Step 0: Is Your Computer Really Hacked?
This article describes what to do if your computer is hacked – infiltrated by a virus or overcome by scam software. But it might not be your computer that was hacked.
- If people are getting weird emails from you, then your email is hacked. Here’s what to do if your email account is hijacked.
- If you can’t get into a certain account (email, Facebook, Twitter) then either there’s something wrong with your password, or possibly that account has been hacked – see above.
- If your computer is misbehaving, it may simply be having a temper tantrum. (They do. Trust me.) That’s not a hack attempt, it’s a tech support problem. Here are some suggestions.
Let’s assume it really is your computer that’s been hacked. Now what?
Step 1: How Badly Were You Hacked?
Define “hacked.” Your computer could have been infiltrated by a virus, a worm, a Trojan horse, a keylogger, a rootkit, scareware, malware, adware… These are all different types of attacks with different purposes, meaning there are greater and lesser degrees of infection.
When I see a computer that has a couple of pieces of adware on it, I don’t worry. I clean it up, make sure there’s decent antivirus installed and all the software is current, and call it a good day.
When I see a computer infected by a program that is monitoring every single keystroke, I back up the data, reformat the computer, and start from scratch. I don’t like keyloggers. I don’t like viruses that stealth around in the background. I don’t like unwanted programs that call home with MY data.
Step 2: Damage Control
Run scans, starting with your usual antivirus program. Windows users also want to run free Malwarebytes which can catch anything your antivirus misses. Mac users, give the free Sophos Mac Antivirus a try.
What you do in Step 4 will depend on what your scans find. In the meantime…
Step 3: Find Your Backups
I didn’t say make a backup. It’s too late for that; the backup will be infected. Don’t bother unless you have live data on the infected computer that you absolutely can’t afford to lose. (And if you’re in this unfortunate position, you’ll never fail to have a current backup again.)
Step 4: Removal
By now your scans from Step 2 are done and you have an idea what’s happening. From a UNinfected device, do a Web search on some of the viruses that have been identified. This will tell you where they rank on a scale from minor inconvenience to major calamity.
There is no way to confirm if a computer is free of viruses. I don’t care what any virus removal tool says. You can be 99% confident, but not 100%. When in doubt, reformat. It’s a pain but better than having a computer that keeps reinfecting itself. Remember, a virus can regenerate if even the tiniest portion of itself is left behind.
You can do a Web search if you need a removal tool for a particular virus – but remember, viruses often hide behind malicious links to fake removal tools for those same viruses. Sneaky, huh?
Step 5: Keep Watch
By now you should be relatively confident that your computer isn’t hacked anymore – but you have to keep watch to make sure.
Sometimes computers have problems after being infected, even if the viruses have been removed. Viruses can cause legitimate programs on your computer to crash – after all, it’s not like the virus-writers care if their software is compatible. Viruses often corrupt your system software, another reason why reformatting is often the best option.
If you didn’t reformat but your computer won’t behave, you may have to go through with the refomat after all. It’s the only way to get a clean copy of your operating system.
This same process applies to any hacked device, from servers to iPads: assess the threat, then either choose cleanup or start from scratch.
Ever had your computer hacked? What’s the one thing you wish you had known? Share in the comments!