Check running programs
The first thing to do to check if the computer has fallen victim to a cyber attack is, without a shadow of a doubt, a thorough check of the running programs: almost always, in fact, the software that hackers use to "convey" the victims' PCs appear in the list of active services, often with quite strange names or not very relevant to the programs that are usually run voluntarily.
These poisons are Windows, you can check the running processes quite simply by pressing the key combination Ctrl + Shift + Esc on the keyboard, which is used to call up the operating system activity manager, i.e. the software that allows you to obtain the list of programs running in real time, that of active processes, that of programs set for automatic start and some other related details system status.
Once the Activity managementclick onla voce More details located at the bottom, move to the board Processes and take a look at the names of the programs and processes running on the PC. Should you come across a "suspicious" name, right click on the relevant entry and choose the option Search online from the menu that is proposed to you: by doing so, a search will be carried out immediately on Bing, through which you can obtain valuable information on the nature of the process in question.
If the search reont confirms your suspicions, return to the Activity management, right-click again on the name of the "offending" process and select the entry Open file path from the menu that is proposed to you, therefore, perform a virus scan of the file using one of the methods suggested in the next chapter of this guide.
Usually, i Mac they do not fall "victim" to malicious software, since the protections built into the operating system, such as the tool Gatekeeper, are perfectly capable of eradicating threats even before they can endanger the integrity of the computer. For your information, Gatekeeper is a feature included in the latest versions of macOS, designed to strengthen the anti-malware controls built into the operating system, preventing the accidental execution of programs from non-certified developers.
To verify that Gatekeeper is active, open the System preference clicking on the d-shaped icongear annexed to Dock, access the section Security and privacy and make sure there is a check mark next to the item App Store and identified developers. If not, click on padlock located at the bottom left, enter your Mac password, press Submit and select it manually.
If, for some reason, you have voluntarily deactivated Gatekeeper, you can check the processes running on your computer using the Activity monitoring macOS, which you can quickly recall from the folder Other of Launchpad (l'icona a forma di rocket annexed to Dock). Once the aforementioned window opens, move to the tab CPU and take a look at the list of running processes: if you notice something suspicious, I suggest you search for the name of the process on Google to get information about it.
Should your suspicions be confirmed, you can immediately terminate the process by double clicking on the relevant item in the Activity Monitor window and pressing, in the window that appears, the buttons Logout e Forced exit. Afterwards, I advise you to immediately scan the system with a good antimalware, to immediately cancel the active threat, following the tips that I will give you later in this guide.
Check "suspicious" software and files
Another good practice aimed at delete a hacker from your PC is to check "suspicious" programs and files downloaded from the Internet, in order to immediately detect any active threats in them.
In this regard, my advice is to perform an online scan using a service like Virustotal: it allows you to analyze the files in question with multiple antimalware solutions at the same time (including AVG, Bitdefender, Avast, Kaspersky e AVG), without the need to register for the service, with the advantage of being able to automatically recognize files already examined by other users, thus saving precious time.
To use it, connected to the main page of the service, press the button Choose file, select the file for which to analyze (the maximum supported size is 256 MB) and wait for the calculation of the "hash code" to be completed.
If the file has already been scanned before by some other user, VirusTotal should immediately show you the scan reonts, otherwise click on the button Confirm upload and wait a few minutes for the file to be loaded and analyzed by the various antimalware present in the service.
When the scan is complete, check the item that appears at the top: if you should receive a reont similar to the wording No engine detected this file, then you can rest assured, as the file is not infected. If, on the other he, the reont should be similar to X engines detected this file, then it means that some anti-malware has identified the file as dangerous.
In this regard, however, I feel I have to make a clarification: if a file is "dangerous" only for one or two antivirus, while it is identified as "clean" by all the others, it is almost certainly a false alarm. If, however, the number of detections is higher, I advise you to take immediate action to secure your computer: click on the tab Detection to know the antivirus that have detected the file as unsafe e, if possible, install one of the antivirus solutions directly on the computer and perform a local scan as soon as possible.
Monitor network activities
Basically, both Windows and macOS integrate a solution firewall, that is, a tool capable of limiting e, if necessary, blocking the network traffic generated by a specific program. If, however, you suspect that you have fallen victim to a cyber attack and that the hacker on duty is controlling your computer through some program beyond your control, you can use two practical tools designed to "help" the firewall built into the operating system: Windows Firewall Notifier for Windows e Little Snitch for macOS.
Windows Firewall Notifier (Windows)
Windows Firewall Notifier is a free tool for Windows that allows you to get notifications when a program running on the system tries to communicate with the outside world.
To use it, connected to the specific page on Github, click on the first agolable version (eg. Beta 2.0 3), scroll down to the next page and click on the first download link (eg. WFNV20BETA3.zip) placed in the box Assets. Once obtained the zip package, extract it to a folder of your choice, start the executable file WFN.exe e, to bypass Smart Screen protection, first click on the item Further information and then Run anyway e Yes.
Once the program has started, click on the item Firewall settings located in the left sidebar, move up ON the levetta Block and prompt annessa to the menu Outbount and premium pulsating Apply resident at the top; to conclude and activate the notifications, select the item Options located in the sidebar of the program, click on the button Click here to test and bypasses the Smart Screen protection again to activate WFN notifications and possible blocking of outgoing traffic.
Little Snitch (macOS)
I invented a Mac, you can perform a similar operation using Little Snitch, a small firewall that allows you to control e, if necessary, block the network traffic of the programs installed on the Mac. Little Snitch costs 45€, but can be tried for free for 30 days (with breaks every 3 hours).
To obtain the trial version of the program, connected to this website, click on the button Download Free Trial and then on the button Download. Once obtained the dmg package, launch it and start the program Little Snitch Installer present inside, then click on the buttons Open, Continue for two consecutive times e Accept.
Then, type the Mac admin password, press the button Submit on the keyboard e, to complete the program setup, first click on the button Open Security preferences, Then Allow (in the System Preferences window) and finally on the buttons Open Security & Privacy Preferences… e Restart now, then wait for the Mac to restart.
When this happens, follow the Little Snitch wizard and activate theAlert mode, so as to be notified in the event that a program should try to communicate with the outside and to be able to block it if necessary.
Use a good antivirus
Per delete a hacker from your PC and to keep yourself safe from potentially dangerous files that you may run (or have already run in the past) on your computer, you must rely on a good antivirus solution, to be always active and constantly updated, and through which to perform a scan from time to time scheduled.
It was used Windows 10, you can get a great reont by relying on it Windows Defender, the solution already present "steard" in the operating system: by default, Windows Defender is already active and performs scheduled scans at regular intervals, so as to block potentially dangerous files in the bud and "flush out" those accidentally downloaded (or executed) on the computer.
How do you say? Do you want to make sure that Windows Defender is actually active on your computer? So first, open the menu Home by clicking on the icon in the shape of pennant located in the lower left corner of the screen, press the button in the shape ofgear attached to the left bar, move to the sections Update and security e Windows security and click on your voice Virus and threat protection attached to the next screen.
At this point, click on the itemManage settings placed just below the section Virus and threat protection settings and make sure that all the toggles located on the next screen are set to ON. If not, do it yourself.
If you have an older version of Windows, or if you feel Defender isn't right for you, you may want to look for a solution such as Bitdefender Free: if you haven't heard of it yet, this is one of the best free antivirus on the market, which combines an extremely simple user interface with a powerful search and detection engine, without forgetting the real-time protection feature that does not impact significantly on the system. For more information on Bitdefender Free, you can conont the specific study I have dedicated to this program.
Although it is one of the best, Bitdefender Free is not the only security software agolable for Microsoft's operating systems: I have told you extensively about the best antivirus for Windows 10 (e for all other versions of Windows).
For MacOS, I have already explained to you previously that, in general, it is not necessary to install an antivirus, as the protections provided by macOS are sufficient to protect the integrity of the operating system and keep it safe from hackers. However, if you need an overview of antivirus for Mac, you can conont my specific guide on this topic (an on-deme scan with Malwarebytes should, in any case, suffice).
Other useful tips
After reading this guide carefully, you underste perfectly how to eliminate a hacker from your pc and were you able to put into practice all the tips I gave you? Good job! Before I leave you, however, let me give you some more tips to keep your PC safe in the future, thus avoiding finding yourself in the same, uncomfortable situation again.
- Keep your programs and operating system up to date - often, software updates fix important security flaws which, if neglected, could facilitate "intrusions" by unwelcome guests. If you need help in this regard, I invite you to conont my guides on how to update Windows, how to update the Mac and how to update the programs installed on your PC.
- Don't download software from untrustworthy sources - make sure that the programs you get from the Internet come from safe sites e, above all, strictly avoid installing pirated software: in most cases, this category of software will turn your PC into a receptacle for viruses, malware and control programs various types. Anyway, every time you download a program outside of certified stores or sites, be sure to check its reliability through an online service like VirusTotal, which I told you about earlier.
- Avoid public Wi-Fi networks - Another precaution to take to prevent someone from sneaking into your PC is not to connect to public and unknown Wi-Fi networks, which could be easily used by cybercriminals to unduly obtain the data of those connected to them. Just think, some unsecured networks are created for this very purpose!