From various websites, I’ve compiled this list of some things that can be checked:
1. First of all check if any rogue programs or services are running. Open a Run window (Windows Logo key+R), type msconfig and press Enter. On the Startup Tab, uncheck any entries that are unknown to you. Repeat this for the Services Tab. If you uncheck anything restart the computer and when it restarts, put a tick in ‘Don‘t show this again‘ as you‘re effectively doing a selective start up.
2. It’s probably not relevant these days but this only takes a few seconds to check. Open a Run window (Windows Logo key+R), type cmd and press Enter. Now type system.ini and press Enter. If under [drivers] there is an entry user=user.drv, you may have been hacked, so restart the computer and check again. An entry of timer=timer.drv is safe.
3. Now check the net statistics:
3A. Open a Run window (Windows Logo key+R), type cmd and press Enter. Now type netstat -ano and press Enter. If ‘Established’ is in the State column, make a note of the PID and the Addresses alongside it, as someone may be hacking you. If the IP Address begins with 192.168, you are safe as it’s part of your home network.
3B. To check if you are being hacked, open Task Manager by hitting Ctrl+Shift+Esc. Go to the Processes Tab > View > Select Columns and put a check in the PID box so that the column is displayed.
3C. If the PID that you noted in 3A appears and it is not a name that you recognise, right-click it and End the process. You can click the word PID at the top to sequence the numbers to make it easier to find. Restart the computer and check again.
3D. If you didn’t find the PID, restart the computer and rerun the netstat –ano command. Open Google in a browser window and type the IP Address into the search box. If it’s a suspicious site, restart the computer and check again
4. Lastly, run your ‘anti’ programs to clear up any residual files, which you should be doing on a regular basis anyway.
