How to Check if your PC is Hacked

Eric Parker

14 Sept 202419:44

Summary

TLDRIn this video, Eric explains how to identify if your computer has been compromised by malware, focusing on remote access Trojans (RATs) and info stealers. He highlights red flags such as losing administrator functions, disabled security settings, and suspicious file exclusions in Windows Defender. Eric introduces useful tools like Sysinternals for detecting malware activity and demonstrates running and analyzing malware samples. Lastly, he emphasizes the importance of reinstalling Windows if infected and offers guidance on securing accounts and financial information after a breach.

Takeaways

🔒 Remote Access Trojans (RATs) and Info Stealers are two major types of malware, with Info Stealers being more dangerous when they self-delete after stealing data.
⚠️ A big red flag for malware is losing administrative control on your computer, such as being unable to access system settings you should have access to.
🛡️ Always check Windows Defender's settings. If exclusions are added to your antivirus or if Windows Defender features are turned off without your consent, it’s a sign of malware.
👀 Sysinternals is a useful tool to detect malware by analyzing startup programs, processes, and services running on your computer.
🚩 Watch for unusual processes like services running outside their typical trees, fake service hosts, or persistent malware that re-launches itself on startup.
🔎 Malware can often add exclusions in antivirus settings or disguise itself under unverified publishers. A quick way to identify malware is through process analysis tools.
💻 Malware might block access to anti-malware websites like VirusTotal by modifying your system's host file, which is another indication of infection.
🚫 Antivirus tools, while helpful in detection, are not always effective for cleaning up malware. The most secure option in case of an infection is a complete reinstallation of Windows.
🔑 If your system is infected, immediately disconnect from the internet to prevent further damage and unauthorized access by the attacker.
💳 After cleaning your system, change all passwords, especially email and financial accounts. Also, contact your bank to cancel any compromised credit cards.

Q & A

What is the focus of the video?
-The video focuses on different types of malware, particularly remote access Trojans (RATs) and info stealers, and how to detect if your computer has been hacked.
What are info stealers, and how do they differ from RATs?
-Info stealers are lightweight versions of RATs that only steal data without offering the attacker continuous control over the system. RATs, in contrast, allow the hacker to maintain control over the victim's computer.
What is a major red flag that your computer may be compromised?
-A major red flag is being unable to access administrator functions on your home computer, particularly when you receive warnings that such features have been disabled by a system administrator, which should only happen in a managed IT environment like work or school.
What are some signs to check in Windows Security to detect malware?
-Some signs include disabled security features like 'Tamper Protection' and suspicious exclusions in Windows Defender, such as the entire C drive or asterisk .exe files being excluded.
What tool does the video recommend for checking startup programs?
-The video recommends using a free and open-source tool called Sysinternals, specifically the 'Autoruns' utility, to check what programs run when the computer starts up.
What is a common method malware uses to avoid detection in Windows Defender?
-Malware often uses PowerShell scripts to add exclusions in Windows Defender, either by excluding the entire C drive, specific folders, or executable files, which disables Defender's ability to scan those areas.
How can malware disguise itself within the system?
-Malware can disguise itself by running as a legitimate service (e.g., servicehost.exe) or creating fake services, often attempting to run under system services like 'wininet' or scheduled tasks.
What should be your first step after detecting malware on your system?
-The first step should be to disconnect from the internet to prevent the hacker from accessing your system in real-time. Then, begin scanning and cleaning your system using antivirus software like Bitdefender.
Why does the video recommend a complete Windows reinstall if your computer has been compromised?
-A complete Windows reinstall is recommended because antivirus software may not be able to fully clean the system, and sophisticated malware may continue to run unnoticed even after scanning. Reinstalling Windows ensures the malware is completely removed.
What actions should you take if your data or accounts were compromised by an info stealer?
-You should immediately change all your passwords, particularly for email and financial accounts, sign out of all active sessions, and if necessary, cancel credit or debit cards. If cryptocurrency wallets were compromised, move the funds to a secure location.