How to tell if your PC is hacked?!

Learn how to check if your computer has been compromised by hacking incidents or unusual behavior. Avoid the need to buy a new PC and instead use a laptop or desktop for this process.

Identifying Running Processes with Task Manager Using Task Manager to identify running processes and services on the computer, as well as checking for malicious processes using commands like netstat and tasklist.

Advanced Tools for Analyzing Processes Utilizing Microsoft CIS internal Suites to use advanced tools for analyzing different processes, especially in cases of downloading or opening malicious software. Also examining indicators of attacks after hacking into a demonstration computer.

The hacker demonstrates using a remote control tool called Quasar to gain access and control over a computer. By setting the port to listen on as 4782, they establish connectivity and gain remote control of the PC, allowing them to view IP address, tag, version details.

The Task Manager shows the status of connected devices and helps identify suspicious services or processes. Ransomware can lock up a computer, demanding payment to regain access. Checking the Task Manager's startup processes reveals potentially harmful programs without publisher names.

The first indicator of potential malicious software is the command prompt. By using 'netstat -do' and finding 'established' connections, we can check for any unauthorized access to web servers. We then identify the process running by entering its ID (5052) and obtaining its executable path.

When analyzing a computer, focus on unusual processes and process names. Look for unfamiliar IP addresses and uncommon port numbers that the computer is connected to.

In this part of the tutorial, we explore using Microsoft CIS Internal Suite to download and utilize advanced tools for identifying potentially malicious software. The suite provides a range of powerful security tools that function like an enhanced task manager.

Use autorun 64.exe to view the different services that start along with your PC. Look for unverified publishers and investigate suspicious processes like Cora client using Process Explorer. Check properties, including TCP/IP details, to identify any unusual activity.

Using TCP view to establish a connection with the Windows hacker, targeting process ID 5052 client.exe. The hacker remotely runs commands such as 'who am I' and 'remote shell,' establishing an interaction with the computer's IP address 182.168.0.185.

Process monitoring allows us to check if a process is behaving suspiciously. By diving deep into the details of specific processes, such as client.exe, we can identify any unusual activities or interactions with the computer. This includes observing exchange of information and threats being created.