If you suspect that your computer has been hacked, unplug it from the
network (or disable WiFi), but do not turn it off. Call your local
computer security experts,
and do not touch the computer until they arrive.
Once a computer has been hacked, that operating system installation
is finished. Don't even think about trying to patch your way out
of it. The only way to clean a hacked system is by backing up
your files, reformatting the hard disk, reinstalling, and changing
every password that was ever typed on the computer, whether it
was a local password or a password on another computer someone
connected to fro the hacked computer.
Antivirus and other antimalware software only detects known
malware. If a hacker installs a custom program of their own
design, it will not be detected.
There are many sites listing the steps you need to take, but most
are incomplete. Below is a fairly comprehensive list.
-
Unplug the computer from the network to cut off the hacker's
access immediately.
-
Stop using the computer. Especially, do not use the computer
to log into any other computers over the network,
as you will likely be giving
away your passwords to those machines as you type them.
-
USING A DIFFERENT COMPUTER, immediately change your passwords on
every other computer that you have ever
connected to from the hacked computer.
Every password that has ever been typed on the hacked
machine must be changed, as the hacker may have been monitoring
all of your keystrokes for a long time before the intrusion
was detected. That includes local passwords on the PC as well as
passwords entered on the PC to log into remote machines.
-
If you have IT staff trained in computer security, contact them.
They may want to do a forensic analysis on the machine to
determine who hacked it and how.
-
Back up your data files. Note that they may have been corrupted
by the hacker, so check them carefully before relying on them.
-
Do not back up any programs, scripts, installation media,
or configuration files. They may be infected with malware
and restoring them to the newly installed system will allow the
hacker right back in. Antivirus and other antimalware programs
do not detect all malware. Don't think for a minute the your
computer is clean just because your virus scan didn't find
anything. This is foolish wishful thinking that will only cause
more problems for you and others around you.
-
Reformat all disks in the computer and reinstall the operating
system from trusted install media. ( Do not use install media
that was stored on the hacked computer! )
-
Do not use any of the same passwords on the new installation.
Create new passwords for every user and every application on the
computer.
-
Restore your data files from backup.
-
Reinstall all programs from trusted installation media.