Being Hacked Maybe?

Discussion in 'Windows 7 Help and Support' started by wilhelm1, Sep 6, 2014.

  1. wilhelm1

    wilhelm1 Well-Known Member

    Aug 17, 2014
    Likes Received:
    Running Windows 7 on Laptop at McD's., which I have done many times when I am out of state. Keep getting "Windows Activation your conmputer might be running a counterfeit copy of Windows 7" also down in the right hand corner of my screen it says "Win7 Build 7600, This copy of wibndows is not genuine".

    When I go to download the activation, I see that the "Publisher is Unknown". anyone else get something "hokey" like this?
  2. BurrWalnut

    BurrWalnut Honorable Member

    Nov 14, 2008
    Likes Received:
    From various websites, I’ve compiled this list of some things that can be checked:

    1. First of all check if any rogue programs or services are running. Open a Run window (Windows Logo key+R), type msconfig and press Enter. On the Startup Tab, uncheck any entries that are unknown to you. Repeat this for the Services Tab. If you uncheck anything restart the computer and when it restarts, put a tick in ‘Don‘t show this again‘ as you‘re effectively doing a selective start up.

    2. It’s probably not relevant these days but this only takes a few seconds to check. Open a Run window (Windows Logo key+R), type cmd and press Enter. Now type system.ini and press Enter. If under [drivers] there is an entry user=user.drv, you may have been hacked, so restart the computer and check again. An entry of timer=timer.drv is safe.

    3. Now check the net statistics:
    3A. Open a Run window (Windows Logo key+R), type cmd and press Enter. Now type netstat -ano and press Enter. If ‘Established’ is in the State column, make a note of the PID and the Addresses alongside it, as someone may be hacking you. If the IP Address begins with 192.168, you are safe as it’s part of your home network.
    3B. To check if you are being hacked, open Task Manager by hitting Ctrl+Shift+Esc. Go to the Processes Tab > View > Select Columns and put a check in the PID box so that the column is displayed.
    3C. If the PID that you noted in 3A appears and it is not a name that you recognise, right-click it and End the process. You can click the word PID at the top to sequence the numbers to make it easier to find. Restart the computer and check again.
    3D. If you didn’t find the PID, restart the computer and rerun the netstat –ano command. Open Google in a browser window and type the IP Address into the search box. If it’s a suspicious site, restart the computer and check again

    4. Lastly, run your ‘anti’ programs to clear up any residual files, which you should be doing on a regular basis anyway.
    kemical likes this.

Share This Page