Let’s discuss some concepts and methods to know if your PC is infected or hacked.
There is not much difference between the two terms infected and hacked when it comes to personal computers or PCs. Infected means there is a parasitic process/program running on your system, injected into your PC when you click on a malicious URL or downloaded or came via USB insertion. The same things can happen with hacking, however usually hacking relates to the activity of some remote entity trying to connect to your PC and do various malicious activities like transferring data from your PC or doing crypto mining sending emails, etc.
The first symptom of your PC being infected or hacked is that your existing antivirus software is disabled. This is the most visible thing in the olden days and even now, there is a possibility that your PC is made to believe it is running legitimate antivirus software by masquerading as the existing antivirus you have.
The other usual symptom is you get fake warning messages in your browser or while you are working on the PC, which is often crafted to make you contact some entity to pay money or do something else to download and install.
Any other symptoms are difficult to identify unless your awareness of operating systems and applications is high, as well as about system performance.
Let’s dive into the advanced methods of ways to detect and identify whether your PC is infected or hacked.
The best method is via a process monitoring tool.
Since most PCs are Windows-based, we will stick to the Windows operating system for now.
In Windows, a program runs as a process with a set of parameters like the file path or dynamically linked libraries associated with the program or process. The infection can happen by replacing the original program with a malicious program either in the same path or a different path, or code injection into the dynamically linked libraries the program or process is using.
Using a process monitor you can investigate or watch the inner details of processes running on your system and identify deviations and inner working.
you can identify the registry paths the process is associated with, or the dll’s the process is associated with, etc.
Watch the below video to get basic knowledge on using the process monitor tool and help yourself.
For your convenience added meanings of some terms used in this blog post
Dynamically linked libraries(DLLs)
A DLL is a library that contains code and data that can be used by more than one program at the same time. For example, in Windows operating systems, the Comdlg32 DLL performs common dialog box-related functions. Each program can use the functionality that is contained in this DLL to implement an Open dialog box.
The Registry contains information that Windows continually references during operation, such as profiles for each user, the applications installed on the computer and the types of documents that each can create, property sheet settings for folders and application icons, what hardware exists on the system, and the ports that are being used
Antivirus software is a computer program used to prevent, detect, and remove malware. Malware is software that is designed to harm your computer, such as viruses, trojans, ransomware, adware, and spyware. Antivirus software works by scanning your computer for malware and removing it if it finds it.
Crypto mining is the process of adding new blocks of data to a blockchain and verifying the transactions that are included in those blocks. Miners are rewarded for their work with cryptocurrency, typically the same cryptocurrency that they are mining.
The process of mining is computationally intensive and requires specialized hardware. Miners compete to solve complex mathematical problems, and the first miner to solve the problem is rewarded with a block of cryptocurrency. The difficulty of the mathematical problems is adjusted over time to ensure that a new block is mined every few minutes.
Image creditHACKER PHONE VIP, CC BY-SA 4.0, via Wikimedia Commons