Signs that your computer have been infected

Your computer might seems perfectly fine. But you suddenly see suspicious logins into your email and bank accounts! Today I will show you the top ways to know if your computer have been infected and compromised

Sign #1: Computer slowing down and getting hotter.

This is one of the main signs of a virus on your computer. A virus might consume bandwidth, disk space, CPU, which will heat your computer up and slow it down. An example is Silent Miners, which mines Bitcoin or other cryptocurrencies for the botmaster. This will consumes your GPU and reduces your performance vastly. However, a virus might not always be the case. Sometimes it’s dust gathering in your case, your fans/motherboard getting old, or other hardware/software malfunction.

Sign #2: Random Internet activities

Your Internet might slow down, but does that mean you are compromised? To be sure, download Wireshark from their site at wireshark.org. Open up wireshark and start analyzing. Open up your filter and search for FTP and SMTP, which are the main protocol for keyloggers. Another request to search for is POST/GET requests, but this will shows many connections since this protocol is utilized in web surfing. Check all of the domains and Google them to make sure they are safe. POST/GET are used in botnets or PHP RATs. UDP and TCP packages are common, but find those that are connected to non-local IPs (without 192.168) and Google/Whois the IP. If those IPs does not belong to a highly trusted company like Google or Sony, you most likely are infected.

Sign #3: Processes that you don’t know

When you open the task manager (Ctrl+Shift+Esc for Windows), you will see a bunch of processes there. Close all of the application you are using, and check the tasks. Google them, and find out if they are malware or not. However, a malware could name itself to be “winlogon.exe” or anything it wishes to be, so you will need to Google where the process should be located. Right click the process and click “Open File Location”. If the file is in the proper place, then you are probably alright (Unless the malware drops and inject DLLs and inject itself into the processes). If it is not in the right place, download an antivirus and perform a full system scan. However, some malware are able to stop antivirus from running, or are “crypted” to be FUD and bypasses all AV scan, and in this case the detection through processes will not work.

Sign #4: Weird login into your online accounts

Many malwares are designed to steal passwords, so you might get alerts that your accounts are getting logged in from a new device. If you are getting this from just 1 account, you are probably not infected but have that account cracked. However, if you get this from 2 or more account then you should reset all of your accounts from another device and stop using the infected device until you are sure that the virus is removed. This might not be reliable however, since many malware now allow the herder/hacker to use your computer as a reverse proxy, or control our computer through an RDP connection.

Sign #5: Antiviruses getting disabled/not running

If you have an antivirus installed but it is suddenly not able to start or run, then you most likely have a virus. Save your files and shut down, since you don’t want to let the malware do any more damage than it already did. Then, remove internet access through hardware switch/removing LAN cable(Malwares can detect switch from inside the OS) and move Portable Antiviruses to the computer through an USB. Run the files and if they fail to start, move them to your Desktop and rename them explorer.exe, or change the file extension to .com. If these fail, remove the hard drive and scan it from an external computer.

Sign #6: Random ads popping up, changed homepage and opening unwanted sites

If this is the case, then you are probably infected with an Adware. An Adware monetize you by opening ads on your computers. At the end of the post we have added a link to a Portable Swiss Army Toolkit which includes many portable malware remover, WireShark network analyzer and installer to a few antiviruses.

These are the 6 most basic signs to see an infection. However, without being cautious from the beginning, these signs will not reveal anything since many malwares are able to hide from antiviruses, sleep and freeze when they sense wireshark, and generally are persistence and hiding their process. As the saying goes, “Prevention is better than cure”.

 

Download link for the AV pack: https://drive.google.com/file/d/0B_ew6piqVmr9a1VsYVdYU2tWbUE/view?usp=sharing