Check For Hacker Access

TL;DR

This guide helps you quickly check if your computer or network has been compromised by a hacker. We’ll cover looking for unusual processes, suspicious accounts, and signs of data changes.

1. Scan For Malware

1. Run a Full System Scan: Use your existing antivirus software (Windows Defender is good if you don’t have anything else). Make sure it’s up to date *before* scanning.
   • For Windows Defender, open ‘Security Centre’, then ‘Virus & threat protection’. Click ‘Scan options’ and choose ‘Full scan’.
2. Consider a Second Opinion: Download a free on-demand scanner like Malwarebytes (free version is sufficient for this check). This can catch things your main antivirus might miss.
   • Download from Malwarebytes and follow the installation instructions.

2. Check Running Processes

Hackers often run programs in the background. We’ll look for anything unusual.

1. Open Task Manager: Press Ctrl+Shift+Esc.
   • On Windows, go to the ‘Processes’ tab.
   • On macOS, open Activity Monitor (Applications > Utilities).
2. Look for Suspicious Names: Pay attention to processes with random characters or names that don’t make sense.
   • Sort by ‘Name’ to group similar processes.
   • Google any process you don’t recognise!
3. Check Resource Usage: Is a process using an unusually high amount of CPU or memory?
   • High usage could indicate malicious activity.
4. Command Line Check (Advanced): Open Command Prompt as administrator and use this command to list processes:

   tasklist /v

   This shows detailed information about each process, including its path.

3. Review User Accounts

Hackers often create new accounts to maintain access.

1. Windows: Open ‘Settings’ > ‘Accounts’ > ‘Family & other users’. Look for any accounts you didn’t create.
   • If you find an unknown account, delete it immediately.
2. macOS: Go to ‘System Settings’ > ‘Users & Groups’. Check the list of users and look for unfamiliar names.
   • Select the user and click the minus (-) button to remove them.

4. Examine Network Connections

Hackers need network connections to control your computer or steal data.

1. Windows: Open Command Prompt and use this command:

   netstat -ano

   This shows all active network connections. Look for connections to unfamiliar IP addresses.

   • The ‘Foreign Address’ column is the remote server your computer is connected to.
   • Google any suspicious IP addresses.
2. macOS: Open Terminal and use this command:

   netstat -an | grep ESTABLISHED

   This shows established network connections.

5. Check For Modified Files

Hackers might change important system files.

1. Windows: Use System File Checker (SFC).

   sfc /scannow

   This scans and repairs corrupted system files.

2. macOS: This is harder on macOS without specific tools. Look for recently modified files in important directories like /System/Library or /Applications (using Finder’s ‘Date Modified’ sort).

6. Review Firewall Logs

Your firewall records network traffic. Check it for unusual activity.

1. Windows Defender Firewall: Open ‘Security Centre’, then ‘Firewall & network protection’. Click ‘Advanced settings’ and review the logs.
   • Look for blocked connections from unfamiliar sources.

Important Notes

• Backups: If you suspect a serious compromise, restore your computer to a recent backup (if available).
• Change Passwords: Change passwords for all important accounts.
• Report the Incident: Consider reporting the incident to your local cyber security authority.