how to know your computer has been attacked
TRANSCRIPT
University of DuhokFaculty Of Science Computer Department
Submitted by: Dler Omer Ahmad Mamand
HOW TO KNOW YOUR COMPUTER
HAS BEEN ATTACKED
Step 1
Msconfig
Step 2
Step 3
start run regedit HKEY_LOCAL_MACHINE Software Microsoft window current Version run
Regedit
1. First make sure that how many users’ accounts are there in your computer
2. Find out if there are any unknown accounts with higher privileges.
3. Someone may create a user account without your knowledge and can use that account to access your system from a remote location.
User Account
4. Go to the control panel5. open the user accounts and check if the
user is turned off and if there is any other account that you did not create.
6. Delete any unknown account except known account
User Account
User Account
User Account
System.ini
Is not Hacked
Is HackedTimer=timer.drv*** *** ***
Net User
Go to the the run Write cmd Write netstate –ano watch state established and pid number Go to the task manager Go to process look the pid number Right click to the pid open file location and
delete this server or vires
Netstat -ano
Process Red color : finish the work Process green color :is hacked and continue Process Yellow color : hacked and changed
port and server
TCP View
TCP View is application :is check computer
TCP View
THANK YOU ANY
QUATION?