Can detect Norton malware

Is my pc hacked? How to recognize attacks

Arne Arnold

The computer was just running optimally, but now the programs stall, the hard drive LED flashes wildly or the browser shows unwanted websites. Our tips will help you clarify whether your PC is hacked or just having a hiccup.

EnlargeHow to identify hacker attacks and virus infections
© Photo: © James Thew - AdobeStock

If all of a sudden a ransom note pops up on your PC screen, then it's pretty clear: your PC has been hacked. However, attacks on the computer are not always so drastic and clear. For the less clear cases you need a finer instinct and the right know-how. This is similar to that of a doctor: They can often clearly identify an illness using a blood test. Or he examines the individual symptoms that the patient shows and thus recognizes the disease. For your PC, the blood test is a scan with an antivirus program. If the tool detects a pest, the matter is clear. The virus scan is therefore always a good idea and the first step in the event of a suspicious system. However, the antivirus program does not always find malicious code - and Windows still behaves strangely. Then you need to take a closer look at the symptoms. We describe the five most common symptoms after a hacker attack here.

1. Programs and system are slow to respond

Symptom: The use of the system is suddenly slow. Programs respond slowly. The CPU utilization (see below in the "Examination" section) is 100 percent.

Harmless causes: There are several innocuous causes of 100 percent CPU usage. Most of the time, a legitimate program is doing a computationally intensive task. This can be the compression of a video or a complex image management task. On older PCs, even playing HD videos leads to a high CPU load. A second harmless possibility is a Windows 10 bug, which is, however, a few years old. The Windows 10 Task Manager showed a utilization of 100 percent, even though the CPU wasn't working that much. A third, albeit not so harmless, cause are bugs in programs or in a Windows tool that actually uses the maximum CPU power for itself.

Dangerous causes: Red alert occurs when the high CPU load is caused by an extortion trojan. This encrypts all user files on the PC and then displays a blackmail message. With a large amount of data, the encryption process can take several hours.

Less dramatic, but nonetheless undesirable, are crypto jackers, also known as mining malware. These are pests that misuse your PC to calculate a digital currency, usually Moneros. A technical analysis of such malware can be found here.

EnlargeThe installed antivirus program may have missed a malware threat. If a virus is suspected, a scan with a second scanner is therefore a good solution. The Eset Online Scanner, for example, is recommended.

Examination: The first glance at a sluggish Windows falls in the task manager ("Windows symbol -› Windows system - ›Task manager"). If there is 100 percent in the "CPU" column, click this point to sort the individual processes according to their CPU load. This allows you to quickly identify the process, i.e. the program that sucks the power away from the PC. If the display is ambiguous, use the alternative task manager Process Explorer.

If you need further support in your search for a process, you will find a detailed guide here, which in point 2 also deals with unknown processes.

And of course a virus check with a second virus scanner is always a good idea. However, there are fewer and fewer anti-virus tools that can be used in parallel with an installed anti-virus program. The Eset Online Scanner or the Norton Power Eraser are recommended.

EnlargeThere are only a few antivirus tools that can be used in addition to the installed antivirus program. The Norton Power Eraser is one of them. It also finds and eliminates stubborn pests.

Solution: If you have found a process that is causing the CPU load, google the name of the process and add “100 percent CPU”. There is a high probability that you will find a solution on the Internet. If the task causes trouble because of a bug, a program update usually helps, or there is a workaround for this problem. A typical candidate for this was the Windows task runtimebroker.exe from 2016 to 2018.

But if a virus is behind the high workload, clean it up with an antivirus program.

Danger: When searching the Internet for a process name, you will usually come across cleaning instructions that recommend the use of shareware. Be especially careful here.

In most cases, these cleaning tools do not need to be used, as free antivirus software does the same. The advertised shareware, on the other hand, either charges a high price or displays tons of advertising.

Browser: If a look in the task manager has identified the internet browser as the culprit for the CPU load, then a crypto jacker has probably spread. This uses your PC to calculate digital money. The solution here is simple: the mining code usually stops working as soon as you leave the website and close the associated browser tab. However, if the hostile code is in a browser extension, you have to uninstall it. Further information can be found under point 4.

Relevant:The 10 worst virus traps at a glance

2. The hard drive LED is blinking like crazy

Symptom: The LED on your hard drive lights up unusually frequently. If it is a slightly older HDD, the drive noise of the magnetic disks and the read / write heads can also be heard.

Harmless causes: There are quite a few legitimate tools that cause hard disk usage. This includes, for example, the Windows index service, which you can configure under “Windows Logo -› Settings - ›Search -› Search Windows ”. Or the antivirus program is currently performing a full scan and is therefore making the hard drive sweat thoroughly.

Dangerous causes: One of the most dangerous causes is again the blackmail virus, which encrypts all of your data and then demands a ransom. In addition, in rare cases a spy code could be active on your computer and the attacker is currently in the process of searching through all of your files.

Examination: The best way to determine which program is causing the current load on the hard disk is with the Windows resource monitor. You start it with the key combination Windows-R and enter resmon in the Run line. Then switch to the “Disk” tab and click “Overall” to sort the active processes according to their read / write activity. An encryption Trojan is easily noticeable because its reading activity is about the same as its writing activity. The index service or the virus scanner, on the other hand, shows a high reading share with very little writing activity.

Solution: Once you have identified a process as the culprit for the hard drive activity, you can find out more about it on the Internet. By the way, you can also end the identified process directly in the resource monitor. As in the Task Manager, a click with the right mouse button on the process is sufficient, followed by the selection "End process".

If the suspicious program appears to be a virus, you can also upload the file to There it is then checked by over 50 virus scanners.