There are several ways in which antivirus scanners try to detect malware. Signature-based detection is the most common method.
This involves searching the contents of a computer’s programs for patterns of code that match known viruses. The anti-virus software does this by checking codes against tables that contain the characteristics of known viruses. These tables are called dictionaries of virus signatures.
Because thousands of new viruses are being created every day, the tables of virus signatures have to be updated constantly if the anti-virus software is to be effective. But even if the software is being updated daily, it usually fails to recognise new threats that are less than 24 hours old.
To overcome this limitation and find malware that has not yet been recognised, anti-virus software monitors the behaviour of programs, looking for abnormal behaviour. This technique is called heuristics. The software may also use system monitoring, network traffic detection and virtualized environments to improve their chances of finding new viruses.
Nevertheless, anti-virus software is never 100 percent successful and every day new malware infects computers throughout the world.
There are three main ways you can get infected with malware.
These are: (a) running unpatched software, ie software that you have failed to update; (b) falling for a desirable freebee and downloading a Trojan horse along with the freebee; and (c) responding to fake phishing emails.
If you can manage to avoid these three failings, you won’t have to rely so much on your anti-virus software.
Expecting that some day someone will release anti-virus software that can detect all viruses and other malware with complete accuracy is a vain hope. The best you can do is to keep your security up to date, avoid the three main ways you can get infected, and learn to recognise the signs that suggest your computer has been hacked so that you can take appropriate action.
Here are some sure signs you’ve been hacked and what you can do about it.
 Fake antivirus messages
A fake virus warning message popping up on screen is a pretty sure sign that your computer has been hacked-provided you know it’s fake. (To be able to recognise a fake warning, you need to know what a genuine virus warning from your anti-virus software looks like.) The warning will reassure you by saying that it is can scan your system to detect the malware.
Clicking no or cancel to stop the scan won’t help, because you computer has already been compromised. The purpose of the fake virus warning (which will always find lots of viruses that need to be eliminated) is to lure you into buying their virus removal service or other product.
Once you click on the link provided for that purpose, you will likely land on a very professional-looking website. There you’ll be invited to buy and download the product by filling in your credit card details.
Bingo! As well as having complete control of your system, the hacker now has your personal financial information.
What to do: as soon as you see the fake virus warning message, turn off your computer. Reboot it in safe mode (no networking) and try to uninstall the newly installed software (which can often be uninstalled just like a regular program).
Then, whether you succeed in uninstalling the rogue program or not, restore your system to the state it was in before you got hacked. In the old days, this meant formatting the computer and reinstalling the operating system as well as all programs and data. Nowadays, you can normally revert to a previous state with just a few clicks.
Once you have turned back the clock, so as to speak, restart your computer in the normal way and make sure that the fake virus warning has gone. Then do a complete anti-virus scan to eliminate any traces of the malware.
 Unwanted browser toolbars
Finding your browser has a new toolbar is probably the second most common sign of being hacked. Unless you recognize the toolbar, and know that you knowingly downloaded it, you should dump it.
Very often these toolbars come bundled with other software you download. Before you begin a download, you should always read the licensing agreement which may contain a clause allowing other software to be downloaded with the software you want. Hackers know that people seldom read these agreements yet having these kinds of clauses makes the downloading quite legitimate.
What to do: Most browsers allow you to remove toolbars. Check all your toolbars and if you have any doubts about a toolbar, remove it. If you can’t find the bogus toolbar in the toolbar list, check to see if your browser has an option to reset it back to its default settings.
If this doesn’t work, restore your system to the state it was in before you noticed the new toolbar as described in the previous section.
You can usually avoid malicious toolbars by making sure that all your software is fully up-to-date and by being ultra-cautious when you are offered free software for downloading.
 Passwords changed inexplicably
If you discover that a password you use online has been changed without your knowledge then it is highly likely you have been hacked. If not, your internet service provider (ISP) has been compromised.
If you have been hacked, it is probably because you replied with your log-in details to a phishing email that seemed to come from the service for which the password has been changed. If so, the hacker used the information you gave him to log-in and change the password. Now he can avail of the service you were getting or, if it was your internet banking details you sent, steal your money.
What to do: report the change in your password to the online service provider who should be able to get your account back under control within a few minutes. If the log-in information you sent is used on other websites, you should immediately change those passwords also.
Above all, you need to amend your behaviour for the future. Reputable websites will never ask for you log-in details by email. If they do appear to do so, do not click on the link in the email. Instead go directly to the website and log on using your usual method. You should also report the phishing email to the service by telephone or email.
 Unexpectedly finding newly installed software
If you find new software in your computer that you don’t remember installing, you can be fairly sure that your system has been hacked.
Most malware programs nowadays are trojans and worms which install themselves like legitimate programs, usually as part of a bundle with other programs that you download and install. To avoid this you need to read the licence agreement of the software that you do want to install closely to see if it comes with ‘additional’ software.
Sometimes you can opt out of these ‘free’ extras. If you can’t, your only option, if you want to be sure you are not going to be hacked, is not to download the software you do want to install.
What to do: the first thing you should do (in Windows) is to go to Add or Remove Programs in the Control Panel. However, the software program may not show up there in the list. In so, there are plenty of programs available on the Internet (usually for free) which will show all the programs installed on your computer and enable you to disable them selectively.
This approach has two problems. Firstly, these free programs cannot guarantee to find every installed program. Secondly, unless you are an expert, you will find it hard to determine what are and what are not legitimate programs.
You could, of course, just disable a program you don’t recognise and restart your computer. If some functionality you need is no longer working, you can re-enable the program.
However, your best bet in my view is to stop taking risks (and wasting time) by calling an expert technician at an online computer maintenance company who can scrutinise your system for illegitimate programs and delete them as necessary.
 Cursor moving around and starting programs
Cursors can move around randomly at times without doing anything in particular. This is usually due to problems with hardware.
But if your cursor begins moving itself and makes the correct choices to run particular programs, you can bet your last dollar that you’ve been hacked and that your mouse is being controlled by humans.
The hackers who can take control of your computer in this way can start working in your system at any time. However they will usually wait until it has been idle for a long time (eg, during the early hours of the morning) before they start using it, which is why it is important that you turn off your computer at night and disconnect it physically from the internet.
Hackers will use their ability to open and close programs remotely to break into your bank accounts and transfer money, buy and sell your stocks and shares, and do all sorts of other nefarious deeds in order to deprive you of your treasure.
What to do: If your computer suddenly swings into action some night, you should turn it off as soon as possible. However, before you do so, try to find out what the hacker is interested in and what they are trying to do. If you have a digital camera handy or a smartphone, take a few pictures of the screen to document what the hacker is doing.
After you have closed it down, disconnect your computer from the internet and call for professional help. To solve this problem you will need expert help from an online computer maintenance firm.
But before you call for help, use another computer that is known to be good, to change all your log-in details for your online accounts. Check your bank accounts, stockbroker accounts and so on. If you discover that you have lost money or other valuables, call the police and make a complaint.
You have to take this kind of attack seriously and the only option you should choose for recovery if a complete clean-out and re-installation of your operating system and applications.
But before you do so, if you have suffered financial losses, give a forensic team access to your computer so they can check exactly what took place. You may need a report from them to recover your monetary losses from your insurer, banker, broker or online merchant.
 Anti-virus program, Task Manager or Registry Editor disabled and won’t restart
Stuff can happen, so one of these three applications could go wrong on its own. Two of them might go wrong at the same time in a million-to-one coincidence. But when all three go wrong together…
In fact, a lot of malware does try to protect itself by degrading these three applications so either they won’t start or they start in a reduced state.
What to do: you cannot know what really happened, so you should perform a complete restoration of your computer system.
The above are just six fairly common signs that you have been hacked. There are plenty more.
These include: money missing from your bank account; your internet searches being redirected to places to which you do not want to go; being plagued by pop-up ads when you visit websites that normally don’t generate them; and so on.
Once you’ve been hacked you can never really know for sure what’s going on inside your system. A compromised system can never be fully trusted.
If, like me, you are risk-adverse, the best thing to do when you’ve been hacked is to perform a complete restoration of your system to a known good state. The simplest and most reliable way to do this is to call on the services of an online computer maintenance company.