Sure You Haven't Been Hacked? 3 Steps To Secure Your PC

Are you a Windows user but not sure if your machine is safe?

Perhaps you work on sensitive documents from home and want to beef up your security and protect yourself from hackers and their wily ways?

Well, good news! We asked our resident penetration tester and cyber security expert, Aleksa Tamburkovski to chat to us all about securing our Windows devices.

That’s right. His literal job is to try and hack into systems and then advise governments and companies how to fix their issues, so who better to teach you this?

Important!

Most people think this will never happen to them but the truth is you might already have been hacked, regardless of your technical level.

Yep, even NASA isn’t safe!

Are Windows machines less secure?

No, not really more than anything else.

It’s simply due to the fact that because Windows is the preferred operating system of almost 30% of all users online, it makes it a prime target for hackers to focus their efforts on and write malware for.

This means more malicious programs and hacks, but it also means a lot more companies are actively trying to remove them.

It’s people that are the issue.

With 30% of all online users running Windows, and let’s be honest, most of them probably not following the best security practices, and it’s no wonder that over 422 Million people in the US alone were affected by data breaches last year.

Like I say. You may have been hacked right now and not even know about it, so in this guide I'm going to walk you through 3 simple steps to assess, clean, and secure your machine.

Let’s dive in…

Step #1️. Noticing any weird actions on your Windows device

Before we get into any further security, let's walk through some basic visual and experience indicators that could signal that you may have already been hacked and infected with malicious software.

There are few things to keep an eye on but annoyingly, they can often resemble day to day problems so you may not have noticed them.

Device acting slower than usual

If your machine is running slow then it’s a clear sign that it’s running low on memory, usually because it's performing multiple background processes.

Sure, it could be that your machine is just old or you have some larger programs working, but it’s always worth double checking that there’s no added programs working in the background to steal your information and eat up that CPU.

It’s really easy to check this. Simply open Task Manager and have a look at your performance and the apps that are currently active.

Is there anything you don’t recognise or seems funky? Well stay calm, we’ll show you how to remove it in a second.

Unexpected Crashing

Is your machine suddenly crashing out of nowhere and all you see is the Blue Screen of Death, and then have to restart?

Sure this can be caused by multiple issues, however malware exploits can also cause these as well.

Again, we’ll walk through how to remove anything that might be doing this in a second.

Files or folders being created/deleted

Have you ever had that experience where you just can’t find a document or file? Sure, maybe you dragged it into another folder by accident, but it could also have been a hacker up to no good.

Why?

Sometimes the attacker will go through your files once they gain access to your machine so that they can either steal, edit, or infect them. This can result in some of your files and folders being moved, deleted or new ones being created.

Assuming you’re not the one doing these changes and misplacing files, and that you’re not running any software that would initiate these file movements, then this can point to your device being controlled through malware.

Those sneaky file thieves…

Flashing command prompts

The first 3 indicators so far can all be caused by hardware issues or new software, but this indicator almost always means that you have malware present.

Here’s how it works. Sometimes a malicious program will open a command prompt window for a split second (or even multiple command prompt windows), right after the machine has been started and booted into the Desktop.

Sidenote: The command prompt window is just a terminal window where you can input system commands and looks like this:

We’ll be using it in a second, so don’t freak out when you load it up.

It’s not an issue if you see this when you’ve opened the app by pressing Windows + R, and then typing CMD.

However, it is an issue if it suddenly appears and disappears on its own, without you asking it to load.

This can indicate a program is being started in the background which is then hiding its window ASAP so you don't notice.

So those are the 3 main but subtle indicators that you may have been hacked, but of course, there are also some less subtle ones…

The obvious hack: Ransomware

Sometimes hackers will restrict login access to your machine, or add an overlay message ransoming your files.

If you have this then you’ve 100% been hacked and that sucks.

A final note on user safety

Even though there are many different types of malicious programs, the majority of them find their way onto your machine in 3 ways:

1. Most of them get delivered via email or downloaded by clicking on something on either an untrusted source or legit website that’s been hacked
2. Another possibility is that you downloaded some software from an untrusted source and infected your machine that way. These are the cases in 95% of malware delivery methods
3. Other times they will upload to files on your USB and then infect your other machines when inserted

Being cautious about what you click on, open, or insert into your machine will help you out no end.

For example:

Remember that space station hack from the introduction?

You would think it was some foreign government trying to gain access, but the reality was that one of the astronauts was playing World of Warcraft and had acquired a trojan keylogger somehow, maybe from a website or link.

This trojan was designed to track the password the player used when logging in, but it was persistent. Rather than just stay on their PC, it also transferred onto their USB drive, which was then taken to space and used on the space station, and voila…it now had a malware attack.

Crazy right!?

Anyways, enough about space stations. Hopefully, your computer is clean and there’s no obvious ransomware stealing your files but just in case, let’s walk you through how to check and remove any issues.

Step #2️. Finding malware and removing it

Once the malware infects a machine, it usually does the following things:

• It will initiate a connection to the command and control center
• It will copy itself into a different directory under a non-suspicious name
• It will create a registry entry in order to run itself every time the machine is restarted
• It will try to escalate privileges and disable any security software that you are running

This means it can dig into a few locations, so how do we approach finding it?

Well here are a few simple things we can do:

Run an antivirus scan

Ideally you should have some sort of anti-virus running all the time so that it can stop any attacks as they happen, and Windows 11 actually comes with one built-in called Windows Defender.

How to set up Windows Defender correctly

Once you open Windows Defender this ‘real-time protection’ option should be on for you already, but if not, set it to the on option.

For enhanced security you want to turn on some other features, such as:

• Cloud-delivered protection
• Automatic sample submission, and
• Tamper protection

Simply head across to virus and account protection, and then click on manage settings.

Then make sure they are all set to 'on'.

Running the scan

Let’s say that this virus somehow got past your real-time protection, or, you just want to double-check that everything is ok and run a scan for some peace of mind.

While still in Windows Defender, click on the ‘Virus and threat protection’ option in the sidebar, and then click on ‘scan options’.

There are a few different scan options, with the default one being set as ‘Quick Scan’, which is used for regular checks.

However, we recommend you run the ‘full-scan’ option to fully check your machine, just to be safe.

This scan will take anywhere between 30 mins to a few hours to finish, depending on the amount of files and folders it has to go through as it will be a complete scan of your entire system.

Then, if there is any malicious program that is known to the antivirus it will be flagged and removed from your system.

The key word here being ‘known’, so make sure you keep updating your antivirus program so it’s up to date with the latest threats.

If your scan returns no threats that is a good sign, however it doesn’t always mean that you are not infected, it just means that Windows Defender didn’t manage to detect anything!

Important: Hackers are smart, and a lot of malicious programs are coded in a way that they do not get detected by antivirus software.

This is why we recommend that you check for suspicious files manually.

Manually check for suspicious connections

As we mentioned before, a large majority of malicious programs will try to initiate some type of connection to your command and control centre.

This can be for the attacker to control your machine by running various commands that the malicious program will then process and either send back the results. Or it can be to periodically receive commands and updates.

Not great right, so let’s try and find them.

Using the command prompt window, we can look at all of our currently active connections on our windows device, and see if anything doesn’t seem quite right.

Note: I recommend that you close all unneeded applications and browsers before running this check, so that you don’t have to go over lots of IPs in the results.

All you have to do is open up the command window by pressing the Windows key + R, and then typing CMD.

Then once that window is open, go ahead and type netstat -ant into the command window, and hit enter:

This will give you a list of all currently active connections, along with the IP address that we are connecting/communicating with.

(Again, if you have a huge list here, close all unnecessary applications and then re-run this to clear up the list.)

So let’s break down what all this means:

• Local address is your IP
• Foreign Address is the IP that you are connecting with, and
• State is the current state of your connection

We’re mostly interested in the “ESTABLISHED” connections as they are the ones that are currently active, but we should also check connections that have any other state as well.

You can also run another command to check the Process ID of the connection, by typing netstat -aon.

This brings up a new column “PID”, which refers to the Process ID that initiated connection.

You can take this even further.

Let’s say that you see a connection to an IP address that might seem suspicious, and you want to find out the name of that process ID. Well, then you can run this command, tasklist|findstr “pid”, and enter the PID number.

If you don’t recognise the process as a current application/software that you’re running, you might want to close that connection and then inspect that process further.

Note: I know this is a little complex to cover in an article on its own, so I cover this and more in my complete Cyber Security Bootcamp.

Not only can you make your machine more secure, but you can gain the skills to get hired into an incredibly well paying and booming industry.

Enough about that though, let’s look at some other manual inspection methods.

Check Suspicious Registry Entries

Remember that flashing CMD window we talked about earlier?

In many cases, malware will interact with your Windows registry, usually to try and establish a ‘persistence’.

Simply put, they try to add a registry entry as a “Run” key which will allow the malware to start every time the machine gets restarted.

Note: These are not the only entries that can be made in the registry however they are the most common one in a malware that wants to create a persistence.

You can check which entries you have by navigating to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Here you can see your computer's current Run Registry entries.

If you notice a software or application that you do not recognise, it is worth investigating further to figure out what it is and why it is there.

Important: You don’t really want to mess around with or alter your registry as this can cause major issues, so be sure to only delete the entries where you are absolutely sure what they are.

Once you check the Current_User Entries you also want to check the entries for the HKEY_LOCAL_MACHINE with the same path to the run keys.

Step #3️. Hardening/improving Windows security

So far we’ve looked at potential warning signs and how to find and remove potential malware, but now let’s look at some best practices to further improve our security so that it doesn’t happen again.

Be careful what you click on

First off, remember to practice good online safety habits:

• Be careful what you click on, and look at the link that shows up when you mouse over anything
• Be cautious of fake ‘X’ images to close popups
• If a website, page or email is full of typos or seems weird, it’s probably a scam so don’t click anything
• And if an alert goes off when you click on or trey to visit a site, then it means that the site has probably been hacked, so don’t follow through, and close the page

Only run trusted software

Likewise, be sure to only install software from trusted locations. If you want to update your software, then get it from the legit site etc.

It’s not worth saving $30 a month from Adobe by using an illegal downloaded version instead if your bank account ends up getting hacked and even worse, you get fined!

Have a good antivirus

Windows 11 comes with Windows Defender built in, but it’s not the only option.

You could also try:

• Bitdefender
• Malwarebytes
• McAfeeESET
• NOD32 Antivirus

These are just some of the known Antivirus vendors out there.

You can go with any one of your choice, but do keep an eye on the Privacy Policy and Terms & Conditions, as some of them might be tracking your actions.

Use your Windows Firewall

Make sure that you have your Windows Firewall turned on and configured so that it properly filters both inbound and outbound traffic.

It's easy to set up. Simply open your search bar and typing “Windows Defender Firewall”, and then click on the result.

The window opened should look like this:

You want to make sure that it is on by going on the 'Turn Windows Defender Firewall on or off' on the left side menu. However, it will require Administrator privileges to change this setting.

Once it is on, if you want to change your firewall rules, you can click on the 'Advanced Settings' button and there you can see the current Outbound and Inbound rules. New rules can be then be created by clicking on the 'New Rule' button on the right side.

Use a secure browser

If you’re going online with your PC, it’s important to use a secure browser that can help stop any attempted hacks or injections.

One of the browsers that you might find useful when it comes to security and privacy is Brave.

Brave offers much more settings that will increase your protection compared to other known browsers out there.

Stay updated

Staying updated with your software and operating system is probably one the most important things that you need to do, to limit new threats.

You wouldn't believe the amount of exploits that get through due to an issue, but people fail to update and remove the opportunity and then get hacked.

Update early and often. No joke, you want to keep all of them updated since many new vulnerabilities are discovered every week.

Likewise, stay up to date with any software for wi-fi enabled devices in your home that are connected via the same network.

Congratulations! Your Windows device is now far more secure

So there you have it. If you follow these basic steps, your device will now be more secure than 99% of users out there.

If you want to go even further you can look at:

• Custom monitoring tools
• Encrypting your hard disk
• Adding in password managers
• Setting up cloud system and file backups
• Using virtual machines
• Adding in application management and control
• Disabling remote access, and
• Setting up Windows secure boot

If you want to learn how to set up these more advanced methods as well as understand vulnerabilities and system threats on a deeper level, then check out my courses on Cyber Security, Bug Bounties and Penetration Testing, and Ethical Hacking.

You don’t even need any prior programming experience as I teach you everything completely from scratch.

It’s a win:win situation.

Within a few days, you learn to have a more secure machine (and can help your family and friends) and within 6 months you could have a brand new, exciting, high-paying career!