view advanced information about a file (explains what a program does or is). Filealyzer adds a windows explorer shell extension that allows you to analyze a file by right clicking on the file and selecting Analyze File With Filealyzer.


DameWare NT: This program is typically used to remotely administer another computers system registry. Effective for removing Root Kits.


Beware!! Stay updated, stay Protected.

No comments:

Post a Comment

Blogger Widgets Twitter Bird Gadget