DDoS Attack: IP Address on Hacked Computer

TL;DR

Your IP address is showing up as involved in a Distributed Denial of Service (DDoS) attack because your computer has been hacked. This guide explains how to clean your system, report the incident, and mitigate further damage.

Steps to Take Immediately

1. Disconnect from the Internet: The very first thing you should do is disconnect your computer from the internet (unplug Ethernet cable or turn off Wi-Fi). This stops it participating in the attack.
2. Run a Full System Scan: Use reputable anti-malware software to perform a full scan of your system. Some good options include:
   • Windows Defender (built-in)
   • Malwarebytes
   • Bitdefender

   Make sure the definitions are up-to-date before running the scan.

3. Change Your Passwords: Change passwords for all important accounts, including email, banking, social media, and any other online services. Use strong, unique passwords for each account.

Identifying & Removing Malware

1. Check Running Processes: Open Task Manager (Ctrl+Shift+Esc on Windows) and look for suspicious processes consuming a lot of CPU or network resources. Research any unfamiliar processes online before ending them.
2. Scan with Multiple Tools: Sometimes, one anti-malware tool isn’t enough. Run scans with several different programs to ensure you catch everything.
3. Boot into Safe Mode: Restart your computer in Safe Mode (usually by pressing F8 or Shift+F8 during startup). This loads a minimal set of drivers and can help remove malware that runs at boot time.
   • Windows 10/11: Hold the Shift key while clicking ‘Restart’ from the Start menu. Then navigate to Troubleshoot > Advanced options > Startup Settings, then click Restart. Press the number corresponding to ‘Enable Safe Mode with Networking’.
4. Check Startup Programs: Use Task Manager (Startup tab) or System Configuration (msconfig in the Run dialog box) to disable any suspicious programs that start automatically with Windows.

   msconfig

Reporting the Incident

1. Contact Your Internet Service Provider (ISP): Inform your ISP about the situation. They may be able to help you identify the source of the attack and take steps to protect your connection.
2. Report to Action Fraud: In the UK, report cyber security incidents to Action Fraud at https://www.actionfraud.police.uk.
3. Consider Reporting to CERT/NCSC: For more serious attacks or if you’re unsure what to do, contact the National Cyber Security Centre (NCSC) at https://www.ncsc.gov.uk.

Mitigating Further Damage

1. Update Your Firewall: Ensure your firewall is enabled and configured correctly to block unauthorized access. Windows Firewall is a good starting point.
2. Keep Software Updated: Regularly update your operating system, web browser, and other software to patch security vulnerabilities.
3. Consider a Router Reset: As a last resort (after backing up any important configuration), resetting your router to factory settings can remove malicious configurations.

   Warning: This will erase your Wi-Fi password and other custom settings.

Checking Your IP Address

After cleaning your system, check if your IP address is still flagged as being involved in malicious activity using websites like:

• AbuseIPDB
• WhatIsMyIPAddress.com (check blacklist status)